Bump v15.0.0-beta.7

This reverts commit bbc4545742.

.circleci/config.yml

@@ -45,7 +45,7 @@ executors:
         type: enum
         enum: ["medium", "xlarge", "2xlarge+"]
     docker:
-      - image: electron.azurecr.io/build:6555a80939fb4c3ddf9343b3f140e573f40de225
+      - image: electron.azurecr.io/build:d818f06a9b1540c7fd38f75ad5a2c493dd6843b6
     resource_class: << parameters.size >>
 
   macos:
@@ -219,6 +219,8 @@ step-maybe-cleanup-arm64-mac: &step-maybe-cleanup-arm64-mac
         killall Safari || echo "No Safari processes left running"
         rm -rf ~/Library/Application\ Support/Electron*
         rm -rf ~/Library/Application\ Support/electron*
+        security delete-generic-password -l "Chromium Safe Storage" || echo "✓ Keychain does not contain password from tests"
+        security delete-generic-password -l "Electron Test Main Safe Storage" || echo "✓ Keychain does not contain password from tests"
       elif [ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]; then
         XVFB=/usr/bin/Xvfb
         /sbin/start-stop-daemon --stop --exec $XVFB || echo "Xvfb not running"
@@ -312,6 +314,7 @@ step-setup-goma-for-build: &step-setup-goma-for-build
       npm install
       mkdir third_party
       node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
+      export GOMA_FALLBACK_ON_AUTH_FAILURE=true
       third_party/goma/goma_ctl.py ensure_start
       echo 'export GN_GOMA_FILE='`node -e "console.log(require('./src/utils/goma.js').gnFilePath)"` >> $BASH_ENV
       echo 'export LOCAL_GOMA_DIR='`node -e "console.log(require('./src/utils/goma.js').dir)"` >> $BASH_ENV
@@ -452,7 +455,6 @@ step-fix-sync-on-mac: &step-fix-sync-on-mac
         # Fix Clang Install (wrong binary)
         rm -rf src/third_party/llvm-build
         python src/tools/clang/scripts/update.py
-        python src/tools/clang/scripts/update.py --package=lld_mac
       fi
 
 step-install-signing-cert-on-mac: &step-install-signing-cert-on-mac

.gitignore

@@ -26,6 +26,7 @@ compile_commands.json
 # npm package
 /npm/dist
 /npm/path.txt
+/npm/checksums.json
 
 .npmrc
 

BUILD.gn

@@ -1006,6 +1006,12 @@ if (is_mac) {
     outputs = [ "{{bundle_resources_dir}}/{{source_file_part}}" ]
   }
 
+  asar_hashed_info_plist("electron_app_plist") {
+    keys = [ "DEFAULT_APP_ASAR_HEADER_SHA" ]
+    hash_targets = [ ":default_app_asar_header_hash" ]
+    plist_file = "shell/browser/resources/mac/Info.plist"
+  }
+
   mac_app_bundle("electron_app") {
     output_name = electron_product_name
     sources = filenames.app_sources
@@ -1013,6 +1019,7 @@ if (is_mac) {
     include_dirs = [ "." ]
     deps = [
       ":electron_app_framework_bundle_data",
+      ":electron_app_plist",
       ":electron_app_resources",
       ":electron_fuses",
       "//base",
@@ -1021,7 +1028,7 @@ if (is_mac) {
     if (is_mas_build) {
       deps += [ ":electron_login_helper_app" ]
     }
-    info_plist = "shell/browser/resources/mac/Info.plist"
+    info_plist_target = ":electron_app_plist"
     extra_substitutions = [
       "ELECTRON_BUNDLE_ID=$electron_mac_bundle_id",
       "ELECTRON_VERSION=$electron_version",
@@ -1131,6 +1138,7 @@ if (is_mac) {
     ]
 
     data = []
+    data_deps = []
 
     data += [ "$root_out_dir/resources.pak" ]
     data += [ "$root_out_dir/chrome_100_percent.pak" ]
@@ -1149,6 +1157,10 @@ if (is_mac) {
       public_deps = [ "//tools/v8_context_snapshot:v8_context_snapshot" ]
     }
 
+    if (is_linux) {
+      data_deps += [ "//components/crash/core/app:chrome_crashpad_handler" ]
+    }
+
     if (is_win) {
       sources += [
         # TODO: we should be generating our .rc files more like how chrome does
@@ -1404,7 +1416,8 @@ dist_zip("hunspell_dictionaries_zip") {
 }
 
 copy("libcxx_headers") {
-  sources = libcxx_headers + libcxx_licenses
+  sources = libcxx_headers + libcxx_licenses +
+            [ "//buildtools/third_party/libc++/__config_site" ]
   outputs = [ "$target_gen_dir/electron_libcxx_include/{{source_root_relative_dir}}/{{source_file_part}}" ]
 }
 

CONTRIBUTING.md

@@ -22,7 +22,7 @@ Issues are created [here](https://github.com/electron/electron/issues/new).
 
 ### Issue Closure
 
-Bug reports will be closed if the issue has been inactive and the latest affected version no longer receives support. At the moment, Electron maintains its three latest major versions, with a new major version being released every 12 weeks. (For more information on Electron's release cadence, see [this blog post](https://electronjs.org/blog/12-week-cadence).)
+Bug reports will be closed if the issue has been inactive and the latest affected version no longer receives support. At the moment, Electron maintains its three latest major versions, with a new major version being released every 8 weeks. (For more information on Electron's release cadence, see [this blog post](https://electronjs.org/blog/8-week-cadence).)
 
 _If an issue has been closed and you still feel it's relevant, feel free to ping a maintainer or add a comment!_
 

DEPS

@@ -10,13 +10,14 @@ gclient_gn_args = [
   'checkout_openxr',
   'checkout_google_benchmark',
   'mac_xcode_version',
+  'generate_location_tags',
 ]
 
 vars = {
   'chromium_version':
-    '93.0.4539.0',
+    '94.0.4606.31',
   'node_version':
-    'v16.2.0',
+    'v16.5.0',
   'nan_version':
     # The following commit hash of NAN is v2.14.2 with *only* changes to the
     # test suite. This should be updated to a specific tag when one becomes
@@ -55,6 +56,8 @@ vars = {
 
   'mac_xcode_version': 'default',
 
+  'generate_location_tags': False,
+
   # To allow running hooks without parsing the DEPS tree
   'process_deps': True,
 

ELECTRON_VERSION

@@ -1 +1 @@
-15.0.0-nightly.20210621
+15.0.0-beta.7

azure-pipelines-woa.yml

@@ -53,6 +53,22 @@ steps:
   env:
     APPVEYOR_TOKEN: $(APPVEYOR_TOKEN)
 
+- powershell: |
+    try {
+      $localArtifactPath = "$pwd\src\pdb.zip"
+      $serverArtifactPath = "$env:APPVEYOR_URL/buildjobs/$env:APPVEYOR_JOB_ID/artifacts/pdb.zip"
+      Invoke-RestMethod -Method Get -Uri $serverArtifactPath -OutFile $localArtifactPath -Headers @{ "Authorization" = "Bearer $env:APPVEYOR_TOKEN" }
+      cd src
+      & "${env:ProgramFiles(x86)}\7-Zip\7z.exe" x -y pdb.zip
+    } catch {
+      Write-Host "There was an exception encountered while downloading pdb files:" $_.Exception.Message
+    } finally {
+      $global:LASTEXITCODE = 0
+    }
+  displayName: 'Download pdb files for detailed stacktraces'
+  env:
+    APPVEYOR_TOKEN: $(APPVEYOR_TOKEN)
+
 - powershell: |
     New-Item src\out\Default\gen\node_headers\Release -Type directory
     Copy-Item -path src\out\Default\electron.lib -destination src\out\Default\gen\node_headers\Release\node.lib
@@ -63,15 +79,30 @@ steps:
     set npm_config_nodedir=%cd%\out\Default\gen\node_headers
     set npm_config_arch=arm64
     cd electron
-    # CalculateNativeWinOcclusion is disabled due to https://bugs.chromium.org/p/chromium/issues/detail?id=1139022
-    node script/yarn test -- --enable-logging --verbose --disable-features=CalculateNativeWinOcclusion
-  displayName: 'Run Electron tests'
+    node script/yarn test --runners=main --runTestFilesSeperately --enable-logging --disable-features=CalculateNativeWinOcclusion
+  displayName: 'Run Electron Main process tests'
+  env:
+    ELECTRON_ENABLE_STACK_DUMPING: true
+    ELECTRON_OUT_DIR: Default
+    IGNORE_YARN_INSTALL_ERROR: 1
+    ELECTRON_TEST_RESULTS_DIR: junit
+    MOCHA_MULTI_REPORTERS: 'mocha-junit-reporter, tap'
+    MOCHA_REPORTER: mocha-multi-reporters
+
+- script: |
+    cd src
+    set npm_config_nodedir=%cd%\out\Default\gen\node_headers
+    set npm_config_arch=arm64
+    cd electron
+    node script/yarn test --runners=remote --enable-logging --disable-features=CalculateNativeWinOcclusion
+  displayName: 'Run Electron Remote based tests'
   env:
     ELECTRON_OUT_DIR: Default
     IGNORE_YARN_INSTALL_ERROR: 1
     ELECTRON_TEST_RESULTS_DIR: junit
     MOCHA_MULTI_REPORTERS: 'mocha-junit-reporter, tap'
     MOCHA_REPORTER: mocha-multi-reporters
+  condition: always()    
 
 - task: PublishTestResults@2
   displayName: 'Publish Test Results'

build/args/all.gn

@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 
 # Registry of NMVs --> https://github.com/nodejs/node/blob/master/doc/abi_version_registry.json
-node_module_version = 89
+node_module_version = 98
 
 v8_promise_internal_field_count = 1
 v8_typed_array_max_size_in_heap = 0

build/asar.gni

@@ -57,4 +57,42 @@ template("asar") {
              rebase_path(outputs[0]),
            ]
   }
+
+  node_action(target_name + "_header_hash") {
+    invoker_out = invoker.outputs
+
+    deps = [ ":" + invoker.target_name ]
+    sources = invoker.outputs
+
+    script = "//electron/script/gn-asar-hash.js"
+    outputs = [ "$target_gen_dir/asar_hashes/$target_name.hash" ]
+
+    args = [
+      rebase_path(invoker_out[0]),
+      rebase_path(outputs[0]),
+    ]
+  }
+}
+
+template("asar_hashed_info_plist") {
+  node_action(target_name) {
+    assert(defined(invoker.plist_file),
+           "Need plist_file to add hashed assets to")
+    assert(defined(invoker.keys), "Need keys to replace with asset hash")
+    assert(defined(invoker.hash_targets), "Need hash_targets to read hash from")
+
+    deps = invoker.hash_targets
+
+    script = "//electron/script/gn-plist-but-with-hashes.js"
+    inputs = [ invoker.plist_file ]
+    outputs = [ "$target_gen_dir/hashed_plists/$target_name.plist" ]
+    hash_files = []
+    foreach(hash_target, invoker.hash_targets) {
+      hash_files += get_target_outputs(hash_target)
+    }
+    args = [
+             rebase_path(invoker.plist_file),
+             rebase_path(outputs[0]),
+           ] + invoker.keys + rebase_path(hash_files)
+  }
 }

build/fuses/fuses.json5

@@ -3,5 +3,9 @@
   "_schema": "0 == off, 1 == on, r == removed fuse",
   "_version": 1,
   "run_as_node": "1",
-  "cookie_encryption": "0"
+  "cookie_encryption": "0",
+  "node_options": "1",
+  "node_cli_inspect": "1",
+  "embedded_asar_integrity_validation": "0",
+  "only_load_app_from_asar": "0"
 }

build/npm-run.py

@@ -16,5 +16,5 @@ try:
     subprocess.check_output(args, stderr=subprocess.STDOUT)
 except subprocess.CalledProcessError as e:
     error_msg = "NPM script '{}' failed with code '{}':\n".format(sys.argv[2], e.returncode)
-    print(error_msg + e.output.decode('ascii'))
+    print(error_msg + e.output.decode('utf8'))
     sys.exit(e.returncode)

build/zip.py

@@ -31,12 +31,6 @@ PATHS_TO_SKIP = [
   # //chrome/browser/resources/ssl/ssl_error_assistant, but we don't need to
   # ship it.
   'pyproto',
-  # On Windows, this binary doesn't exist (the crashpad handler is built-in).
-  # On MacOS, the binary is called 'chrome_crashpad_handler' and is inside the
-  # app bundle.
-  # On Linux, we don't use crashpad, but this binary is still built for some
-  # reason. Exclude it from the zip.
-  './crashpad_handler',
   # Skip because these are outputs that we don't need.
   'resources/inspector',
   'gen/third_party/devtools-frontend/src',

chromium_src/BUILD.gn

@@ -21,6 +21,8 @@ static_library("chrome") {
     "//chrome/browser/devtools/devtools_contents_resizing_strategy.h",
     "//chrome/browser/devtools/devtools_embedder_message_dispatcher.cc",
     "//chrome/browser/devtools/devtools_embedder_message_dispatcher.h",
+    "//chrome/browser/devtools/devtools_eye_dropper.cc",
+    "//chrome/browser/devtools/devtools_eye_dropper.h",
     "//chrome/browser/devtools/devtools_file_system_indexer.cc",
     "//chrome/browser/devtools/devtools_file_system_indexer.h",
     "//chrome/browser/extensions/global_shortcut_listener.cc",
@@ -35,6 +37,8 @@ static_library("chrome") {
     "//chrome/browser/net/proxy_config_monitor.h",
     "//chrome/browser/net/proxy_service_factory.cc",
     "//chrome/browser/net/proxy_service_factory.h",
+    "//chrome/browser/platform_util.cc",
+    "//chrome/browser/platform_util.h",
     "//chrome/browser/predictors/preconnect_manager.cc",
     "//chrome/browser/predictors/preconnect_manager.h",
     "//chrome/browser/predictors/predictors_features.cc",
@@ -45,6 +49,10 @@ static_library("chrome") {
     "//chrome/browser/predictors/resolve_host_client_impl.h",
     "//chrome/browser/ui/views/autofill/autofill_popup_view_utils.cc",
     "//chrome/browser/ui/views/autofill/autofill_popup_view_utils.h",
+    "//chrome/browser/ui/views/eye_dropper/eye_dropper.cc",
+    "//chrome/browser/ui/views/eye_dropper/eye_dropper.h",
+    "//chrome/browser/ui/views/eye_dropper/eye_dropper_view.cc",
+    "//chrome/browser/ui/views/eye_dropper/eye_dropper_view.h",
     "//extensions/browser/app_window/size_constraints.cc",
     "//extensions/browser/app_window/size_constraints.h",
   ]
@@ -56,6 +64,9 @@ static_library("chrome") {
       "//chrome/browser/icon_loader_mac.mm",
       "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.h",
       "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.mm",
+      "//chrome/browser/media/webrtc/window_icon_util_mac.mm",
+      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.h",
+      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.mm",
     ]
   }
 
@@ -64,13 +75,28 @@ static_library("chrome") {
       "//chrome/browser/extensions/global_shortcut_listener_win.cc",
       "//chrome/browser/extensions/global_shortcut_listener_win.h",
       "//chrome/browser/icon_loader_win.cc",
+      "//chrome/browser/media/webrtc/window_icon_util_win.cc",
+      "//chrome/browser/ui/frame/window_frame_util.h",
+      "//chrome/browser/ui/view_ids.h",
       "//chrome/browser/win/chrome_process_finder.cc",
       "//chrome/browser/win/chrome_process_finder.h",
+      "//chrome/browser/win/titlebar_config.h",
       "//chrome/child/v8_crashpad_support_win.cc",
       "//chrome/child/v8_crashpad_support_win.h",
     ]
   }
 
+  if (is_linux) {
+    sources += [ "//chrome/browser/media/webrtc/window_icon_util_linux.cc" ]
+  }
+
+  if (use_aura) {
+    sources += [
+      "//chrome/browser/platform_util_aura.cc",
+      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_aura.cc",
+    ]
+  }
+
   public_deps = [
     "//chrome/browser:dev_ui_browser_resources",
     "//chrome/common",
@@ -88,6 +114,10 @@ static_library("chrome") {
     "//components/optimization_guide/proto:optimization_guide_proto",
   ]
 
+  if (enable_basic_printing && is_win) {
+    deps += [ "//chrome/common:cloud_print_utility_mojom" ]
+  }
+
   if (is_linux) {
     sources += [ "//chrome/browser/icon_loader_auralinux.cc" ]
     if (use_x11 || use_ozone) {
@@ -140,64 +170,6 @@ static_library("chrome") {
     deps += [ "//ui/snapshot" ]
   }
 
-  if (enable_color_chooser) {
-    sources += [
-      "//chrome/browser/devtools/devtools_eye_dropper.cc",
-      "//chrome/browser/devtools/devtools_eye_dropper.h",
-      "//chrome/browser/platform_util.cc",
-      "//chrome/browser/platform_util.h",
-      "//chrome/browser/ui/browser_dialogs.h",
-      "//chrome/browser/ui/color_chooser.h",
-      "//chrome/browser/ui/views/eye_dropper/eye_dropper.cc",
-      "//chrome/browser/ui/views/eye_dropper/eye_dropper.h",
-      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view.cc",
-      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view.h",
-    ]
-
-    if (use_aura) {
-      sources += [
-        "//chrome/browser/platform_util_aura.cc",
-        "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_aura.cc",
-      ]
-
-      if (!is_win) {
-        sources += [
-          "//chrome/browser/ui/views/color_chooser_aura.cc",
-          "//chrome/browser/ui/views/color_chooser_aura.h",
-        ]
-      }
-
-      deps += [ "//components/feature_engagement" ]
-    }
-
-    if (is_mac) {
-      sources += [
-        "//chrome/browser/media/webrtc/window_icon_util_mac.mm",
-        "//chrome/browser/ui/cocoa/color_chooser_mac.h",
-        "//chrome/browser/ui/cocoa/color_chooser_mac.mm",
-        "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.h",
-        "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.mm",
-      ]
-      deps += [
-        "//components/remote_cocoa/app_shim",
-        "//components/remote_cocoa/browser",
-      ]
-    }
-
-    if (is_win) {
-      sources += [
-        "//chrome/browser/media/webrtc/window_icon_util_win.cc",
-        "//chrome/browser/ui/views/color_chooser_dialog.cc",
-        "//chrome/browser/ui/views/color_chooser_dialog.h",
-        "//chrome/browser/ui/views/color_chooser_win.cc",
-      ]
-    }
-
-    if (is_linux) {
-      sources += [ "//chrome/browser/media/webrtc/window_icon_util_linux.cc" ]
-    }
-  }
-
   if (enable_widevine) {
     sources += [
       "//chrome/renderer/media/chrome_key_systems.cc",
@@ -342,17 +314,13 @@ source_set("plugins") {
   sources += [
     "//chrome/renderer/pepper/chrome_renderer_pepper_host_factory.cc",
     "//chrome/renderer/pepper/chrome_renderer_pepper_host_factory.h",
+    "//chrome/renderer/pepper/pepper_flash_font_file_host.cc",
+    "//chrome/renderer/pepper/pepper_flash_font_file_host.h",
     "//chrome/renderer/pepper/pepper_shared_memory_message_filter.cc",
     "//chrome/renderer/pepper/pepper_shared_memory_message_filter.h",
   ]
   if (enable_pdf_viewer) {
-    sources += [
-      "//chrome/renderer/pepper/pepper_flash_font_file_host.cc",
-      "//chrome/renderer/pepper/pepper_flash_font_file_host.h",
-    ]
-    if (enable_pdf_viewer) {
-      deps += [ "//components/pdf/renderer" ]
-    }
+    deps += [ "//components/pdf/renderer" ]
   }
   deps += [
     "//components/strings",

chromium_src/chrome/browser/process_singleton_win.cc

@@ -4,6 +4,7 @@
 
 #include "chrome/browser/process_singleton.h"
 
+#include <windows.h>
 #include <shellapi.h>
 
 #include "base/base_paths.h"

docs/api/app.md

@@ -161,6 +161,8 @@ Returns:
   [`NSUserActivity.activityType`][activity-type].
 * `userInfo` unknown - Contains app-specific state stored by the activity on
   another device.
+* `details` Object
+  * `webpageURL` String (optional) - A string identifying the URL of the webpage accessed by the activity on another device, if available.
 
 Emitted during [Handoff][handoff] when an activity from a different device wants
 to be resumed. You should call `event.preventDefault()` if you want to handle
@@ -1059,6 +1061,61 @@ Imports the certificate in pkcs12 format into the platform certificate store.
 `callback` is called with the `result` of import operation, a value of `0`
 indicates success while any other value indicates failure according to Chromium [net_error_list](https://source.chromium.org/chromium/chromium/src/+/master:net/base/net_error_list.h).
 
+### `app.configureHostResolver(options)`
+
+* `options` Object
+  * `enableBuiltInResolver` Boolean (optional) - Whether the built-in host
+    resolver is used in preference to getaddrinfo. When enabled, the built-in
+    resolver will attempt to use the system's DNS settings to do DNS lookups
+    itself. Enabled by default on macOS, disabled by default on Windows and
+    Linux.
+  * `secureDnsMode` String (optional) - Can be "off", "automatic" or "secure".
+    Configures the DNS-over-HTTP mode. When "off", no DoH lookups will be
+    performed. When "automatic", DoH lookups will be peformed first if DoH is
+    available, and insecure DNS lookups will be performed as a fallback. When
+    "secure", only DoH lookups will be performed. Defaults to "automatic".
+  * `secureDnsServers` String[] (optional) - A list of DNS-over-HTTP
+    server templates. See [RFC8484 § 3][] for details on the template format.
+    Most servers support the POST method; the template for such servers is
+    simply a URI. Note that for [some DNS providers][doh-providers], the
+    resolver will automatically upgrade to DoH unless DoH is explicitly
+    disabled, even if there are no DoH servers provided in this list.
+  * `enableAdditionalDnsQueryTypes` Boolean (optional) - Controls whether additional DNS
+    query types, e.g. HTTPS (DNS type 65) will be allowed besides the
+    traditional A and AAAA queries when a request is being made via insecure
+    DNS. Has no effect on Secure DNS which always allows additional types.
+    Defaults to true.
+
+Configures host resolution (DNS and DNS-over-HTTPS). By default, the following
+resolvers will be used, in order:
+
+1. DNS-over-HTTPS, if the [DNS provider supports it][doh-providers], then
+2. the built-in resolver (enabled on macOS only by default), then
+3. the system's resolver (e.g. `getaddrinfo`).
+
+This can be configured to either restrict usage of non-encrypted DNS
+(`secureDnsMode: "secure"`), or disable DNS-over-HTTPS (`secureDnsMode:
+"off"`). It is also possible to enable or disable the built-in resolver.
+
+To disable insecure DNS, you can specify a `secureDnsMode` of `"secure"`. If you do
+so, you should make sure to provide a list of DNS-over-HTTPS servers to use, in
+case the user's DNS configuration does not include a provider that supports
+DoH.
+
+```js
+app.configureHostResolver({
+  secureDnsMode: 'secure',
+  secureDnsServers: [
+    'https://cloudflare-dns.com/dns-query'
+  ]
+})
+```
+
+This API must be called after the `ready` event is emitted.
+
+[doh-providers]: https://source.chromium.org/chromium/chromium/src/+/main:net/dns/public/doh_provider_entry.cc;l=31?q=%22DohProviderEntry::GetList()%22&ss=chromium%2Fchromium%2Fsrc
+[RFC8484 § 3]: https://datatracker.ietf.org/doc/html/rfc8484#section-3
+
 ### `app.disableHardwareAcceleration()`
 
 Disables hardware acceleration for current app.
@@ -1135,8 +1192,8 @@ badge.
 
 On macOS, it shows on the dock icon. On Linux, it only works for Unity launcher.
 
-**Note:** Unity launcher requires the existence of a `.desktop` file to work,
-for more information please read [Desktop Environment Integration][unity-requirement].
+**Note:** Unity launcher requires a `.desktop` file to work. For more information,
+please read the [Unity integration documentation][unity-requirement].
 
 ### `app.getBadgeCount()` _Linux_ _macOS_
 
@@ -1374,8 +1431,8 @@ An `Integer` property that returns the badge count for current app. Setting the
 
 On macOS, setting this with any nonzero integer shows on the dock icon. On Linux, this property only works for Unity launcher.
 
-**Note:** Unity launcher requires the existence of a `.desktop` file to work,
-for more information please read [Desktop Environment Integration][unity-requirement].
+**Note:** Unity launcher requires a `.desktop` file to work. For more information,
+please read the [Unity integration documentation][unity-requirement].
 
 **Note:** On macOS, you need to ensure that your application has the permission
 to display notifications for this property to take effect.
@@ -1403,7 +1460,7 @@ A `Boolean` property that returns  `true` if the app is packaged, `false` otherw
 [LSCopyDefaultHandlerForURLScheme]: https://developer.apple.com/library/mac/documentation/Carbon/Reference/LaunchServicesReference/#//apple_ref/c/func/LSCopyDefaultHandlerForURLScheme
 [handoff]: https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/Handoff/HandoffFundamentals/HandoffFundamentals.html
 [activity-type]: https://developer.apple.com/library/ios/documentation/Foundation/Reference/NSUserActivity_Class/index.html#//apple_ref/occ/instp/NSUserActivity/activityType
-[unity-requirement]: ../tutorial/desktop-environment-integration.md#unity-launcher
+[unity-requirement]: https://help.ubuntu.com/community/UnityLaunchersAndDesktopFiles#Adding_shortcuts_to_a_launcher
 [mas-builds]: ../tutorial/mac-app-store-submission-guide.md
 [Squirrel-Windows]: https://github.com/Squirrel/Squirrel.Windows
 [JumpListBeginListMSDN]: https://msdn.microsoft.com/en-us/library/windows/desktop/dd378398(v=vs.85).aspx

docs/api/auto-updater.md

@@ -43,7 +43,7 @@ The installer generated with Squirrel will create a shortcut icon with an
 same ID for your app with `app.setAppUserModelId` API, otherwise Windows will
 not be able to pin your app properly in task bar.
 
-Unlike Squirrel.Mac, Windows can host updates on S3 or any other static file host.
+Like Squirrel.Mac, Windows can host updates on S3 or any other static file host.
 You can read the documents of [Squirrel.Windows][squirrel-windows] to get more details
 about how Squirrel.Windows works.
 

docs/api/browser-window.md

@@ -22,12 +22,13 @@ win.loadFile('index.html')
 To create a window without chrome, or a transparent window in arbitrary shape,
 you can use the [Frameless Window](frameless-window.md) API.
 
-## Showing window gracefully
+## Showing the window gracefully
 
-When loading a page in the window directly, users may see the page load incrementally, which is not a good experience for a native app. To make the window display
-without visual flash, there are two solutions for different situations.
+When loading a page in the window directly, users may see the page load incrementally,
+which is not a good experience for a native app. To make the window display
+without a visual flash, there are two solutions for different situations.
 
-## Using `ready-to-show` event
+### Using the `ready-to-show` event
 
 While loading the page, the `ready-to-show` event will be emitted when the renderer
 process has rendered the page for the first time if the window has not been shown yet. Showing
@@ -48,7 +49,7 @@ event.
 Please note that using this event implies that the renderer will be considered "visible" and
 paint even though `show` is false.  This event will never fire if you use `paintWhenInitiallyHidden: false`
 
-## Setting `backgroundColor`
+### Setting the `backgroundColor` property
 
 For a complex app, the `ready-to-show` event could be emitted too late, making
 the app feel slow. In this case, it is recommended to show the window
@@ -187,9 +188,9 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
   * `parent` BrowserWindow (optional) - Specify parent window. Default is `null`.
   * `modal` Boolean (optional) - Whether this is a modal window. This only works when the
     window is a child window. Default is `false`.
-  * `acceptFirstMouse` Boolean (optional) - Whether the web view accepts a single
-    mouse-down event that simultaneously activates the window. Default is
-    `false`.
+  * `acceptFirstMouse` Boolean (optional) - Whether clicking an inactive window will also
+  click through to the web contents. Default is `false` on macOS. This option is not
+  configurable on other platforms.
   * `disableAutoHideCursor` Boolean (optional) - Whether to hide cursor when typing.
     Default is `false`.
   * `autoHideMenuBar` Boolean (optional) - Auto hide the menu bar unless the `Alt`
@@ -213,16 +214,13 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
     * `followWindow` - The backdrop should automatically appear active when the window is active, and inactive when it is not. This is the default.
     * `active` - The backdrop should always appear active.
     * `inactive` - The backdrop should always appear inactive.
-  * `titleBarStyle` String (optional) - The style of window title bar.
+  * `titleBarStyle` String (optional) _macOS_ _Windows_ - The style of window title bar.
     Default is `default`. Possible values are:
-    * `default` - Results in the standard gray opaque Mac title
-      bar.
-    * `hidden` - Results in a hidden title bar and a full size content window, yet
-      the title bar still has the standard window controls ("traffic lights") in
-      the top left.
-    * `hiddenInset` - Results in a hidden title bar with an alternative look
+    * `default` - Results in the standard title bar for macOS or Windows respectively.
+    * `hidden` - Results in a hidden title bar and a full size content window. On macOS, the window still has the standard window controls (“traffic lights”) in the top left. On Windows, when combined with `titleBarOverlay: true` it will activate the Window Controls Overlay (see `titleBarOverlay` for more information), otherwise no window controls will be shown.
+    * `hiddenInset` - Only on macOS, results in a hidden title bar with an alternative look
       where the traffic light buttons are slightly more inset from the window edge.
-    * `customButtonsOnHover` - Results in a hidden title bar and a full size
+    * `customButtonsOnHover` - Only on macOS, results in a hidden title bar and a full size
       content window, the traffic light buttons will display when being hovered
       over in the top left of the window.  **Note:** This option is currently
       experimental.
@@ -392,6 +390,9 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
       contain the layout of the document—without requiring scrolling. Enabling
       this will cause the `preferred-size-changed` event to be emitted on the
       `WebContents` when the preferred size changes. Default is `false`.
+  * `titleBarOverlay` Object | Boolean (optional) -  When using a frameless window in conjuction with `win.setWindowButtonVisibility(true)` on macOS or using a `titleBarStyle` so that the standard window controls ("traffic lights" on macOS) are visible, this property enables the Window Controls Overlay [JavaScript APIs][overlay-javascript-apis] and [CSS Environment Variables][overlay-css-env-vars]. Specifying `true` will result in an overlay with default system colors. Default is `false`.
+    * `color` String (optional) _Windows_ - The CSS color of the Window Controls Overlay when enabled. Default is the system color.
+    * `symbolColor` String (optional) _Windows_ - The CSS color of the symbols on the Window Controls Overlay when enabled. Default is the system color.
 
 When setting minimum or maximum window size with `minWidth`/`maxWidth`/
 `minHeight`/`maxHeight`, it only constrains the users. It won't prevent you from
@@ -1815,3 +1816,5 @@ removed in future Electron releases.
 [window-levels]: https://developer.apple.com/documentation/appkit/nswindow/level
 [chrome-content-scripts]: https://developer.chrome.com/extensions/content_scripts#execution-environment
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
+[overlay-javascript-apis]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#javascript-apis
+[overlay-css-env-vars]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#css-environment-variables

docs/api/clipboard.md

@@ -199,7 +199,7 @@ const { clipboard } = require('electron')
 
 const hasFormat = clipboard.has('<p>selection</p>')
 console.log(hasFormat)
-// 'true' or 'false
+// 'true' or 'false'
 ```
 
 ### `clipboard.read(format)` _Experimental_
@@ -208,6 +208,10 @@ console.log(hasFormat)
 
 Returns `String` - Reads `format` type from the clipboard.
 
+`format` should contain valid ASCII characters and have `/` separator.
+`a/c`, `a/bc` are valid formats while `/abc`, `abc/`, `a/`, `/a`, `a`
+are not valid.
+
 ### `clipboard.readBuffer(format)` _Experimental_
 
 * `format` String
@@ -218,9 +222,9 @@ Returns `Buffer` - Reads `format` type from the clipboard.
 const { clipboard } = require('electron')
 
 const buffer = Buffer.from('this is binary', 'utf8')
-clipboard.writeBuffer('public.utf8-plain-text', buffer)
+clipboard.writeBuffer('public/utf8-plain-text', buffer)
 
-const ret = clipboard.readBuffer('public.utf8-plain-text')
+const ret = clipboard.readBuffer('public/utf8-plain-text')
 
 console.log(buffer.equals(out))
 // true
@@ -238,7 +242,7 @@ Writes the `buffer` into the clipboard as `format`.
 const { clipboard } = require('electron')
 
 const buffer = Buffer.from('writeBuffer', 'utf8')
-clipboard.writeBuffer('public.utf8-plain-text', buffer)
+clipboard.writeBuffer('public/utf8-plain-text', buffer)
 ```
 
 ### `clipboard.write(data[, type])`

docs/api/context-bridge.md

@@ -41,7 +41,7 @@ When `contextIsolation` is enabled in your `webPreferences` (this is the default
 
 The `contextBridge` module has the following methods:
 
-### `contextBridge.exposeInMainWorld(apiKey, api)` _Experimental_
+### `contextBridge.exposeInMainWorld(apiKey, api)`
 
 * `apiKey` String - The key to inject the API onto `window` with.  The API will be accessible on `window[apiKey]`.
 * `api` any - Your API, more information on what this API can be and how it works is available below.
@@ -50,7 +50,7 @@ The `contextBridge` module has the following methods:
 
 ### API
 
-The `api` provided to [`exposeInMainWorld`](#contextbridgeexposeinmainworldapikey-api-experimental) must be a `Function`, `String`, `Number`, `Array`, `Boolean`, or an object
+The `api` provided to [`exposeInMainWorld`](#contextbridgeexposeinmainworldapikey-api) must be a `Function`, `String`, `Number`, `Array`, `Boolean`, or an object
 whose keys are strings and values are a `Function`, `String`, `Number`, `Array`, `Boolean`, or another nested object that meets the same conditions.
 
 `Function` values are proxied to the other context and all other values are **copied** and **frozen**. Any data / primitives sent in

docs/api/cookies.md

@@ -93,7 +93,7 @@ the response.
   * `domain` String (optional) - The domain of the cookie; this will be normalized with a preceding dot so that it's also valid for subdomains. Empty by default if omitted.
   * `path` String (optional) - The path of the cookie. Empty by default if omitted.
   * `secure` Boolean (optional) - Whether the cookie should be marked as Secure. Defaults to
-    false.
+    false unless [Same Site=None](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure) attribute is used.
   * `httpOnly` Boolean (optional) - Whether the cookie should be marked as HTTP only.
     Defaults to false.
   * `expirationDate` Double (optional) - The expiration date of the cookie as the number of

docs/api/dialog.md

@@ -24,7 +24,7 @@ The `dialog` module has the following methods:
   * `buttonLabel` String (optional) - Custom label for the confirmation button, when
     left empty the default label will be used.
   * `filters` [FileFilter[]](structures/file-filter.md) (optional)
-  * `properties` String[] (optional) - Contains which features the dialog should
+  * `properties` String[] (optional) - Contains which features the dialog should
     use. The following values are supported:
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
@@ -87,7 +87,7 @@ dialog.showOpenDialogSync(mainWindow, {
   * `buttonLabel` String (optional) - Custom label for the confirmation button, when
     left empty the default label will be used.
   * `filters` [FileFilter[]](structures/file-filter.md) (optional)
-  * `properties` String[] (optional) - Contains which features the dialog should
+  * `properties` String[] (optional) - Contains which features the dialog should
     use. The following values are supported:
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
@@ -112,7 +112,7 @@ Returns `Promise<Object>` - Resolve with an object containing the following:
 
 * `canceled` Boolean - whether or not the dialog was canceled.
 * `filePaths` String[] - An array of file paths chosen by the user. If the dialog is cancelled this will be an empty array.
-* `bookmarks` String[] (optional) _macOS_ _mas_ - An array matching the `filePaths` array of base64 encoded strings which contains security scoped bookmark data. `securityScopedBookmarks` must be enabled for this to be populated. (For return values, see [table here](#bookmarks-array).)
+* `bookmarks` String[]&#32;(optional) _macOS_ _mas_ - An array matching the `filePaths` array of base64 encoded strings which contains security scoped bookmark data. `securityScopedBookmarks` must be enabled for this to be populated. (For return values, see [table here](#bookmarks-array).)
 
 The `browserWindow` argument allows the dialog to attach itself to a parent window, making it modal.
 
@@ -165,7 +165,7 @@ dialog.showOpenDialog(mainWindow, {
     displayed in front of the filename text field.
   * `showsTagField` Boolean (optional) _macOS_ - Show the tags input box,
     defaults to `true`.
-  * `properties` String[] (optional)
+  * `properties` String[]&#32;(optional)
     * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
@@ -195,7 +195,7 @@ The `filters` specifies an array of file types that can be displayed, see
   * `nameFieldLabel` String (optional) _macOS_ - Custom label for the text
     displayed in front of the filename text field.
   * `showsTagField` Boolean (optional) _macOS_ - Show the tags input box, defaults to `true`.
-  * `properties` String[] (optional)
+  * `properties` String[]&#32;(optional)
     * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
@@ -227,7 +227,7 @@ expanding and collapsing the dialog.
   `"warning"`. On Windows, `"question"` displays the same icon as `"info"`, unless
   you set an icon using the `"icon"` option. On macOS, both `"warning"` and
   `"error"` display the same warning icon.
-  * `buttons` String[] (optional) - Array of texts for buttons. On Windows, an empty array
+  * `buttons` String[]&#32;(optional) - Array of texts for buttons. On Windows, an empty array
     will result in one button labeled "OK".
   * `defaultId` Integer (optional) - Index of the button in the buttons array which will
     be selected by default when the message box opens.
@@ -269,10 +269,15 @@ If `browserWindow` is not shown dialog will not be attached to it. In such case
   `"warning"`. On Windows, `"question"` displays the same icon as `"info"`, unless
   you set an icon using the `"icon"` option. On macOS, both `"warning"` and
   `"error"` display the same warning icon.
-  * `buttons` String[] (optional) - Array of texts for buttons. On Windows, an empty array
+  * `buttons` String[]&#32;(optional) - Array of texts for buttons. On Windows, an empty array
     will result in one button labeled "OK".
   * `defaultId` Integer (optional) - Index of the button in the buttons array which will
     be selected by default when the message box opens.
+  * `signal` AbortSignal (optional) - Pass an instance of [AbortSignal][] to
+    optionally close the message box, the message box will behave as if it was
+    cancelled by the user. On macOS, `signal` does not work with message boxes
+    that do not have a parent window, since those message boxes run
+    synchronously due to platform limitations.
   * `title` String (optional) - Title of the message box, some platforms will not show it.
   * `detail` String (optional) - Extra information of the message.
   * `checkboxLabel` String (optional) - If provided, the message box will
@@ -360,3 +365,5 @@ window is provided.
 
 You can call `BrowserWindow.getCurrentWindow().setSheetOffset(offset)` to change
 the offset from the window frame where sheets are attached.
+
+[AbortSignal]: https://nodejs.org/api/globals.html#globals_class_abortsignal

docs/api/extensions.md

@@ -78,6 +78,7 @@ The following methods of `chrome.runtime` are supported:
 - `chrome.runtime.getURL`
 - `chrome.runtime.connect`
 - `chrome.runtime.sendMessage`
+- `chrome.runtime.reload`
 
 The following events of `chrome.runtime` are supported:
 

docs/api/frameless-window.md

@@ -18,17 +18,17 @@ const win = new BrowserWindow({ width: 800, height: 600, frame: false })
 win.show()
 ```
 
-### Alternatives on macOS
+### Alternatives
 
-There's an alternative way to specify a chromeless window.
+There's an alternative way to specify a chromeless window on macOS and Windows.
 Instead of setting `frame` to `false` which disables both the titlebar and window controls,
 you may want to have the title bar hidden and your content extend to the full window size,
-yet still preserve the window controls ("traffic lights") for standard window actions.
+yet still preserve the window controls ("traffic lights" on macOS) for standard window actions.
 You can do so by specifying the `titleBarStyle` option:
 
 #### `hidden`
 
-Results in a hidden title bar and a full size content window, yet the title bar still has the standard window controls (“traffic lights”) in the top left.
+Results in a hidden title bar and a full size content window. On macOS, the title bar still has the standard window controls (“traffic lights”) in the top left.
 
 ```javascript
 const { BrowserWindow } = require('electron')
@@ -36,6 +36,8 @@ const win = new BrowserWindow({ titleBarStyle: 'hidden' })
 win.show()
 ```
 
+### Alternatives on macOS
+
 #### `hiddenInset`
 
 Results in a hidden title bar with an alternative look where the traffic light buttons are slightly more inset from the window edge.
@@ -61,6 +63,35 @@ const win = new BrowserWindow({ titleBarStyle: 'customButtonsOnHover', frame: fa
 win.show()
 ```
 
+## Windows Control Overlay
+
+When using a frameless window in conjuction with `win.setWindowButtonVisibility(true)` on macOS, using one of the `titleBarStyle`s as described above so
+that the traffic lights are visible, or using `titleBarStyle: hidden` on Windows, you can access the Window Controls Overlay [JavaScript APIs][overlay-javascript-apis] and
+[CSS Environment Variables][overlay-css-env-vars] by setting the `titleBarOverlay` option to true. Specifying `true` will result in an overlay with default system colors.
+
+On Windows, you can also specify the color of the overlay and its symbols by setting `titleBarOverlay` to an object with the options `color` and `symbolColor`. If an option is not specified, the color will default to its system color for the window control buttons:
+
+```javascript
+const { BrowserWindow } = require('electron')
+const win = new BrowserWindow({
+  titleBarStyle: 'hidden',
+  titleBarOverlay: true
+})
+win.show()
+```
+
+```javascript
+const { BrowserWindow } = require('electron')
+const win = new BrowserWindow({
+  titleBarStyle: 'hidden',
+  titleBarOverlay: {
+    color: '#2f3241',
+    symbolColor: '#74b1be'
+  }
+})
+win.show()
+```
+
 ## Transparent window
 
 By setting the `transparent` option to `true`, you can also make the frameless
@@ -186,3 +217,5 @@ behave correctly on all platforms you should never use a custom context menu on
 draggable areas.
 
 [ignore-mouse-events]: browser-window.md#winsetignoremouseeventsignore-options
+[overlay-javascript-apis]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#javascript-apis
+[overlay-css-env-vars]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#css-environment-variables

docs/api/ipc-main.md

@@ -40,6 +40,8 @@ ipcMain.on('synchronous-message', (event, arg) => {
 
 ```javascript
 // In renderer process (web page).
+// NB. Electron APIs are only accessible from preload, unless contextIsolation is disabled.
+// See https://www.electronjs.org/docs/tutorial/process-model#preload-scripts for more details.
 const { ipcRenderer } = require('electron')
 console.log(ipcRenderer.sendSync('synchronous-message', 'ping')) // prints "pong"
 

docs/api/menu-item.md

@@ -14,7 +14,7 @@ See [`Menu`](menu.md) for examples.
     * `menuItem` MenuItem
     * `browserWindow` [BrowserWindow](browser-window.md) | undefined - This will not be defined if no window is open.
     * `event` [KeyboardEvent](structures/keyboard-event.md)
-  * `role` String (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
+  * `role` String (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
     `click` property will be ignored. See [roles](#roles).
   * `type` String (optional) - Can be `normal`, `separator`, `submenu`, `checkbox` or
     `radio`.
@@ -155,11 +155,17 @@ A `String` indicating the type of the item. Can be `normal`, `separator`, `subme
 
 #### `menuItem.role`
 
-A `String` (optional) indicating the item's role, if set. Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu`
+A `String` (optional) indicating the item's role, if set. Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu`
 
 #### `menuItem.accelerator`
 
-A `Accelerator` (optional) indicating the item's accelerator, if set.
+An `Accelerator` (optional) indicating the item's accelerator, if set.
+
+#### `menuItem.userAccelerator` _Readonly_ _macOS_
+
+An `Accelerator | null` indicating the item's [user-assigned accelerator](https://developer.apple.com/documentation/appkit/nsmenuitem/1514850-userkeyequivalent?language=objc) for the menu item.
+
+**Note:** This property is only initialized after the `MenuItem` has been added to a `Menu`. Either via `Menu.buildFromTemplate` or via `Menu.append()/insert()`.  Accessing before initialization will just return `null`.
 
 #### `menuItem.icon`
 

docs/api/menu.md

@@ -162,7 +162,7 @@ const template = [
       { role: 'services' },
       { type: 'separator' },
       { role: 'hide' },
-      { role: 'hideothers' },
+      { role: 'hideOthers' },
       { role: 'unhide' },
       { type: 'separator' },
       { role: 'quit' }

docs/api/safe-storage.md

@@ -0,0 +1,40 @@
+# safeStorage
+
+> Allows access to simple encryption and decryption of strings for storage on the local machine.
+
+Process: [Main](../glossary.md#main-process)
+
+This module protects data stored on disk from being accessed by other applications or users with full disk access.
+
+Note that on Mac, access to the system Keychain is required and
+these calls can block the current thread to collect user input.
+The same is true for Linux, if a password management tool is available.
+
+## Methods
+
+The `safeStorage` module has the following methods:
+
+### `safeStorage.isEncryptionAvailable()`
+
+Returns `Boolean` - Whether encryption is available.
+
+On Linux, returns true if the secret key is
+available. On MacOS, returns true if Keychain is available.
+On Windows, returns true with no other preconditions.
+
+### `safeStorage.encryptString(plainText)`
+
+* `plainText` String
+
+Returns `Buffer` -  An array of bytes representing the encrypted string.
+
+This function will throw an error if encryption fails.
+
+### `safeStorage.decryptString(encrypted)`
+
+* `encrypted` Buffer
+
+Returns `String` - the decrypted string. Decrypts the encrypted buffer
+obtained  with `safeStorage.encryptString` back into a string.
+
+This function will throw an error if decryption fails.

docs/api/session.md

@@ -86,8 +86,8 @@ available from next tick of the process.
 const { session } = require('electron')
 session.defaultSession.on('will-download', (event, item, webContents) => {
   event.preventDefault()
-  require('request')(item.getURL(), (data) => {
-    require('fs').writeFileSync('/somewhere', data)
+  require('got')(item.getURL()).then((response) => {
+    require('fs').writeFileSync('/somewhere', response.body)
   })
 })
 ```
@@ -180,7 +180,7 @@ Emitted when a hunspell dictionary file download fails.  For details
 on the failure you should collect a netlog and inspect the download
 request.
 
-#### Event: 'select-serial-port' _Experimental_
+#### Event: 'select-serial-port'
 
 Returns:
 
@@ -197,14 +197,10 @@ cancel the request.  Additionally, permissioning on `navigator.serial` can
 be managed by using [ses.setPermissionCheckHandler(handler)](#sessetpermissioncheckhandlerhandler)
 with the `serial` permission.
 
-Because this is an experimental feature it is disabled by default.  To enable this feature, you
-will need to use the `--enable-features=ElectronSerialChooser` command line switch.
-
 ```javascript
 const { app, BrowserWindow } = require('electron')
 
 let win = null
-app.commandLine.appendSwitch('enable-features', 'ElectronSerialChooser')
 
 app.whenReady().then(() => {
   win = new BrowserWindow({
@@ -225,7 +221,7 @@ app.whenReady().then(() => {
 })
 ```
 
-#### Event: 'serial-port-added' _Experimental_
+#### Event: 'serial-port-added'
 
 Returns:
 
@@ -235,7 +231,7 @@ Returns:
 
 Emitted after `navigator.serial.requestPort` has been called and `select-serial-port` has fired if a new serial port becomes available.  For example, this event will fire when a new USB device is plugged in.
 
-#### Event: 'serial-port-removed' _Experimental_
+#### Event: 'serial-port-removed'
 
 Returns:
 
@@ -527,7 +523,7 @@ session.fromPartition('some-partition').setPermissionRequestHandler((webContents
 #### `ses.setPermissionCheckHandler(handler)`
 
 * `handler` Function\<Boolean> | null
-  * `webContents` ([WebContents](web-contents.md) | null) - WebContents checking the permission.  Please note that if the request comes from a subframe you should use `requestingUrl` to check the request origin.  Cross origin sub frames making permission checks will pass a `null` webContents to this handler.  You should use `embeddingOrigin` and `requestingOrigin` to determine what origin the owning frame and the requesting frame are on respectively.
+  * `webContents` ([WebContents](web-contents.md) | null) - WebContents checking the permission.  Please note that if the request comes from a subframe you should use `requestingUrl` to check the request origin.  All cross origin sub frames making permission checks will pass a `null` webContents to this handler, while certain other permission checks such as `notifications` checks will always pass `null`.  You should use `embeddingOrigin` and `requestingOrigin` to determine what origin the owning frame and the requesting frame are on respectively.
   * `permission` String - Type of permission check.  Valid values are `midiSysex`, `notifications`, `geolocation`, `media`,`mediaKeySystem`,`midi`, `pointerLock`, `fullscreen`, `openExternal`, or `serial`.
   * `requestingOrigin` String - The origin URL of the permission check
   * `details` Object - Some properties are only available on certain permission types.

docs/api/structures/web-request-filter.md

@@ -0,0 +1,3 @@
+# WebRequestFilter Object
+
+* `urls` String[] - Array of URL patterns that will be used to filter out the requests that do not match the URL patterns.

docs/api/touch-bar-scrubber.md

@@ -15,7 +15,7 @@ _This class is not exported from the `'electron'` module. It is only available a
     * `highlightedIndex` Integer - The index of the item the user touched.
   * `selectedStyle` String (optional) - Selected item style. Can be `background`, `outline` or `none`. Defaults to `none`.
   * `overlayStyle` String (optional) - Selected overlay item style. Can be `background`, `outline` or `none`. Defaults to `none`.
-  * `showArrowButtons` Boolean (optional) - Defaults to `false`.
+  * `showArrowButtons` Boolean (optional) - Whether to show arrow buttons. Defaults to `false` and is only shown if `items` is non-empty.
   * `mode` String (optional) - Can be `fixed` or `free`. The default is `free`.
   * `continuous` Boolean (optional) - Defaults to `true`.
 

docs/api/web-contents.md

@@ -45,6 +45,26 @@ returns `null`.
 Returns `WebContents` | undefined - A WebContents instance with the given ID, or
 `undefined` if there is no WebContents associated with the given ID.
 
+### `webContents.fromDevToolsTargetId(targetId)`
+
+* `targetId` String - The Chrome DevTools Protocol [TargetID](https://chromedevtools.github.io/devtools-protocol/tot/Target/#type-TargetID) associated with the WebContents instance.
+
+Returns `WebContents` | undefined - A WebContents instance with the given TargetID, or
+`undefined` if there is no WebContents associated with the given TargetID.
+
+When communicating with the [Chrome DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/),
+it can be useful to lookup a WebContents instance based on its assigned TargetID.
+
+```js
+async function lookupTargetId (browserWindow) {
+  const wc = browserWindow.webContents
+  await wc.debugger.attach('1.3')
+  const { targetInfo } = await wc.debugger.sendCommand('Target.getTargetInfo')
+  const { targetId } = targetInfo
+  const targetWebContents = await webContents.fromDevToolsTargetId(targetId)
+}
+```
+
 ## Class: WebContents
 
 > Render and control the contents of a BrowserWindow instance.
@@ -114,7 +134,7 @@ Returns:
 
 * `event` Event
 
-Emitted when the document in the given frame is loaded.
+Emitted when the document in the top-level frame is loaded.
 
 #### Event: 'page-title-updated'
 
@@ -449,6 +469,8 @@ Returns:
   * `control` Boolean - Equivalent to [KeyboardEvent.controlKey][keyboardevent].
   * `alt` Boolean - Equivalent to [KeyboardEvent.altKey][keyboardevent].
   * `meta` Boolean - Equivalent to [KeyboardEvent.metaKey][keyboardevent].
+  * `location` Number - Equivalent to [KeyboardEvent.location][keyboardevent].
+  * `modifiers` String[] - See [InputEvent.modifiers](structures/input-event.md).
 
 Emitted before dispatching the `keydown` and `keyup` events in the page.
 Calling `event.preventDefault` will prevent the page `keydown`/`keyup` events
@@ -854,6 +876,16 @@ Emitted when the `WebContents` preferred size has changed.
 This event will only be emitted when `enablePreferredSizeMode` is set to `true`
 in `webPreferences`.
 
+#### Event: 'frame-created'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `frame` WebFrameMain
+
+Emitted when the [mainFrame](web-contents.md#contentsmainframe-readonly), an `<iframe>`, or a nested `<iframe>` is loaded within the page.
+
 ### Instance Methods
 
 #### `contents.loadURL(url[, options])`
@@ -1990,11 +2022,6 @@ when the DevTools has been closed.
 
 A [`Debugger`](debugger.md) instance for this webContents.
 
-[keyboardevent]: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent
-[event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
-[SCA]: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm
-[`postMessage`]: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
-
 #### `contents.backgroundThrottling`
 
 A `Boolean` property that determines whether or not this WebContents will throttle animations and timers
@@ -2003,3 +2030,8 @@ when the page becomes backgrounded. This also affects the Page Visibility API.
 #### `contents.mainFrame` _Readonly_
 
 A [`WebFrameMain`](web-frame-main.md) property that represents the top frame of the page's frame hierarchy.
+
+[keyboardevent]: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent
+[event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
+[SCA]: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm
+[`postMessage`]: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

docs/api/web-frame-main.md

@@ -71,6 +71,12 @@ or `undefined` if there is no WebFrameMain associated with the given IDs.
 Process: [Main](../glossary.md#main-process)<br />
 _This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._
 
+### Instance Events
+
+#### Event: 'dom-ready'
+
+Emitted when the document is loaded.
+
 ### Instance Methods
 
 #### `frame.executeJavaScript(code[, userGesture])`

docs/api/web-request.md

@@ -43,9 +43,7 @@ The following methods are available on instances of `WebRequest`:
 
 #### `webRequest.onBeforeRequest([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -54,7 +52,7 @@ The following methods are available on instances of `WebRequest`:
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `uploadData` [UploadData[]](structures/upload-data.md)
@@ -88,9 +86,7 @@ Some examples of valid `urls`:
 
 #### `webRequest.onBeforeSendHeaders([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -99,7 +95,7 @@ Some examples of valid `urls`:
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `requestHeaders` Record<string, string>
@@ -117,9 +113,7 @@ The `callback` has to be called with a `response` object.
 
 #### `webRequest.onSendHeaders([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -128,7 +122,7 @@ The `callback` has to be called with a `response` object.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `requestHeaders` Record<string, string>
@@ -139,9 +133,7 @@ response are visible by the time this listener is fired.
 
 #### `webRequest.onHeadersReceived([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -150,12 +142,11 @@ response are visible by the time this listener is fired.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `statusLine` String
     * `statusCode` Integer
-    * `requestHeaders` Record<string, string>
     * `responseHeaders` Record<string, string[]> (optional)
   * `callback` Function
     * `headersReceivedResponse` Object
@@ -173,9 +164,7 @@ The `callback` has to be called with a `response` object.
 
 #### `webRequest.onResponseStarted([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -184,7 +173,7 @@ The `callback` has to be called with a `response` object.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `responseHeaders` Record<string, string[]> (optional)
@@ -199,9 +188,7 @@ and response headers are available.
 
 #### `webRequest.onBeforeRedirect([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -210,7 +197,7 @@ and response headers are available.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `redirectURL` String
@@ -226,9 +213,7 @@ redirect is about to occur.
 
 #### `webRequest.onCompleted([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -237,7 +222,7 @@ redirect is about to occur.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `responseHeaders` Record<string, string[]> (optional)
@@ -251,9 +236,7 @@ completed.
 
 #### `webRequest.onErrorOccurred([filter, ]listener)`
 
-* `filter` Object (optional)
-  * `urls` String[] - Array of URL patterns that will be used to filter out the
-        requests that do not match the URL patterns.
+* `filter` [WebRequestFilter](structures/web-request-filter.md) (optional)
 * `listener` Function | null
   * `details` Object
     * `id` Integer
@@ -262,7 +245,7 @@ completed.
     * `webContentsId` Integer (optional)
     * `webContents` WebContents (optional)
     * `frame` WebFrameMain (optional)
-    * `resourceType` String
+    * `resourceType` String - Can be `mainFrame`, `subFrame`, `stylesheet`, `script`, `image`, `font`, `object`, `xhr`, `ping`, `cspReport`, `media`, `webSocket` or `other`.
     * `referrer` String
     * `timestamp` Double
     * `fromCache` Boolean

docs/api/webview-tag.md

@@ -143,12 +143,16 @@ browser plugins. Plugins are disabled by default.
 ### `preload`
 
 ```html
+<!-- from a file -->
 <webview src="https://www.github.com/" preload="./test.js"></webview>
+<!-- or if you want to load from an asar archive -->
+<webview src="https://www.github.com/" preload="./app.asar/test.js"></webview>
 ```
 
 A `String` that specifies a script that will be loaded before other scripts run in the guest
-page. The protocol of script's URL must be either `file:` or `asar:`, because it
-will be loaded by `require` in guest page under the hood.
+page. The protocol of script's URL must be `file:` (even when using `asar:` archives) because
+it will be loaded by Node's `require` under the hood, which treats `asar:` archives as virtual
+directories.
 
 When the guest page doesn't have node integration this script will still have
 access to all Node APIs, but global objects injected by Node will be deleted
@@ -606,6 +610,21 @@ listening to the `channel` event with the [`ipcRenderer`](ipc-renderer.md) modul
 See [webContents.send](web-contents.md#contentssendchannel-args) for
 examples.
 
+### `<webview>.sendToFrame(frameId, channel, ...args)`
+
+* `frameId` [number, number] - `[processId, frameId]`
+* `channel` String
+* `...args` any[]
+
+Returns `Promise<void>`
+
+Send an asynchronous message to renderer process via `channel`, you can also
+send arbitrary arguments. The renderer process can handle the message by
+listening to the `channel` event with the [`ipcRenderer`](ipc-renderer.md) module.
+
+See [webContents.sendToFrame](web-contents.md#contentssendtoframeframeid-channel-args) for
+examples.
+
 ### `<webview>.sendInputEvent(event)`
 
 * `event`  [MouseInputEvent](structures/mouse-input-event.md) | [MouseWheelInputEvent](structures/mouse-wheel-input-event.md) | [KeyboardInputEvent](structures/keyboard-input-event.md)
@@ -710,6 +729,10 @@ Corresponds to the points in time when the spinner of the tab starts spinning.
 
 Corresponds to the points in time when the spinner of the tab stops spinning.
 
+### Event: 'did-attach'
+
+Fired when attached to the embedder web contents.
+
 ### Event: 'dom-ready'
 
 Fired when document in the given frame is loaded.
@@ -830,6 +853,32 @@ this purpose.
 
 Calling `event.preventDefault()` does __NOT__ have any effect.
 
+### Event: 'did-start-navigation'
+
+Returns:
+
+* `url` String
+* `isInPlace` Boolean
+* `isMainFrame` Boolean
+* `frameProcessId` Integer
+* `frameRoutingId` Integer
+
+Emitted when any frame (including main) starts navigating. `isInPlace` will be
+`true` for in-page navigations.
+
+### Event: 'did-redirect-navigation'
+
+Returns:
+
+* `url` String
+* `isInPlace` Boolean
+* `isMainFrame` Boolean
+* `frameProcessId` Integer
+* `frameRoutingId` Integer
+
+Emitted after a server side redirect occurs during navigation. For example a 302
+redirect.
+
 ### Event: 'did-navigate'
 
 Returns:
@@ -842,6 +891,23 @@ This event is not emitted for in-page navigations, such as clicking anchor links
 or updating the `window.location.hash`. Use `did-navigate-in-page` event for
 this purpose.
 
+### Event: 'did-frame-navigate'
+
+Returns:
+
+* `url` String
+* `httpResponseCode` Integer - -1 for non HTTP navigations
+* `httpStatusText` String - empty for non HTTP navigations,
+* `isMainFrame` Boolean
+* `frameProcessId` Integer
+* `frameRoutingId` Integer
+
+Emitted when any frame navigation is done.
+
+This event is not emitted for in-page navigations, such as clicking anchor links
+or updating the `window.location.hash`. Use `did-navigate-in-page` event for
+this purpose.
+
 ### Event: 'did-navigate-in-page'
 
 Returns:
@@ -873,6 +939,7 @@ webview.addEventListener('close', () => {
 
 Returns:
 
+* `frameId` [number, number] - pair of `[processId, frameId]`.
 * `channel` String
 * `args` any[]
 

docs/breaking-changes.md

@@ -14,6 +14,25 @@ This document uses the following convention to categorize breaking changes:
 
 ## Planned Breaking API Changes (14.0)
 
+### Removed: `remote` module
+
+The `remote` module was deprecated in Electron 12, and will be removed in
+Electron 14. It is replaced by the
+[`@electron/remote`](https://github.com/electron/remote) module.
+
+```js
+// Deprecated in Electron 12:
+const { BrowserWindow } = require('electron').remote
+```
+
+```js
+// Replace with:
+const { BrowserWindow } = require('@electron/remote')
+
+// In the main process:
+require('@electron/remote/main').initialize()
+```
+
 ### Removed: `app.allowRendererProcessReuse`
 
 The `app.allowRendererProcessReuse` property will be removed as part of our plan to

docs/fiddles/system/protocol-handler/launch-app-from-URL-in-another-app/index.html

@@ -1,92 +1,81 @@
 <!DOCTYPE html>
 <html>
-  <head>
-    <meta charset="UTF-8">
-    <title>Hello World!</title>
-  </head>
+
+<head>
+  <meta charset="UTF-8">
+  <!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'">
+  <meta http-equiv="X-Content-Security-Policy" content="default-src 'self'; script-src 'self'">
+  <title>app.setAsDefaultProtocol Demo</title>
+</head>
+
 <body>
-  <section>
-    <header>
-        <h1>
-          Protocol Handler
-        </h1>
-        <h3>The <code>app</code> module provides methods for handling protocols.</h3>
-        <p>These methods allow you to set and unset the protocols your app should be the default app for. Similar to when a browser asks to be your default for viewing web pages.</p>
+  <h1>App Default Protocol Demo</h1>
 
-        <p>Open the <a href="https://electronjs.org/docs/api/app">full app API documentation<span class="u-visible-to-screen-reader">(opens in new window)</span></a> in your browser.</p>
-    </header>
+  <p>The protocol API allows us to register a custom protocol and intercept existing protocol requests.</p>
+  <p>These methods allow you to set and unset the protocols your app should be the default app for. Similar to when a
+    browser asks to be your default for viewing web pages.</p>
 
-    <div >
-        <button id="open-in-browser" class="js-container-target demo-toggle-button">Launch current page in browser
-          <div class="demo-meta u-avoid-clicks">Supports: Win, macOS <span class="demo-meta-divider">|</span> Process: Main</div>
-        </button>
-        <section id='open-app-link'>
-          <a href="electron-api-demos://open">Now... launch the app from a web link</a>
-        </section>
-        <div >
-          <p>You can set your app as the default app to open for a specific protocol. For instance, in this demo we set this app as the default for <code>electron-api-demos://</code>. The demo button above will launch a page in your default browser with a link. Click that link and it will re-launch this app.</p>
-          <h5>Packaging</h5>
-          <p>This feature will only work on macOS when your app is packaged. It will not work when you're launching it in development from the command-line. When you package your app you'll need to make sure the macOS <code>plist</code> for the app is updated to include the new protocol handler. If you're using <code>electron-packager</code> then you can add the flag <code>--extend-info</code> with a path to the <code>plist</code> you've created. The one for this app is below.</p>
-          <h5>Renderer Process</h5>
-          <pre><code>
-            const {shell} = require('electron')
-            const path = require('path')
-            const protocolHandlerBtn = document.getElementById('protocol-handler')
-            protocolHandlerBtn.addEventListener('click', () => {
-                const pageDirectory = __dirname.replace('app.asar', 'app.asar.unpacked')
-                const pagePath = path.join('file://', pageDirectory, '../../sections/system/protocol-link.html')
-                shell.openExternal(pagePath)
-            })
-          </code></pre>
-          <h5>Main Process</h5>
-          <pre><code>
-            const {app, dialog} = require('electron')
-            const path = require('path')
+  <p>Open the <a href="https://www.electronjs.org/docs/api/protocol">full protocol API documentation</a> in your
+    browser.</p>
 
-            if (process.defaultApp) {
-                if (process.argv.length >= 2) {
-                    app.setAsDefaultProtocolClient('electron-api-demos', process.execPath, [path.resolve(process.argv[1])])
-                }
-            } else {
-                app.setAsDefaultProtocolClient('electron-api-demos')
-            }
+  -----
 
-            app.on('open-url', (event, url) => {
-                dialog.showErrorBox('Welcome Back', `You arrived from: ${url}`)
-            })
+  <h3>Demo</h3>
+  <p>
+    First: Launch current page in browser
+    <button id="open-in-browser" class="js-container-target demo-toggle-button">
+        Click to Launch Browser
+      </button>
+  </p>
 
-          </code></pre>
-          <h5>macOS plist</h5>
-          <pre><code>
-            <?xml version="1.0" encoding="UTF-8"?>
-                <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-                    <plist version="1.0">
-                        <dict>
-                            <key>CFBundleURLTypes</key>
-                            <array>
-                                <dict>
-                                    <key>CFBundleURLSchemes</key>
-                                    <array>
-                                        <string>electron-api-demos</string>
-                                    </array>
-                                    <key>CFBundleURLName</key>
-                                    <string>Electron API Demos Protocol</string>
-                                </dict>
-                            </array>
-                            <key>ElectronTeamID</key>
-                            <string>VEKTX9H2N7</string>
-                        </dict>
-                    </plist>
-                </code>
-            </pre>
-        </div>
-    </div>
-    <script type="text/javascript">
-        require('./renderer.js')
-    </script>
-</section>
+  <p>
+    Then: Launch the app from a web link!
+    <a href="electron-fiddle://open">Click here to launch the app</a>
+  </p>
+
+  ----
+
+  <p>You can set your app as the default app to open for a specific protocol. For instance, in this demo we set this app
+    as the default for <code>electron-fiddle://</code>. The demo button above will launch a page in your default
+    browser with a link. Click that link and it will re-launch this app.</p>
+
+
+  <h3>Packaging</h3>
+  <p>This feature will only work on macOS when your app is packaged. It will not work when you're launching it in
+    development from the command-line. When you package your app you'll need to make sure the macOS <code>plist</code>
+    for the app is updated to include the new protocol handler. If you're using <code>electron-packager</code> then you
+    can add the flag <code>--extend-info</code> with a path to the <code>plist</code> you've created. The one for this
+    app is below:</p>
+
+  <p>
+  <h5>macOS plist</h5>
+  <pre><code>
+    &lt;?xml version="1.0" encoding="UTF-8"?&gt;
+    &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;
+            &lt;plist version="1.0"&gt;
+                &lt;dict&gt;
+                    &lt;key&gt;CFBundleURLTypes&lt;/key&gt;
+                    &lt;array&gt;
+                        &lt;dict&gt;
+                            &lt;key&gt;CFBundleURLSchemes&lt;/key&gt;
+                            &lt;array&gt;
+                                &lt;string&gt;electron-api-demos&lt;/string&gt;
+                            &lt;/array&gt;
+                            &lt;key&gt;CFBundleURLName&lt;/key&gt;
+                            &lt;string&gt;Electron API Demos Protocol&lt;/string&gt;
+                        &lt;/dict&gt;
+                    &lt;/array&gt;
+                    &lt;key&gt;ElectronTeamID&lt;/key&gt;
+                    &lt;string&gt;VEKTX9H2N7&lt;/string&gt;
+                &lt;/dict&gt;
+            &lt;/plist&gt;
+        </code>
+    </pre>
+  <p>
+
+    <!-- You can also require other files to run in this process -->
+    <script src="./renderer.js"></script>
 </body>
-</html>
 
-  </body>
-</html>
+</html>

docs/fiddles/system/protocol-handler/launch-app-from-URL-in-another-app/main.js

@@ -1,10 +1,39 @@
 // Modules to control application life and create native browser window
-const { app, BrowserWindow, dialog } = require('electron')
+const { app, BrowserWindow, ipcMain, shell } = require('electron')
 const path = require('path')
 
-// Keep a global reference of the window object, if you don't, the window will
-// be closed automatically when the JavaScript object is garbage collected.
-let mainWindow
+let mainWindow;
+
+if (process.defaultApp) {
+  if (process.argv.length >= 2) {
+    app.setAsDefaultProtocolClient('electron-fiddle', process.execPath, [path.resolve(process.argv[1])])
+  }
+} else {
+    app.setAsDefaultProtocolClient('electron-fiddle')
+}
+
+const gotTheLock = app.requestSingleInstanceLock()
+
+if (!gotTheLock) {
+  app.quit()
+} else {
+  app.on('second-instance', (event, commandLine, workingDirectory) => {
+    // Someone tried to run a second instance, we should focus our window.
+    if (mainWindow) {
+      if (mainWindow.isMinimized()) mainWindow.restore()
+      mainWindow.focus()
+    }
+  })
+
+  // Create mainWindow, load the rest of the app, etc...
+  app.whenReady().then(() => {
+    createWindow()
+  })
+  
+  app.on('open-url', (event, url) => {
+    dialog.showErrorBox('Welcome Back', `You arrived from: ${url}`)
+  })
+}
 
 function createWindow () {
   // Create the browser window.
@@ -12,58 +41,23 @@ function createWindow () {
     width: 800,
     height: 600,
     webPreferences: {
-      nodeIntegration: true
+      preload: path.join(__dirname, 'preload.js'),
     }
   })
 
-  // and load the index.html of the app.
   mainWindow.loadFile('index.html')
-
-  // Open the DevTools.
-  mainWindow.webContents.openDevTools()
-
-  // Emitted when the window is closed.
-  mainWindow.on('closed', function () {
-    // Dereference the window object, usually you would store windows
-    // in an array if your app supports multi windows, this is the time
-    // when you should delete the corresponding element.
-    mainWindow = null
-  })
 }
 
-// This method will be called when Electron has finished
-// initialization and is ready to create browser windows.
-// Some APIs can only be used after this event occurs.
-app.whenReady().then(createWindow)
-
-// Quit when all windows are closed.
+// Quit when all windows are closed, except on macOS. There, it's common
+// for applications and their menu bar to stay active until the user quits
+// explicitly with Cmd + Q.
 app.on('window-all-closed', function () {
-  // On macOS it is common for applications and their menu bar
-  // to stay active until the user quits explicitly with Cmd + Q
-  if (process.platform !== 'darwin') {
-    app.quit()
-  }
+  if (process.platform !== 'darwin') app.quit()
 })
 
-app.on('activate', function () {
-  // On macOS it is common to re-create a window in the app when the
-  // dock icon is clicked and there are no other windows open.
-  if (mainWindow === null) {
-    createWindow()
-  }
-})
-
-// In this file you can include the rest of your app's specific main process
-// code. You can also put them in separate files and require them here.
-
-if (process.defaultApp) {
-  if (process.argv.length >= 2) {
-    app.setAsDefaultProtocolClient('electron-api-demos', process.execPath, [path.resolve(process.argv[1])])
-  }
-} else {
-  app.setAsDefaultProtocolClient('electron-api-demos')
-}
-
-app.on('open-url', (event, url) => {
-  dialog.showErrorBox('Welcome Back', `You arrived from: ${url}`)
+// Handle window controls via IPC
+ipcMain.on('shell:open', () => {
+  const pageDirectory = __dirname.replace('app.asar', 'app.asar.unpacked')
+  const pagePath = path.join('file://', pageDirectory, 'index.html')
+  shell.openExternal(pagePath)
 })

docs/fiddles/system/protocol-handler/launch-app-from-URL-in-another-app/preload.js

@@ -0,0 +1,11 @@
+// All of the Node.js APIs are available in the preload process.
+// It has the same sandbox as a Chrome extension.
+const { contextBridge, ipcRenderer } = require('electron')
+
+// Set up context bridge between the renderer process and the main process
+contextBridge.exposeInMainWorld(
+  'shell',
+  {
+    open: () => ipcRenderer.send('shell:open'),
+  }
+)

docs/fiddles/system/protocol-handler/launch-app-from-URL-in-another-app/renderer.js

@@ -1,14 +1,8 @@
-const { shell } = require('electron')
-const path = require('path')
+// This file is required by the index.html file and will
+// be executed in the renderer process for that window.
+// All APIs exposed by the context bridge are available here.
 
-const openInBrowserButton = document.getElementById('open-in-browser')
-const openAppLink = document.getElementById('open-app-link')
-// Hides openAppLink when loaded inside Electron
-openAppLink.style.display = 'none'
-
-openInBrowserButton.addEventListener('click', () => {
-  console.log('clicked')
-  const pageDirectory = __dirname.replace('app.asar', 'app.asar.unpacked')
-  const pagePath = path.join('file://', pageDirectory, 'index.html')
-  shell.openExternal(pagePath)
-})
+// Binds the buttons to the context bridge API.
+document.getElementById('open-in-browser').addEventListener('click', () => {
+  shell.open();
+});

docs/tutorial/code-signing.md

@@ -88,14 +88,15 @@ without meaning any harm:
   <dict>
     <key>com.apple.security.cs.allow-jit</key>
     <true/>
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-    <true/>
     <key>com.apple.security.cs.debugger</key>
     <true/>
   </dict>
 </plist>
 ```
 
+Note that up until Electron 12, the `com.apple.security.cs.allow-unsigned-executable-memory` entitlement was required
+as well. However, it should not be used anymore if it can be avoided.
+
 To see all of this in action, check out Electron Fiddle's source code,
 [especially its `electron-forge` configuration
 file](https://github.com/electron/fiddle/blob/master/forge.config.js).
@@ -133,7 +134,7 @@ are likely using [`electron-packager`], which includes [`electron-osx-sign`] and
 
 If you're using Packager's API, you can pass [in configuration that both signs
 and notarizes your
-application](https://electron.github.io/electron-packager/master/interfaces/electronpackager.options.html).
+application](https://electron.github.io/electron-packager/main/interfaces/electronpackager.options.html).
 
 ```js
 const packager = require('electron-packager')
@@ -165,14 +166,15 @@ without meaning any harm:
   <dict>
     <key>com.apple.security.cs.allow-jit</key>
     <true/>
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-    <true/>
     <key>com.apple.security.cs.debugger</key>
     <true/>
   </dict>
 </plist>
 ```
 
+Up until Electron 12, the `com.apple.security.cs.allow-unsigned-executable-memory` entitlement was required
+as well. However, it should not be used anymore if it can be avoided.
+
 ## Mac App Store
 
 See the [Mac App Store Guide].

docs/tutorial/context-isolation.md

@@ -4,39 +4,38 @@
 
 Context Isolation is a feature that ensures that both your `preload` scripts and Electron's internal logic run in a separate context to the website you load in a [`webContents`](../api/web-contents.md).  This is important for security purposes as it helps prevent the website from accessing Electron internals or the powerful APIs your preload script has access to.
 
-This means that the `window` object that your preload script has access to is actually a **different** object than the website would have access to.  For example, if you set `window.hello = 'wave'` in your preload script and context isolation is enabled `window.hello` will be undefined if the website tries to access it.
+This means that the `window` object that your preload script has access to is actually a **different** object than the website would have access to.  For example, if you set `window.hello = 'wave'` in your preload script and context isolation is enabled, `window.hello` will be undefined if the website tries to access it.
 
-Every single application should have context isolation enabled and from Electron 12 it will be enabled by default.
-
-## How do I enable it?
-
-From Electron 12, it will be enabled by default. For lower versions it is an option in the `webPreferences` option when constructing `new BrowserWindow`'s.
-
-```javascript
-const mainWindow = new BrowserWindow({
-  webPreferences: {
-    contextIsolation: true
-  }
-})
-```
+Context isolation has been enabled by default since Electron 12, and it is a recommended security setting for _all applications_.
 
 ## Migration
 
-> I used to provide APIs from my preload script using `window.X = apiObject` now what?
+> Without context isolation, I used to provide APIs from my preload script using `window.X = apiObject`. Now what?
 
-Exposing APIs from your preload script to the loaded website is a common usecase and there is a dedicated module in Electron to help you do this in a painless way.
+### Before: context isolation disabled
 
-**Before: With context isolation disabled**
+Exposing APIs from your preload script to a loaded website in the renderer process is a common use-case. With context isolation disabled, your preload script would share a common global `window` object with the renderer. You could then attach arbitrary properties to a preload script:
 
-```javascript
+```javascript title='preload.js'
+// preload with contextIsolation disabled
 window.myAPI = {
   doAThing: () => {}
 }
 ```
 
-**After: With context isolation enabled**
+The `doAThing()` function could then be used directly in the renderer process:
 
-```javascript
+```javascript title='renderer.js'
+// use the exposed API in the renderer
+window.myAPI.doAThing()
+```
+
+### After: context isolation enabled
+
+There is a dedicated module in Electron to help you do this in a painless way. The [`contextBridge`](../api/context-bridge.md) module can be used to **safely** expose APIs from your preload script's isolated context to the context the website is running in. The API will also be accessible from the website on `window.myAPI` just like it was before.
+
+```javascript title='preload.js'
+// preload with contextIsolation enabled
 const { contextBridge } = require('electron')
 
 contextBridge.exposeInMainWorld('myAPI', {
@@ -44,26 +43,63 @@ contextBridge.exposeInMainWorld('myAPI', {
 })
 ```
 
-The [`contextBridge`](../api/context-bridge.md) module can be used to **safely** expose APIs from the isolated context your preload script runs in to the context the website is running in. The API will also be accessible from the website on `window.myAPI` just like it was before.
+```javascript title='renderer.js'
+// use the exposed API in the renderer
+window.myAPI.doAThing()
+```
 
-You should read the `contextBridge` documentation linked above to fully understand its limitations.  For instance you can't send custom prototypes or symbols over the bridge.
+Please read the `contextBridge` documentation linked above to fully understand its limitations. For instance, you can't send custom prototypes or symbols over the bridge.
 
-## Security Considerations
+## Security considerations
 
-Just enabling `contextIsolation` and using `contextBridge` does not automatically mean that everything you do is safe.  For instance this code is **unsafe**.
+Just enabling `contextIsolation` and using `contextBridge` does not automatically mean that everything you do is safe. For instance, this code is **unsafe**.
 
-```javascript
+```javascript title='preload.js'
 // ❌ Bad code
 contextBridge.exposeInMainWorld('myAPI', {
   send: ipcRenderer.send
 })
 ```
 
-It directly exposes a powerful API without any kind of argument filtering. This would allow any website to send arbitrary IPC messages which you do not want to be possible. The correct way to expose IPC-based APIs would instead be to provide one method per IPC message.
+It directly exposes a powerful API without any kind of argument filtering. This would allow any website to send arbitrary IPC messages, which you do not want to be possible. The correct way to expose IPC-based APIs would instead be to provide one method per IPC message.
 
-```javascript
+```javascript title='preload.js'
 // ✅ Good code
 contextBridge.exposeInMainWorld('myAPI', {
   loadPreferences: () => ipcRenderer.invoke('load-prefs')
 })
 ```
+
+## Usage with TypeScript
+
+If you're building your Electron app with TypeScript, you'll want to add types to your APIs exposed over the context bridge. The renderer's `window` object won't have the correct typings unless you extend the types with a [declaration file].
+
+For example, given this `preload.ts` script:
+
+```typescript title='preload.ts'
+contextBridge.exposeInMainWorld('electronAPI', {
+  loadPreferences: () => ipcRenderer.invoke('load-prefs')
+})
+```
+
+You can create a `renderer.d.ts` declaration file and globally augment the `Window` interface:
+
+```typescript title='renderer.d.ts'
+export interface IElectronAPI {
+  loadPreferences: () => Promise<void>,
+}
+
+declare global {
+  interface Window {
+    electronAPI: IElectronAPI
+  }
+}
+```
+
+Doing so will ensure that the TypeScript compiler will know about the `electronAPI` property on your global `window` object when writing scripts in your renderer process:
+
+```typescript title='renderer.ts'
+window.electronAPI.loadPreferences()
+```
+
+[declaration file]: https://www.typescriptlang.org/docs/handbook/declaration-files/introduction.html

docs/tutorial/dark-mode.md

@@ -80,9 +80,9 @@ Starting with the `index.html` file:
 </html>
 ```
 
-And the `style.css` file:
+And the `styles.css` file:
 
-```css title='style.css'
+```css title='styles.css'
 @media (prefers-color-scheme: dark) {
   body { background: #333; color: white; }
 }
@@ -200,6 +200,6 @@ Run the example using Electron Fiddle and then click the "Toggle Dark Mode" butt
 [system-wide-dark-mode]: https://developer.apple.com/design/human-interface-guidelines/macos/visual-design/dark-mode/
 [electron-forge]: https://www.electronforge.io/
 [electron-packager]: https://github.com/electron/electron-packager
-[packager-darwindarkmode-api]: https://electron.github.io/electron-packager/master/interfaces/electronpackager.options.html#darwindarkmodesupport
+[packager-darwindarkmode-api]: https://electron.github.io/electron-packager/main/interfaces/electronpackager.options.html#darwindarkmodesupport
 [prefers-color-scheme]: https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
 [event-listeners]: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener

docs/tutorial/desktop-environment-integration.md

@@ -1,35 +0,0 @@
-# Desktop Environment Integration
-
-Different operating systems provide different features for integrating desktop
-applications into their desktop environments. For example, on Windows,
-applications can put shortcuts in the JumpList of task bar, and on Mac,
-applications can put a custom menu in the dock menu.
-
-This guide explains how to integrate your application into those desktop
-environments with Electron APIs.
-
-## Notifications
-
-See the [Notifications documentation](notifications.md).
-
-## Recent Documents
-
-See [Recent Documents documentation](recent-documents.md).
-
-## Progress Bar
-
-See the [Progress Bar documentation](progress-bar.md).
-
-## Unity Launcher
-
-See the [Unity Launcher documentation][unity-launcher].
-
-## Represented File for macOS Window
-
-See the [Represented File documentation](represented-file.md).
-
-## Dragging files out of the window
-
-See the [Native File Drag & Drop documentation](native-file-drag-drop.md).
-
-[unity-launcher]: https://help.ubuntu.com/community/UnityLaunchersAndDesktopFiles#Adding_shortcuts_to_a_launcher

docs/tutorial/electron-timelines.md

@@ -1,23 +1,27 @@
 # Electron Release Timelines
 
+Special notes:
+
 * The `-beta.1` and `stable` dates are our solid release dates.
 * We strive for weekly beta releases, however we often release more betas than scheduled.
 * All dates are our goals but there may be reasons for adjusting the stable deadline, such as security bugs.
 * Take a look at the [5.0.0 Timeline blog post](https://electronjs.org/blog/electron-5-0-timeline) for info about publicizing our release dates.
 * Since Electron 6.0, we've been targeting every other Chromium version and releasing our stable on the same day as Chrome stable. You can reference Chromium's release schedule [here](https://chromiumdash.appspot.com/schedule). See [Electron's new release cadence blog post](https://www.electronjs.org/blog/12-week-cadence) for more details on our release schedule.
+* Electron 15.0 only will include a special Alpha release. Starting in Electron 16.0, we will release on an 8-week cadence. See [Electron's new 8-week cadence blog post](https://www.electronjs.org/blog/8-week-cadence) for more details.
 
-| Version | -beta.1 | Stable | Chrome | Node |
-| ------- | ------- | ------ | ------ | ---- |
-| 2.0.0 | 2018-02-21 | 2018-05-01 | M61 | v8.9 |
-| 3.0.0 | 2018-06-21 | 2018-09-18 | M66 | v10.2 |
-| 4.0.0 | 2018-10-11 | 2018-12-20 | M69 | v10.11 |
-| 5.0.0 | 2019-01-22 | 2019-04-24 | M73 | v12.0 |
-| 6.0.0 | 2019-05-01 | 2019-07-30 | M76 | v12.4 |
-| 7.0.0 | 2019-08-01 | 2019-10-22 | M78 | v12.8 |
-| 8.0.0 | 2019-10-24 | 2020-02-04 | M80 | v12.13 |
-| 9.0.0 | 2020-02-06 | 2020-05-19 | M83 | v12.14 |
-| 10.0.0 | 2020-05-21 | 2020-08-25 | M85 | v12.16 |
-| 11.0.0 | 2020-08-27 | 2020-11-17 | M87 | v12.18 |
-| 12.0.0 | 2020-11-19 | 2021-03-02 | M89 | v14.16 |
-| 13.0.0 | 2021-03-04 | 2021-05-25 | M91 | v14.16 |
-| 14.0.0 | 2021-05-27 | 2021-08-31 | M93 | TBD |
+| Electron | Alpha | Beta | Stable | Chrome | Node |
+| ------- | ----- | ------- | ------ | ------ | ---- |
+| 2.0.0 | -- | 2018-Feb-21 | 2018-May-01 | M61 | v8.9 |
+| 3.0.0 | -- | 2018-Jun-21 | 2018-Sep-18 | M66 | v10.2 |
+| 4.0.0 | -- | 2018-Oct-11 | 2018-Dec-20 | M69 | v10.11 |
+| 5.0.0 | -- | 2019-Jan-22 | 2019-Apr-24 | M73 | v12.0 |
+| 6.0.0 | -- | 2019-May-01 | 2019-Jul-30 | M76 | v12.4 |
+| 7.0.0 | -- | 2019-Aug-01 | 2019-Oct-22 | M78 | v12.8 |
+| 8.0.0 | -- | 2019-Oct-24 | 2020-Feb-04 | M80 | v12.13 |
+| 9.0.0 | -- | 2020-Feb-06 | 2020-May-19 | M83 | v12.14 |
+| 10.0.0 | -- | 2020-May-21 | 2020-Aug-25 | M85 | v12.16 |
+| 11.0.0 | -- | 2020-Aug-27 | 2020-Nov-17 | M87 | v12.18 |
+| 12.0.0 | -- | 2020-Nov-19 | 2021-Mar-02 | M89 | v14.16 |
+| 13.0.0 | -- | 2021-Mar-04 | 2021-May-25 | M91 | v14.16 |
+| 14.0.0 | -- | 2021-May-27 | 2021-Aug-31 | M93 | TBD |
+| 15.0.0 | 2021-Jul-20 | 2021-Sep-01 | 2021-Sep-21 | M94 | TBD |

docs/tutorial/in-app-purchases.md

@@ -1,4 +1,4 @@
-# In-App Purchase (macOS)
+# In-App Purchases (macOS)
 
 ## Preparing
 

docs/tutorial/installation.md

@@ -1,4 +1,4 @@
-# Installation
+# Advanced Installation Instructions
 
 To install prebuilt Electron binaries, use [`npm`][npm].
 The preferred method is to install Electron as a development dependency in your
@@ -90,6 +90,11 @@ ELECTRON_CUSTOM_DIR="{{ version }}"
 The above configuration will download from URLs such as
 `https://npm.taobao.org/mirrors/electron/8.0.0/electron-v8.0.0-linux-x64.zip`.
 
+If your mirror serves artifacts with different checksums to the official
+Electron release you may have to set `ELECTRON_USE_REMOTE_CHECKSUMS=1` to
+force Electron to use the remote `SHASUMS256.txt` file to verify the checksum
+instead of the embedded checksums.
+
 #### Cache
 
 Alternatively, you can override the local cache. `@electron/get` will cache

docs/tutorial/launch-app-from-url-in-another-app.md

@@ -0,0 +1,214 @@
+---
+title: Launching Your Electron App From a URL In Another App
+description: This guide will take you through the process of setting your electron app as the default handler for a specific protocol.
+slug: launch-app-from-url-in-another-app
+hide_title: true
+---
+
+# Launching Your Electron App From A URL In Another App
+
+## Overview
+
+<!-- ✍ Update this section if you want to provide more details -->
+
+This guide will take you through the process of setting your Electron app as the default
+handler for a specific [protocol](https://www.electronjs.org/docs/api/protocol).
+
+By the end of this tutorial, we will have set our app to intercept and handle
+any clicked URLs that start with a specific protocol. In this guide, the protocol
+we will use will be "`electron-fiddle://`".
+
+## Examples
+
+### Main Process (main.js)
+
+First, we will import the required modules from `electron`. These modules help
+control our application lifecycle and create a native browser window.
+
+```javascript
+const { app, BrowserWindow, shell } = require('electron')
+const path = require('path')
+```
+
+Next, we will proceed to register our application to handle all "`electron-fiddle://`" protocols.
+
+```javascript
+if (process.defaultApp) {
+  if (process.argv.length >= 2) {
+    app.setAsDefaultProtocolClient('electron-fiddle', process.execPath, [path.resolve(process.argv[1])])
+  }
+} else {
+  app.setAsDefaultProtocolClient('electron-fiddle')
+}
+```
+
+We will now define the function in charge of creating our browser window and load our application's `index.html` file.
+
+```javascript
+const createWindow = () => {
+  // Create the browser window.
+  mainWindow = new BrowserWindow({
+    width: 800,
+    height: 600,
+    webPreferences: {
+      preload: path.join(__dirname, 'preload.js')
+    }
+  })
+
+  mainWindow.loadFile('index.html')
+}
+```
+
+In this next step, we will create our  `BrowserWindow` and tell our application how to handle an event in which an external protocol is clicked.
+
+This code will be different in Windows compared to MacOS and Linux. This is due to Windows requiring additional code in order to open the contents of the protocol link within the same Electron instance. Read more about this [here](https://www.electronjs.org/docs/api/app#apprequestsingleinstancelock).
+
+#### Windows code:
+
+```javascript
+const gotTheLock = app.requestSingleInstanceLock()
+
+if (!gotTheLock) {
+  app.quit()
+} else {
+  app.on('second-instance', (event, commandLine, workingDirectory) => {
+    // Someone tried to run a second instance, we should focus our window.
+    if (mainWindow) {
+      if (mainWindow.isMinimized()) mainWindow.restore()
+      mainWindow.focus()
+    }
+  })
+
+  // Create mainWindow, load the rest of the app, etc...
+  app.whenReady().then(() => {
+    createWindow()
+  })
+
+  // Handle the protocol. In this case, we choose to show an Error Box.
+  app.on('open-url', (event, url) => {
+    dialog.showErrorBox('Welcome Back', `You arrived from: ${url}`)
+  })
+}
+```
+
+#### MacOS and Linux code:
+
+```javascript
+// This method will be called when Electron has finished
+// initialization and is ready to create browser windows.
+// Some APIs can only be used after this event occurs.
+app.whenReady().then(() => {
+  createWindow()
+})
+
+// Handle the protocol. In this case, we choose to show an Error Box.
+app.on('open-url', (event, url) => {
+  dialog.showErrorBox('Welcome Back', `You arrived from: ${url}`)
+})
+```
+
+Finally, we will add some additional code to handle when someone closes our application.
+
+```javascript
+// Quit when all windows are closed, except on macOS. There, it's common
+// for applications and their menu bar to stay active until the user quits
+// explicitly with Cmd + Q.
+app.on('window-all-closed', () => {
+  if (process.platform !== 'darwin') app.quit()
+})
+```
+
+## Important notes
+
+### Packaging
+
+On macOS and Linux, this feature will only work when your app is packaged. It will not work when
+you're launching it in development from the command-line. When you package your app you'll need to
+make sure the macOS `Info.plist` and the Linux `.desktop` files for the app are updated to include
+the new protocol handler. Some of the Electron tools for bundling and distributing apps handle
+this for you.
+
+#### [Electron Forge](https://electronforge.io)
+
+If you're using Electron Forge, adjust `packagerConfig` for macOS support, and the configuration for
+the appropriate Linux makers for Linux support, in your [Forge
+configuration](https://www.electronforge.io/configuration) _(please note the following example only
+shows the bare minimum needed to add the configuration changes)_:
+
+```json
+{
+  "config": {
+    "forge": {
+      "packagerConfig": {
+        "protocols": [
+          {
+            "name": "Electron Fiddle",
+            "schemes": ["electron-fiddle"]
+          }
+        ]
+      },
+      "makers": [
+        {
+          "name": "@electron-forge/maker-deb",
+          "config": {
+            "mimeType": ["x-scheme-handler/electron-fiddle"]
+          }
+        }
+      ]
+    }
+  }
+}
+```
+
+#### [Electron Packager](https://github.com/electron/electron-packager)
+
+For macOS support:
+
+If you're using Electron Packager's API, adding support for protocol handlers is similar to how
+Electron Forge is handled, except
+`protocols` is part of the Packager options passed to the `packager` function.
+
+```javascript
+const packager = require('electron-packager')
+
+packager({
+  // ...other options...
+  protocols: [
+    {
+      name: 'Electron Fiddle',
+      schemes: ['electron-fiddle']
+    }
+  ]
+
+}).then(paths => console.log(`SUCCESS: Created ${paths.join(', ')}`))
+  .catch(err => console.error(`ERROR: ${err.message}`))
+```
+
+If you're using Electron Packager's CLI, use the `--protocol` and `--protocol-name` flags. For
+example:
+
+```shell
+npx electron-packager . --protocol=electron-fiddle --protocol-name="Electron Fiddle"
+```
+
+## Conclusion
+
+After you start your Electron app, you can enter in a URL in your browser that contains the custom
+protocol, for example `"electron-fiddle://open"` and observe that the application will respond and
+show an error dialog box.
+
+<!--
+    Because Electron examples usually require multiple files (HTML, CSS, JS
+    for the main and renderer process, etc.), we use this custom code block
+    for Fiddle (https://www.electronjs.org/fiddle).
+    Please modify any of the files in the referenced folder to fit your
+    example.
+    The content in this codeblock will not be rendered in the website so you
+    can leave it empty.
+-->
+
+```fiddle docs/fiddles/system/protocol-handler/launch-app-from-URL-in-another-app
+
+```
+
+<!-- ✍ Explanation of the code below -->

docs/tutorial/linux-desktop-actions.md

@@ -1,4 +1,4 @@
-# Custom Linux Desktop Launcher Actions
+# Desktop Launcher Actions (Linux)
 
 ## Overview
 

docs/tutorial/macos-dock.md

@@ -1,4 +1,4 @@
-# Configuring the macOS Dock
+# Dock (macOS)
 
 Electron has APIs to configure the app's icon in the macOS Dock. A macOS-only
 API exists to create a custom dock menu, but Electron also uses the app dock

docs/tutorial/notifications.md

@@ -1,4 +1,4 @@
-# Notifications (Windows, Linux, macOS)
+# Notifications
 
 ## Overview
 
@@ -130,14 +130,6 @@ if you exceed that limit.
 
 [apple-notification-guidelines]: https://developer.apple.com/macos/human-interface-guidelines/system-capabilities/notifications/
 
-#### Advanced Notifications
-
-Later versions of macOS allow for notifications with an input field, allowing the user
-to quickly reply to a notification. In order to send notifications with an input field,
-use the userland module [node-mac-notifier][node-mac-notifier].
-
-[node-mac-notifier]: https://github.com/CharlieHess/node-mac-notifier
-
 #### Do not disturb / Session State
 
 To detect whether or not you're allowed to send a notification, use the userland module

docs/tutorial/process-model.md

@@ -83,7 +83,7 @@ As a practical example, the app shown in the [quick start guide][quick-start-lif
 uses `app` APIs to create a more native application window experience.
 
 ```js title='main.js'
-// quitting the app when no windows are open on macOS
+// quitting the app when no windows are open on non-macOS platforms
 app.on('window-all-closed', function () {
   if (process.platform !== 'darwin') app.quit()
 })
@@ -148,7 +148,9 @@ A preload script can be attached to the main process in the `BrowserWindow` cons
 const { BrowserWindow } = require('electron')
 //...
 const win = new BrowserWindow({
-  preload: 'path/to/preload.js'
+  webPreferences: {
+    preload: 'path/to/preload.js'
+  }
 })
 //...
 ```

docs/tutorial/progress-bar.md

@@ -1,4 +1,4 @@
-# Progress Bar in Taskbar (Windows, macOS, Unity)
+# Taskbar Progress Bar (Windows & macOS)
 
 ## Overview
 

docs/tutorial/quick-start.md

@@ -223,7 +223,7 @@ app.on('window-all-closed', function () {
 
 [node-platform]: https://nodejs.org/api/process.html#process_process_platform
 [window-all-closed]: ../api/app.md#event-window-all-closed
-[window-all-closed]: ../api/app.md#appquit
+[app-quit]: ../api/app.md#appquit
 
 #### Open a window if none are open (macOS)
 

docs/tutorial/represented-file.md

@@ -1,4 +1,4 @@
-# Represented File for macOS BrowserWindows
+# Representing Files in a BrowserWindow (macOS)
 
 ## Overview
 

docs/tutorial/sandbox.md

@@ -79,7 +79,7 @@ or [Parcel][parcel].
 Note that because the environment presented to the `preload` script is substantially
 more privileged than that of a sandboxed renderer, it is still possible to leak
 privileged APIs to untrusted code running in the renderer process unless
-[`contextIsolation`][contextIsolation] is enabled.
+[`contextIsolation`][context-isolation] is enabled.
 
 ## Configuring the sandbox
 

docs/tutorial/security.md

@@ -44,7 +44,7 @@ Chromium shared library and Node.js. Vulnerabilities affecting these components
 may impact the security of your application. By updating Electron to the latest
 version, you ensure that critical vulnerabilities (such as *nodeIntegration bypasses*)
 are already patched and cannot be exploited in your application. For more information,
-see "[Use a current version of Electron](#15-use-a-current-version-of-electron)".
+see "[Use a current version of Electron](#16-use-a-current-version-of-electron)".
 
 * **Evaluate your dependencies.** While NPM provides half a million reusable packages,
 it is your responsibility to choose trusted 3rd-party libraries. If you use outdated
@@ -88,18 +88,19 @@ You should at least follow these steps to improve the security of your applicati
 1. [Only load secure content](#1-only-load-secure-content)
 2. [Disable the Node.js integration in all renderers that display remote content](#2-do-not-enable-nodejs-integration-for-remote-content)
 3. [Enable context isolation in all renderers that display remote content](#3-enable-context-isolation-for-remote-content)
-4. [Use `ses.setPermissionRequestHandler()` in all sessions that load remote content](#4-handle-session-permission-requests-from-remote-content)
-5. [Do not disable `webSecurity`](#5-do-not-disable-websecurity)
-6. [Define a `Content-Security-Policy`](#6-define-a-content-security-policy) and use restrictive rules (i.e. `script-src 'self'`)
-7. [Do not set `allowRunningInsecureContent` to `true`](#7-do-not-set-allowrunninginsecurecontent-to-true)
-8. [Do not enable experimental features](#8-do-not-enable-experimental-features)
-9. [Do not use `enableBlinkFeatures`](#9-do-not-use-enableblinkfeatures)
-10. [`<webview>`: Do not use `allowpopups`](#10-do-not-use-allowpopups)
-11. [`<webview>`: Verify options and params](#11-verify-webview-options-before-creation)
-12. [Disable or limit navigation](#12-disable-or-limit-navigation)
-13. [Disable or limit creation of new windows](#13-disable-or-limit-creation-of-new-windows)
-14. [Do not use `openExternal` with untrusted content](#14-do-not-use-openexternal-with-untrusted-content)
-15. [Use a current version of Electron](#15-use-a-current-version-of-electron)
+4. [Enable sandboxing](#4-enable-sandboxing)
+5. [Use `ses.setPermissionRequestHandler()` in all sessions that load remote content](#5-handle-session-permission-requests-from-remote-content)
+6. [Do not disable `webSecurity`](#6-do-not-disable-websecurity)
+7. [Define a `Content-Security-Policy`](#7-define-a-content-security-policy) and use restrictive rules (i.e. `script-src 'self'`)
+8. [Do not set `allowRunningInsecureContent` to `true`](#8-do-not-set-allowrunninginsecurecontent-to-true)
+9. [Do not enable experimental features](#9-do-not-enable-experimental-features)
+10. [Do not use `enableBlinkFeatures`](#10-do-not-use-enableblinkfeatures)
+11. [`<webview>`: Do not use `allowpopups`](#11-do-not-use-allowpopups)
+12. [`<webview>`: Verify options and params](#12-verify-webview-options-before-creation)
+13. [Disable or limit navigation](#13-disable-or-limit-navigation)
+14. [Disable or limit creation of new windows](#14-disable-or-limit-creation-of-new-windows)
+15. [Do not use `openExternal` with untrusted content](#15-do-not-use-openexternal-with-untrusted-content)
+16. [Use a current version of Electron](#16-use-a-current-version-of-electron)
 
 To automate the detection of misconfigurations and insecure patterns, it is
 possible to use
@@ -239,7 +240,26 @@ and prevent the use of Node primitives `contextIsolation` **must** also be used.
 For more information on what `contextIsolation` is and how to enable it please
 see our dedicated [Context Isolation](context-isolation.md) document.
 
-## 4) Handle Session Permission Requests From Remote Content
+## 4) Enable Sandboxing
+
+[Sandboxing](sandbox.md) is a Chromium feature that uses the operating system to
+significantly limit what renderer processes have access to. You should enable
+the sandbox in all renderers. Loading, reading or processing any untrusted
+content in an unsandboxed process, including the main process, is not advised.
+
+### How?
+
+When creating a window, pass the `sandbox: true` option in `webPreferences`:
+
+```js
+const win = new BrowserWindow({
+  webPreferences: {
+    sandbox: true
+  }
+})
+```
+
+## 5) Handle Session Permission Requests From Remote Content
 
 You may have seen permission requests while using Chrome: They pop up whenever
 the website attempts to use a feature that the user has to manually approve (
@@ -277,7 +297,7 @@ session
   })
 ```
 
-## 5) Do Not Disable WebSecurity
+## 6) Do Not Disable WebSecurity
 
 _Recommendation is Electron's default_
 
@@ -318,7 +338,7 @@ const mainWindow = new BrowserWindow()
 <webview src="page.html"></webview>
 ```
 
-## 6) Define a Content Security Policy
+## 7) Define a Content Security Policy
 
 A Content Security Policy (CSP) is an additional layer of protection against
 cross-site-scripting attacks and data injection attacks. We recommend that they
@@ -374,7 +394,7 @@ on a page directly in the markup using a `<meta>` tag:
 <meta http-equiv="Content-Security-Policy" content="default-src 'none'">
 ```
 
-## 7) Do Not Set `allowRunningInsecureContent` to `true`
+## 8) Do Not Set `allowRunningInsecureContent` to `true`
 
 _Recommendation is Electron's default_
 
@@ -407,7 +427,7 @@ const mainWindow = new BrowserWindow({
 const mainWindow = new BrowserWindow({})
 ```
 
-## 8) Do Not Enable Experimental Features
+## 9) Do Not Enable Experimental Features
 
 _Recommendation is Electron's default_
 
@@ -439,7 +459,7 @@ const mainWindow = new BrowserWindow({
 const mainWindow = new BrowserWindow({})
 ```
 
-## 9) Do Not Use `enableBlinkFeatures`
+## 10) Do Not Use `enableBlinkFeatures`
 
 _Recommendation is Electron's default_
 
@@ -471,7 +491,7 @@ const mainWindow = new BrowserWindow({
 const mainWindow = new BrowserWindow()
 ```
 
-## 10) Do Not Use `allowpopups`
+## 11) Do Not Use `allowpopups`
 
 _Recommendation is Electron's default_
 
@@ -498,7 +518,7 @@ you know it needs that feature.
 <webview src="page.html"></webview>
 ```
 
-## 11) Verify WebView Options Before Creation
+## 12) Verify WebView Options Before Creation
 
 A WebView created in a renderer process that does not have Node.js integration
 enabled will not be able to enable integration itself. However, a WebView will
@@ -545,7 +565,7 @@ app.on('web-contents-created', (event, contents) => {
 Again, this list merely minimizes the risk, it does not remove it. If your goal
 is to display a website, a browser will be a more secure option.
 
-## 12) Disable or limit navigation
+## 13) Disable or limit navigation
 
 If your app has no need to navigate or only needs to navigate to known pages,
 it is a good idea to limit navigation outright to that known scope, disallowing
@@ -589,7 +609,7 @@ app.on('web-contents-created', (event, contents) => {
 })
 ```
 
-## 13) Disable or limit creation of new windows
+## 14) Disable or limit creation of new windows
 
 If you have a known set of windows, it's a good idea to limit the creation of
 additional windows in your app.
@@ -636,7 +656,7 @@ app.on('web-contents-created', (event, contents) => {
 })
 ```
 
-## 14) Do not use `openExternal` with untrusted content
+## 15) Do not use `openExternal` with untrusted content
 
 Shell's [`openExternal`][open-external] allows opening a given protocol URI with
 the desktop's native utilities. On macOS, for instance, this function is similar
@@ -663,7 +683,7 @@ const { shell } = require('electron')
 shell.openExternal('https://example.com/index.html')
 ```
 
-## 15) Use a current version of Electron
+## 16) Use a current version of Electron
 
 You should strive for always using the latest available version of Electron.
 Whenever a new major version is released, you should attempt to update your

docs/tutorial/snapcraft.md

@@ -1,4 +1,4 @@
-# Snapcraft Guide (Ubuntu Software Center & More)
+# Snapcraft Guide (Linux)
 
 This guide provides information on how to package your Electron application
 for any Snapcraft environment, including the Ubuntu Software Center.

docs/tutorial/support.md

@@ -37,6 +37,13 @@ tools and resources.
 
 ## Supported Versions
 
+_**Note:** Beginning in September 2021 with Electron 15, the Electron team
+will temporarily support the latest **four** stable major versions. This
+extended support is intended to help Electron developers transition to
+the [new eight week release cadence](https://electronjs.org/blog/8-week-cadence), and will continue until May 2022, with
+the release of Electron 19. At that time, the Electron team will drop support
+back to the latest three stable major versions._
+
 The latest three *stable* major versions are supported by the Electron team.
 For example, if the latest release is 6.1.x, then the 5.0.x as well
 as the 4.2.x series are supported.  We only support the latest minor release
@@ -63,6 +70,7 @@ until the maintainers feel the maintenance burden is too high to continue doing
 
 ### Currently supported versions
 
+* 14.x.y
 * 13.x.y
 * 12.x.y
 * 11.x.y

docs/tutorial/updates.md

@@ -49,7 +49,7 @@ update server.
 Depending on your needs, you can choose from one of these:
 
 - [Hazel][hazel] – Update server for private or open-source apps which can be
-deployed for free on [Now][now]. It pulls from [GitHub Releases][gh-releases]
+deployed for free on [Vercel][vercel]. It pulls from [GitHub Releases][gh-releases]
 and leverages the power of GitHub's CDN.
 - [Nuts][nuts] – Also uses [GitHub Releases][gh-releases], but caches app
 updates on disk and supports private repositories.
@@ -64,7 +64,7 @@ to minify server cost.
 Once you've deployed your update server, continue with importing the required
 modules in your code. The following code might vary for different server
 software, but it works like described when using
-[Hazel](https://github.com/zeit/hazel).
+[Hazel][hazel].
 
 **Important:** Please ensure that the code below will only be executed in
 your packaged app, and not in development. You can use
@@ -136,8 +136,8 @@ autoUpdater.on('error', message => {
 
 Because the requests made by Auto Update aren't under your direct control, you may find situations that are difficult to handle (such as if the update server is behind authentication). The `url` field does support files, which means that with some effort, you can sidestep the server-communication aspect of the process. [Here's an example of how this could work](https://github.com/electron/electron/issues/5020#issuecomment-477636990).
 
-[now]: https://zeit.co/now
-[hazel]: https://github.com/zeit/hazel
+[vercel]: https://vercel.com
+[hazel]: https://github.com/vercel/hazel
 [nuts]: https://github.com/GitbookIO/nuts
 [gh-releases]: https://help.github.com/articles/creating-releases/
 [electron-release-server]: https://github.com/ArekSredzki/electron-release-server

docs/tutorial/using-native-node-modules.md

@@ -1,4 +1,4 @@
-# Using Native Node Modules
+# Native Node Modules
 
 Native Node.js modules are supported by Electron, but since Electron has a different
 [application binary interface (ABI)][abi] from a given Node.js binary (due to

docs/tutorial/using-pepper-flash-plugin.md

@@ -1,4 +1,4 @@
-# Using Pepper Flash Plugin
+# Pepper Flash Plugin
 
 Electron no longer supports the Pepper Flash plugin, as Chrome has removed support.
 

docs/tutorial/using-selenium-and-webdriver.md

@@ -1,4 +1,4 @@
-# Using Selenium and WebDriver
+# Selenium and WebDriver
 
 From [ChromeDriver - WebDriver for Chrome][chrome-driver]:
 

docs/tutorial/web-embeds.md

@@ -1,4 +1,4 @@
-# Web embeds
+# Web Embeds
 
 ## Overview
 

docs/tutorial/windows-arm.md

@@ -1,4 +1,4 @@
-# Windows 10 on Arm
+# Windows on ARM
 
 If your app runs with Electron 6.0.8 or later, you can now build it for Windows 10 on Arm. This considerably improves performance, but requires recompilation of any native modules used in your app. It may also require small fixups to your build and packaging scripts.
 

docs/tutorial/windows-taskbar.md

@@ -1,4 +1,4 @@
-# Windows Taskbar
+# Taskbar Customization (Windows)
 
 ## Overview
 

electron_strings.grdp

@@ -1,5 +1,19 @@
 <?xml version="1.0" encoding="utf-8"?>
 <grit-part>
+  <!-- Windows Caption Buttons -->
+  <message name="IDS_APP_ACCNAME_CLOSE" desc="The accessible name for the Close button.">
+    Close
+  </message>
+  <message name="IDS_APP_ACCNAME_MINIMIZE" desc="The accessible name for the Minimize button.">
+    Minimize
+  </message>
+  <message name="IDS_APP_ACCNAME_MAXIMIZE" desc="The accessible name for the Maximize button.">
+    Maximize
+  </message>
+  <message name="IDS_APP_ACCNAME_RESTORE" desc="The accessible name for the Restore button.">
+    Restore
+  </message>
+
   <!-- Printing Service -->
   <message name="IDS_UTILITY_PROCESS_PRINTING_SERVICE_NAME" desc="The name of the utility process used for printing conversions.">
     Printing Service

filenames.auto.gni

@@ -42,6 +42,7 @@ auto_filenames = {
     "docs/api/power-save-blocker.md",
     "docs/api/process.md",
     "docs/api/protocol.md",
+    "docs/api/safe-storage.md",
     "docs/api/screen.md",
     "docs/api/service-workers.md",
     "docs/api/session.md",
@@ -128,6 +129,7 @@ auto_filenames = {
     "docs/api/structures/upload-file.md",
     "docs/api/structures/upload-raw-data.md",
     "docs/api/structures/user-default-types.md",
+    "docs/api/structures/web-request-filter.md",
     "docs/api/structures/web-source.md",
   ]
 
@@ -212,6 +214,7 @@ auto_filenames = {
     "lib/browser/api/power-monitor.ts",
     "lib/browser/api/power-save-blocker.ts",
     "lib/browser/api/protocol.ts",
+    "lib/browser/api/safe-storage.ts",
     "lib/browser/api/screen.ts",
     "lib/browser/api/session.ts",
     "lib/browser/api/share-menu.ts",

filenames.gni

@@ -90,6 +90,10 @@ filenames = {
     "shell/browser/ui/views/electron_views_delegate_win.cc",
     "shell/browser/ui/views/win_frame_view.cc",
     "shell/browser/ui/views/win_frame_view.h",
+    "shell/browser/ui/views/win_caption_button.cc",
+    "shell/browser/ui/views/win_caption_button.h",
+    "shell/browser/ui/views/win_caption_button_container.cc",
+    "shell/browser/ui/views/win_caption_button_container.h",
     "shell/browser/ui/win/dialog_thread.cc",
     "shell/browser/ui/win/dialog_thread.h",
     "shell/browser/ui/win/electron_desktop_native_widget_aura.cc",
@@ -180,8 +184,8 @@ filenames = {
     "shell/browser/ui/cocoa/root_view_mac.mm",
     "shell/browser/ui/cocoa/views_delegate_mac.h",
     "shell/browser/ui/cocoa/views_delegate_mac.mm",
-    "shell/browser/ui/cocoa/window_buttons_view.h",
-    "shell/browser/ui/cocoa/window_buttons_view.mm",
+    "shell/browser/ui/cocoa/window_buttons_proxy.h",
+    "shell/browser/ui/cocoa/window_buttons_proxy.mm",
     "shell/browser/ui/drag_util_mac.mm",
     "shell/browser/ui/file_dialog_mac.mm",
     "shell/browser/ui/inspectable_web_contents_view_mac.h",
@@ -191,6 +195,7 @@ filenames = {
     "shell/browser/ui/tray_icon_cocoa.mm",
     "shell/common/api/electron_api_clipboard_mac.mm",
     "shell/common/api/electron_api_native_image_mac.mm",
+    "shell/common/asar/archive_mac.mm",
     "shell/common/application_info_mac.mm",
     "shell/common/language_util_mac.mm",
     "shell/common/mac/main_application_bundle.h",
@@ -288,6 +293,8 @@ filenames = {
     "shell/browser/api/electron_api_printing.cc",
     "shell/browser/api/electron_api_protocol.cc",
     "shell/browser/api/electron_api_protocol.h",
+    "shell/browser/api/electron_api_safe_storage.cc",
+    "shell/browser/api/electron_api_safe_storage.h",
     "shell/browser/api/electron_api_screen.cc",
     "shell/browser/api/electron_api_screen.h",
     "shell/browser/api/electron_api_service_worker_context.cc",
@@ -402,6 +409,8 @@ filenames = {
     "shell/browser/native_window.cc",
     "shell/browser/native_window.h",
     "shell/browser/native_window_observer.h",
+    "shell/browser/net/asar/asar_file_validator.cc",
+    "shell/browser/net/asar/asar_file_validator.h",
     "shell/browser/net/asar/asar_url_loader.cc",
     "shell/browser/net/asar/asar_url_loader.h",
     "shell/browser/net/asar/asar_url_loader_factory.cc",

filenames.libcxx.gni

@@ -13,23 +13,46 @@ libcxx_headers = [
   "//buildtools/third_party/libc++/trunk/include/__functional_base",
   "//buildtools/third_party/libc++/trunk/include/__functional_base_03",
   "//buildtools/third_party/libc++/trunk/include/__hash_table",
+  "//buildtools/third_party/libc++/trunk/include/__iterator/concepts.h",
+  "//buildtools/third_party/libc++/trunk/include/__iterator/incrementable_traits.h",
+  "//buildtools/third_party/libc++/trunk/include/__iterator/iter_move.h",
+  "//buildtools/third_party/libc++/trunk/include/__iterator/iterator_traits.h",
+  "//buildtools/third_party/libc++/trunk/include/__iterator/readable_traits.h",
   "//buildtools/third_party/libc++/trunk/include/__libcpp_version",
   "//buildtools/third_party/libc++/trunk/include/__locale",
+  "//buildtools/third_party/libc++/trunk/include/__memory/addressof.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/allocation_guard.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/allocator.h",
   "//buildtools/third_party/libc++/trunk/include/__memory/allocator_traits.h",
-  "//buildtools/third_party/libc++/trunk/include/__memory/base.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/auto_ptr.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/compressed_pair.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/construct_at.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/pointer_safety.h",
   "//buildtools/third_party/libc++/trunk/include/__memory/pointer_traits.h",
-  "//buildtools/third_party/libc++/trunk/include/__memory/utilities.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/raw_storage_iterator.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/shared_ptr.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/temporary_buffer.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/uninitialized_algorithms.h",
+  "//buildtools/third_party/libc++/trunk/include/__memory/unique_ptr.h",
   "//buildtools/third_party/libc++/trunk/include/__mutex_base",
   "//buildtools/third_party/libc++/trunk/include/__node_handle",
   "//buildtools/third_party/libc++/trunk/include/__nullptr",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/access.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/concepts.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/data.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/empty.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/enable_borrowed_range.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/size.h",
+  "//buildtools/third_party/libc++/trunk/include/__ranges/view.h",
   "//buildtools/third_party/libc++/trunk/include/__split_buffer",
-  "//buildtools/third_party/libc++/trunk/include/__sso_allocator",
   "//buildtools/third_party/libc++/trunk/include/__std_stream",
   "//buildtools/third_party/libc++/trunk/include/__string",
   "//buildtools/third_party/libc++/trunk/include/__support/android/locale_bionic.h",
   "//buildtools/third_party/libc++/trunk/include/__support/fuchsia/xlocale.h",
+  "//buildtools/third_party/libc++/trunk/include/__support/ibm/gettod_zos.h",
   "//buildtools/third_party/libc++/trunk/include/__support/ibm/limits.h",
   "//buildtools/third_party/libc++/trunk/include/__support/ibm/locale_mgmt_aix.h",
+  "//buildtools/third_party/libc++/trunk/include/__support/ibm/locale_mgmt_zos.h",
   "//buildtools/third_party/libc++/trunk/include/__support/ibm/nanosleep.h",
   "//buildtools/third_party/libc++/trunk/include/__support/ibm/support.h",
   "//buildtools/third_party/libc++/trunk/include/__support/ibm/xlocale.h",
@@ -49,6 +72,7 @@ libcxx_headers = [
   "//buildtools/third_party/libc++/trunk/include/__tree",
   "//buildtools/third_party/libc++/trunk/include/__tuple",
   "//buildtools/third_party/libc++/trunk/include/__undef_macros",
+  "//buildtools/third_party/libc++/trunk/include/__utility/to_underlying.h",
   "//buildtools/third_party/libc++/trunk/include/algorithm",
   "//buildtools/third_party/libc++/trunk/include/any",
   "//buildtools/third_party/libc++/trunk/include/array",
@@ -152,6 +176,7 @@ libcxx_headers = [
   "//buildtools/third_party/libc++/trunk/include/ostream",
   "//buildtools/third_party/libc++/trunk/include/queue",
   "//buildtools/third_party/libc++/trunk/include/random",
+  "//buildtools/third_party/libc++/trunk/include/ranges",
   "//buildtools/third_party/libc++/trunk/include/ratio",
   "//buildtools/third_party/libc++/trunk/include/regex",
   "//buildtools/third_party/libc++/trunk/include/scoped_allocator",

lib/asar/fs-wrapper.ts

@@ -1,6 +1,7 @@
 import { Buffer } from 'buffer';
 import * as path from 'path';
 import * as util from 'util';
+import type * as Crypto from 'crypto';
 
 const asar = process._linkedBinding('electron_common_asar');
 
@@ -194,6 +195,20 @@ const overrideAPI = function (module: Record<string, any>, name: string, pathArg
   }
 };
 
+let crypto: typeof Crypto;
+function validateBufferIntegrity (buffer: Buffer, integrity: NodeJS.AsarFileInfo['integrity']) {
+  if (!integrity) return;
+
+  // Delay load crypto to improve app boot performance
+  // when integrity protection is not enabled
+  crypto = crypto || require('crypto');
+  const actual = crypto.createHash(integrity.algorithm).update(buffer).digest('hex');
+  if (actual !== integrity.hash) {
+    console.error(`ASAR Integrity Violation: got a hash mismatch (${actual} vs ${integrity.hash})`);
+    process.exit(1);
+  }
+}
+
 const makePromiseFunction = function (orig: Function, pathArgumentIndex: number) {
   return function (this: any, ...args: any[]) {
     const pathArgument = args[pathArgumentIndex];
@@ -531,7 +546,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
       }
 
       const buffer = Buffer.alloc(info.size);
-      const fd = archive.getFd();
+      const fd = archive.getFdAndValidateIntegrityLater();
       if (!(fd >= 0)) {
         const error = createError(AsarError.NOT_FOUND, { asarPath, filePath });
         nextTick(callback, [error]);
@@ -540,6 +555,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
 
       logASARAccess(asarPath, filePath, info.offset);
       fs.read(fd, buffer, 0, info.size, info.offset, (error: Error) => {
+        validateBufferIntegrity(buffer, info.integrity);
         callback(error, encoding ? buffer.toString(encoding) : buffer);
       });
     }
@@ -595,11 +611,12 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
 
     const { encoding } = options;
     const buffer = Buffer.alloc(info.size);
-    const fd = archive.getFd();
+    const fd = archive.getFdAndValidateIntegrityLater();
     if (!(fd >= 0)) throw createError(AsarError.NOT_FOUND, { asarPath, filePath });
 
     logASARAccess(asarPath, filePath, info.offset);
     fs.readSync(fd, buffer, 0, info.size, info.offset);
+    validateBufferIntegrity(buffer, info.integrity);
     return (encoding) ? buffer.toString(encoding) : buffer;
   };
 
@@ -713,11 +730,12 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     }
 
     const buffer = Buffer.alloc(info.size);
-    const fd = archive.getFd();
+    const fd = archive.getFdAndValidateIntegrityLater();
     if (!(fd >= 0)) return [];
 
     logASARAccess(asarPath, filePath, info.offset);
     fs.readSync(fd, buffer, 0, info.size, info.offset);
+    validateBufferIntegrity(buffer, info.integrity);
     const str = buffer.toString('utf8');
     return [str, str.length > 0];
   };

lib/browser/api/dialog.ts

@@ -22,6 +22,11 @@ enum OpenFileDialogProperties {
   dontAddToRecent = 1 << 8 // Windows
 }
 
+let nextId = 0;
+const getNextId = function () {
+  return ++nextId;
+};
+
 const normalizeAccessKey = (text: string) => {
   if (typeof text !== 'string') return text;
 
@@ -157,6 +162,7 @@ const messageBox = (sync: boolean, window: BrowserWindow | null, options?: Messa
   let {
     buttons = [],
     cancelId,
+    signal,
     checkboxLabel = '',
     checkboxChecked,
     defaultId = -1,
@@ -196,10 +202,21 @@ const messageBox = (sync: boolean, window: BrowserWindow | null, options?: Messa
     }
   }
 
+  // AbortSignal processing.
+  let id: number | undefined;
+  if (signal) {
+    // Generate an ID used for closing the message box.
+    id = getNextId();
+    // Close the message box when signal is aborted.
+    if (signal.aborted) { return Promise.resolve({ cancelId, checkboxChecked }); }
+    signal.addEventListener('abort', () => dialogBinding._closeMessageBox(id));
+  }
+
   const settings = {
     window,
     messageBoxType,
     buttons,
+    id,
     defaultId,
     cancelId,
     noLink,

lib/browser/api/menu-item.ts

@@ -43,6 +43,15 @@ const MenuItem = function (this: any, options: any) {
 
   this.overrideReadOnlyProperty('commandId', ++nextCommandId);
 
+  Object.defineProperty(this, 'userAccelerator', {
+    get: () => {
+      if (process.platform !== 'darwin') return null;
+      if (!this.menu) return null;
+      return this.menu._getUserAcceleratorAt(this.commandId);
+    },
+    enumerable: true
+  });
+
   const click = options.click;
   this.click = (event: Event, focusedWindow: BrowserWindow, focusedWebContents: WebContents) => {
     // Manually flip the checked flags when clicked.

lib/browser/api/module-list.ts

@@ -24,6 +24,7 @@ export const browserModuleList: ElectronInternal.ModuleEntry[] = [
   { name: 'powerMonitor', loader: () => require('./power-monitor') },
   { name: 'powerSaveBlocker', loader: () => require('./power-save-blocker') },
   { name: 'protocol', loader: () => require('./protocol') },
+  { name: 'safeStorage', loader: () => require('./safe-storage') },
   { name: 'screen', loader: () => require('./screen') },
   { name: 'session', loader: () => require('./session') },
   { name: 'ShareMenu', loader: () => require('./share-menu') },

lib/browser/api/safe-storage.ts

@@ -0,0 +1,3 @@
+const safeStorage = process._linkedBinding('electron_browser_safe_storage');
+
+module.exports = safeStorage;

lib/browser/api/web-contents.ts

@@ -769,6 +769,10 @@ export function fromId (id: string) {
   return binding.fromId(id);
 }
 
+export function fromDevToolsTargetId (targetId: string) {
+  return binding.fromDevToolsTargetId(targetId);
+}
+
 export function getFocusedWebContents () {
   let focused = null;
   for (const contents of binding.getAllWebContents()) {

lib/browser/guest-view-manager.ts

@@ -100,8 +100,12 @@ const createGuest = function (embedder: Electron.WebContents, params: Record<str
   });
 
   // Dispatch guest's IPC messages to embedder.
-  guest.on('ipc-message-host' as any, function (_: Electron.Event, channel: string, args: any[]) {
-    sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_IPC_MESSAGE, channel, ...args);
+  guest.on('ipc-message-host' as any, function (event: Electron.IpcMainEvent, channel: string, args: any[]) {
+    sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_IPC_MESSAGE, {
+      frameId: [event.processId, event.frameId],
+      channel,
+      args
+    });
   });
 
   // Notify guest of embedder window visibility when it is ready

lib/browser/guest-window-proxy.ts

@@ -76,6 +76,7 @@ ipcMainInternal.on(
     const referrer: Electron.Referrer = { url: '', policy: 'strict-origin-when-cross-origin' };
     const browserWindowOptions = event.sender._callWindowOpenHandler(event, { url, frameName, features, disposition: 'new-window', referrer });
     if (event.defaultPrevented) {
+      event.returnValue = null;
       return;
     }
     const guest = openGuestWindow({

lib/browser/init.ts

@@ -81,9 +81,10 @@ require('@electron/internal/browser/guest-view-manager');
 require('@electron/internal/browser/guest-window-proxy');
 
 // Now we try to load app's package.json.
+const v8Util = process._linkedBinding('electron_common_v8_util');
 let packagePath = null;
 let packageJson = null;
-const searchPaths = ['app', 'app.asar', 'default_app.asar'];
+const searchPaths: string[] = v8Util.getHiddenValue(global, 'appSearchPaths');
 
 if (process.resourcesPath) {
   for (packagePath of searchPaths) {

lib/browser/rpc-server.ts

@@ -1,6 +1,6 @@
 import { app } from 'electron/main';
 import type { WebContents } from 'electron/main';
-import { clipboard, nativeImage } from 'electron/common';
+import { clipboard } from 'electron/common';
 import * as fs from 'fs';
 import { ipcMainInternal } from '@electron/internal/browser/ipc-main-internal';
 import * as ipcMainUtils from '@electron/internal/browser/ipc-main-internal-utils';
@@ -105,7 +105,3 @@ ipcMainUtils.handleSync(IPC_MESSAGES.BROWSER_SANDBOX_LOAD, async function (event
 ipcMainInternal.on(IPC_MESSAGES.BROWSER_PRELOAD_ERROR, function (event, preloadPath: string, error: Error) {
   event.sender.emit('preload-error', event, preloadPath, error);
 });
-
-ipcMainInternal.handle(IPC_MESSAGES.NATIVE_IMAGE_CREATE_THUMBNAIL_FROM_PATH, async (_, path: string, size: Electron.Size) => {
-  return typeUtils.serialize(await nativeImage.createThumbnailFromPath(path, size));
-});

lib/common/ipc-messages.ts

@@ -34,5 +34,4 @@ export const enum IPC_MESSAGES {
   INSPECTOR_SELECT_FILE = 'INSPECTOR_SELECT_FILE',
 
   DESKTOP_CAPTURER_GET_SOURCES = 'DESKTOP_CAPTURER_GET_SOURCES',
-  NATIVE_IMAGE_CREATE_THUMBNAIL_FROM_PATH = 'NATIVE_IMAGE_CREATE_THUMBNAIL_FROM_PATH',
 }

lib/common/web-view-events.ts

@@ -15,6 +15,7 @@ export const webViewEvents: Record<string, readonly string[]> = {
   'new-window': ['url', 'frameName', 'disposition', 'options'],
   'will-navigate': ['url'],
   'did-start-navigation': ['url', 'isInPlace', 'isMainFrame', 'frameProcessId', 'frameRoutingId'],
+  'did-redirect-navigation': ['url', 'isInPlace', 'isMainFrame', 'frameProcessId', 'frameRoutingId'],
   'did-navigate': ['url', 'httpResponseCode', 'httpStatusText'],
   'did-frame-navigate': ['url', 'httpResponseCode', 'httpStatusText', 'isMainFrame', 'frameProcessId', 'frameRoutingId'],
   'did-navigate-in-page': ['url', 'isMainFrame', 'frameProcessId', 'frameRoutingId'],

lib/common/web-view-methods.ts

@@ -65,6 +65,7 @@ export const asyncMethods = new Set([
   'insertText',
   'removeInsertedCSS',
   'send',
+  'sendToFrame',
   'sendInputEvent',
   'setLayoutZoomLevelLimits',
   'setVisualZoomLevelLimits',

lib/renderer/api/native-image.ts

@@ -1,11 +1,3 @@
-import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal';
-import { deserialize } from '@electron/internal/common/type-utils';
-import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
-
 const { nativeImage } = process._linkedBinding('electron_common_native_image');
 
-nativeImage.createThumbnailFromPath = async (path: string, size: Electron.Size) => {
-  return deserialize(await ipcRendererInternal.invoke(IPC_MESSAGES.NATIVE_IMAGE_CREATE_THUMBNAIL_FROM_PATH, path, size));
-};
-
 export default nativeImage;

lib/renderer/inspector.ts

@@ -1,16 +1,32 @@
+import { internalContextBridge } from '@electron/internal/renderer/api/context-bridge';
 import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal';
 import * as ipcRendererUtils from '@electron/internal/renderer/ipc-renderer-internal-utils';
+import { webFrame } from 'electron/renderer';
 import { IPC_MESSAGES } from '../common/ipc-messages';
 
+const { contextIsolationEnabled } = internalContextBridge;
+
+/* Corrects for some Inspector adaptations needed in Electron.
+* 1) Use menu API to show context menu.
+* 2) Correct for Chromium returning undefined for filesystem.
+* 3) Use dialog API to override file chooser dialog.
+*/
 window.onload = function () {
-  // Use menu API to show context menu.
-  window.InspectorFrontendHost!.showContextMenuAtPoint = createMenu;
-
-  // correct for Chromium returning undefined for filesystem
-  window.Persistence!.FileSystemWorkspaceBinding.completeURL = completeURL;
-
-  // Use dialog API to override file chooser dialog.
-  window.UI!.createFileSelectorElement = createFileSelectorElement;
+  if (contextIsolationEnabled) {
+    internalContextBridge.overrideGlobalValueFromIsolatedWorld([
+      'InspectorFrontendHost', 'showContextMenuAtPoint'
+    ], createMenu);
+    internalContextBridge.overrideGlobalValueFromIsolatedWorld([
+      'Persistence', 'FileSystemWorkspaceBinding', 'completeURL'
+    ], completeURL);
+    internalContextBridge.overrideGlobalValueFromIsolatedWorld([
+      'UI', 'createFileSelectorElement'
+    ], createFileSelectorElement);
+  } else {
+    window.InspectorFrontendHost!.showContextMenuAtPoint = createMenu;
+    window.Persistence!.FileSystemWorkspaceBinding.completeURL = completeURL;
+    window.UI!.createFileSelectorElement = createFileSelectorElement;
+  }
 };
 
 // Extra / is needed as a result of MacOS requiring absolute paths
@@ -36,9 +52,10 @@ const createMenu = function (x: number, y: number, items: ContextMenuItem[]) {
   const isEditMenu = useEditMenuItems(x, y, items);
   ipcRendererInternal.invoke<number>(IPC_MESSAGES.INSPECTOR_CONTEXT_MENU, items, isEditMenu).then(id => {
     if (typeof id === 'number') {
-      window.DevToolsAPI!.contextMenuItemSelected(id);
+      webFrame.executeJavaScript(`window.DevToolsAPI.contextMenuItemSelected(${JSON.stringify(id)})`);
     }
-    window.DevToolsAPI!.contextMenuCleared();
+
+    webFrame.executeJavaScript('window.DevToolsAPI.contextMenuCleared()');
   });
 };
 

lib/renderer/web-view/guest-view-internal.ts

@@ -37,8 +37,8 @@ export function registerEvents (viewInstanceId: number, delegate: GuestViewDeleg
     dispatchEvent(delegate, eventName, eventName, ...args);
   });
 
-  ipcRendererInternal.on(`${IPC_MESSAGES.GUEST_VIEW_INTERNAL_IPC_MESSAGE}-${viewInstanceId}`, function (event, channel, ...args) {
-    delegate.dispatchEvent('ipc-message', { channel, args });
+  ipcRendererInternal.on(`${IPC_MESSAGES.GUEST_VIEW_INTERNAL_IPC_MESSAGE}-${viewInstanceId}`, function (event, data) {
+    delegate.dispatchEvent('ipc-message', data);
   });
 }
 

lib/worker/init.ts

@@ -12,6 +12,9 @@ require('../common/reset-search-paths');
 // Import common settings.
 require('@electron/internal/common/init');
 
+// Process command line arguments.
+const { hasSwitch, getSwitchValue } = process._linkedBinding('electron_common_command_line');
+
 // Export node bindings to global.
 const { makeRequireFunction } = __non_webpack_require__('internal/modules/cjs/helpers') // eslint-disable-line
 global.module = new Module('electron/js2c/worker_init');
@@ -32,4 +35,10 @@ if (self.location.protocol === 'file:') {
   // For backwards compatibility we fake these two paths here
   global.__filename = path.join(process.resourcesPath, 'electron.asar', 'worker', 'init.js');
   global.__dirname = path.join(process.resourcesPath, 'electron.asar', 'worker');
+
+  const appPath = hasSwitch('app-path') ? getSwitchValue('app-path') : null;
+  if (appPath) {
+    // Search for module under the app directory.
+    global.module.paths = Module._nodeModulePaths(appPath);
+  }
 }

npm/install.js

@@ -2,6 +2,7 @@
 
 const { version } = require('./package');
 
+const childProcess = require('child_process');
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
@@ -18,14 +19,31 @@ if (isInstalled()) {
   process.exit(0);
 }
 
+const platform = process.env.npm_config_platform || process.platform;
+let arch = process.env.npm_config_arch || process.arch;
+
+if (platform === 'darwin' && process.platform === 'darwin' && arch === 'x64') {
+  // When downloading for macOS ON macOS and we think we need x64 we should
+  // check if we're running under rosetta and download the arm64 version if appropriate
+  try {
+    const output = childProcess.execSync('sysctl -in sysctl.proc_translated');
+    if (output.toString().trim() === '1') {
+      arch = 'arm64';
+    }
+  } catch {
+    // Ignore failure
+  }
+}
+
 // downloads if not cached
 downloadArtifact({
   version,
   artifactName: 'electron',
   force: process.env.force_no_cache === 'true',
   cacheRoot: process.env.electron_config_cache,
-  platform: process.env.npm_config_platform || process.platform,
-  arch: process.env.npm_config_arch || process.arch
+  checksums: process.env.electron_use_remote_checksums ? undefined : require('./checksums.json'),
+  platform,
+  arch
 }).then(extractFile).catch(err => {
   console.error(err.stack);
   process.exit(1);

npm/package.json

@@ -8,7 +8,7 @@
     "postinstall": "node install.js"
   },
   "dependencies": {
-    "@electron/get": "^1.0.1",
+    "@electron/get": "^1.13.0",
     "@types/node": "^14.6.2",
     "extract-zip": "^1.0.3"
   },

package.json

@@ -1,11 +1,11 @@
 {
   "name": "electron",
-  "version": "15.0.0-nightly.20210621",
+  "version": "15.0.0-beta.7",
   "repository": "https://github.com/electron/electron",
   "description": "Build cross platform desktop apps with JavaScript, HTML, and CSS",
   "devDependencies": {
-    "@electron/docs-parser": "^0.12.1",
-    "@electron/typescript-definitions": "^8.9.4",
+    "@electron/docs-parser": "^0.12.2",
+    "@electron/typescript-definitions": "^8.9.5",
     "@octokit/auth-app": "^2.10.0",
     "@octokit/rest": "^18.0.3",
     "@primer/octicons": "^10.0.0",
@@ -30,12 +30,12 @@
     "@types/webpack-env": "^1.15.2",
     "@typescript-eslint/eslint-plugin": "^4.4.1",
     "@typescript-eslint/parser": "^4.4.1",
-    "asar": "^3.0.3",
+    "asar": "^3.1.0",
     "aws-sdk": "^2.727.1",
     "check-for-leaks": "^1.2.1",
     "colors": "^1.4.0",
     "dotenv-safe": "^4.0.4",
-    "dugite": "^1.45.0",
+    "dugite": "^1.103.0",
     "eslint": "^7.4.0",
     "eslint-config-standard": "^14.1.1",
     "eslint-plugin-import": "^2.22.0",
@@ -54,12 +54,10 @@
     "markdownlint": "^0.21.1",
     "markdownlint-cli": "^0.25.0",
     "minimist": "^1.2.5",
-    "nugget": "^2.0.1",
     "null-loader": "^4.0.0",
     "pre-flight": "^1.1.0",
     "remark-cli": "^4.0.0",
     "remark-preset-lint-markdown-style-guide": "^2.1.1",
-    "request": "^2.88.2",
     "semver": "^5.6.0",
     "shx": "^0.3.2",
     "standard-markdown": "^6.0.0",

patches/ReactiveObjC/.patches

@@ -1 +1,2 @@
 build_conditionally_import_ext_headers_from_framework_or_from.patch
+chore_explicitly_cast_long_max_to_double.patch

patches/ReactiveObjC/chore_explicitly_cast_long_max_to_double.patch

@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Thu, 15 Jul 2021 15:53:08 -0400
+Subject: chore: explicitly cast LONG_MAX to double
+
+Fixes a compilation error encountered in Electron as a result of
+Chromium enabling the -Wimplicit-const-int-float-conversion compilation
+flag in https://chromium-review.googlesource.com/c/chromium/src/+/3001416.
+
+Upstreamed at https://github.com/ReactiveCocoa/ReactiveObjC/pull/186.
+
+diff --git a/ReactiveObjC/RACQueueScheduler.m b/ReactiveObjC/RACQueueScheduler.m
+index d9dd189b8fab73f412b2d2fc831041a33368d491..bc6e8d1b5339197c173a1254c0586621dfe5b591 100644
+--- a/ReactiveObjC/RACQueueScheduler.m
++++ b/ReactiveObjC/RACQueueScheduler.m
+@@ -48,8 +48,8 @@ + (dispatch_time_t)wallTimeWithDate:(NSDate *)date {
+ 	double frac = modf(date.timeIntervalSince1970, &seconds);
+ 
+ 	struct timespec walltime = {
+-		.tv_sec = (time_t)fmin(fmax(seconds, LONG_MIN), LONG_MAX),
+-		.tv_nsec = (long)fmin(fmax(frac * NSEC_PER_SEC, LONG_MIN), LONG_MAX)
++		.tv_sec = (time_t)fmin(fmax(seconds, LONG_MIN), (double)LONG_MAX),
++		.tv_nsec = (long)fmin(fmax(frac * NSEC_PER_SEC, LONG_MIN), (double)LONG_MAX)
+ 	};
+ 
+ 	return dispatch_walltime(&walltime, 0);

patches/boringssl/.patches

@@ -1,3 +1,4 @@
 expose_ripemd160.patch
 expose_aes-cfb.patch
 expose_des-ede3.patch
+fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch

patches/boringssl/expose_aes-cfb.patch

@@ -31,7 +31,7 @@ index 786a5d5fb13d7ceafc9b7d58c0aaccb88552506d..5ede89f9f0761d1da1baa899e9a02b77
      return EVP_aes_128_ctr();
    } else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
 diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037add0221747 100644
+index 5a41a7b7dc9afee65d9004c497da735073715bd3..c6c901eaff474eaa3f06128ea825b8203d064a52 100644
 --- a/decrepit/evp/evp_do_all.c
 +++ b/decrepit/evp/evp_do_all.c
 @@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,

patches/boringssl/expose_des-ede3.patch

@@ -19,7 +19,7 @@ index 5ede89f9f0761d1da1baa899e9a02b77ffcffe93..8205e121c152fe4e2d8df34a1ac2fe04
               // This is not a name used by OpenSSL, but tcpdump registers it
               // with |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a
 diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index 84af06fc56e4aa72d4d48801d7c037add0221747..fe412e350f43ad20758025da6b9754952d164938 100644
+index c6c901eaff474eaa3f06128ea825b8203d064a52..f577cd23bf72b94b2651fe5eeb757106f5adaea2 100644
 --- a/decrepit/evp/evp_do_all.c
 +++ b/decrepit/evp/evp_do_all.c
 @@ -39,6 +39,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,

patches/boringssl/expose_ripemd160.patch

@@ -10,10 +10,10 @@ this patch is required to provide ripemd160 support in the nodejs crypto
 module.
 
 diff --git a/crypto/digest_extra/digest_extra.c b/crypto/digest_extra/digest_extra.c
-index 311c5cba0e359a20b34ba6c7ee84c34b6068049f..c4638d40aab0a4b9612216d68cd7fb50823a0ae6 100644
+index a93601c170dc407f7d6d628fb7e2d2f0788467f3..00911ee69bb99a34b938ea6a62cd10bc930ec95c 100644
 --- a/crypto/digest_extra/digest_extra.c
 +++ b/crypto/digest_extra/digest_extra.c
-@@ -83,6 +83,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
+@@ -84,6 +84,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
      {NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
      {NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
      {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
@@ -62,7 +62,7 @@ index f006ebbc53eea78ce0337a076a05285f22da7a18..7b9309f39a2e5dc6e61bb89e5d32b176
 +
  #undef CHECK
 diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index d540144b293297791c087e0b968a47d368a73695..53cb9d2dc8f1962a70dc12b648d27c32be8aca4b 100644
+index d8023e08f70a060aed083212fefd1de3ecc142e4..5a41a7b7dc9afee65d9004c497da735073715bd3 100644
 --- a/decrepit/evp/evp_do_all.c
 +++ b/decrepit/evp/evp_do_all.c
 @@ -78,6 +78,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
@@ -73,14 +73,16 @@ index d540144b293297791c087e0b968a47d368a73695..53cb9d2dc8f1962a70dc12b648d27c32
  
    callback(EVP_md4(), "md4", NULL, arg);
    callback(EVP_md5(), "md5", NULL, arg);
-@@ -86,4 +87,5 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
+@@ -86,6 +87,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
    callback(EVP_sha256(), "sha256", NULL, arg);
    callback(EVP_sha384(), "sha384", NULL, arg);
    callback(EVP_sha512(), "sha512", NULL, arg);
 +  callback(EVP_ripemd160(), "ripemd160", NULL, arg);
  }
+ 
+ void EVP_MD_do_all(void (*callback)(const EVP_MD *cipher, const char *name,
 diff --git a/include/openssl/digest.h b/include/openssl/digest.h
-index 66f1b5dcfd8232a697145acb2b6c2efe890d543f..67fc522172dc3ab56787fa5db3c277fd4811474a 100644
+index fa7616896b6cc7422dc0171db29316f20fb25de8..6c19a0f0d454bef1abf16ebfeef380a53fb21e5c 100644
 --- a/include/openssl/digest.h
 +++ b/include/openssl/digest.h
 @@ -90,6 +90,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void);

patches/boringssl/fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch

@@ -0,0 +1,82 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Mon, 28 Jun 2021 10:41:09 +0200
+Subject: fix: sync EVP_get_cipherbynid and EVP_get_cipherbyname
+
+This commit syncs the results of EVP_get_cipherbynid and
+EVP_get_cipherbyname. Node.js logic assumes that calling EVP_get_cipherbynid
+on a NID returned from a call to `getCipherInfo` with the cipher name
+will return the same cipher information - this assumption holds in OpenSSL
+and should also hold in BoringSSL.
+
+This will be upstreamed.
+
+diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
+index 8205e121c152fe4e2d8df34a1ac2fe0498381f31..0870ffe6bff3f647907d7df66d7bf74916be1836 100644
+--- a/crypto/cipher_extra/cipher_extra.c
++++ b/crypto/cipher_extra/cipher_extra.c
+@@ -69,20 +69,58 @@
+ 
+ const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
+   switch (nid) {
+-    case NID_rc2_cbc:
+-      return EVP_rc2_cbc();
+-    case NID_rc2_40_cbc:
+-      return EVP_rc2_40_cbc();
++    case NID_rc4:
++      return EVP_rc4();
++    case NID_des_cbc:
++      return EVP_des_cbc();
++    case NID_des_ede3_ecb:
++      return EVP_des_ede3();
+     case NID_des_ede3_cbc:
+       return EVP_des_ede3_cbc();
+-    case NID_des_ede_cbc:
+-      return EVP_des_cbc();
+     case NID_aes_128_cbc:
+       return EVP_aes_128_cbc();
++    case NID_aes_128_cfb128:
++      return EVP_aes_128_cfb128();
+     case NID_aes_192_cbc:
+       return EVP_aes_192_cbc();
+     case NID_aes_256_cbc:
+       return EVP_aes_256_cbc();
++    case NID_aes_256_cfb128:
++      return EVP_aes_256_cfb128();
++    case NID_aes_128_ctr:
++      return EVP_aes_128_ctr();
++    case NID_aes_192_ctr:
++      return EVP_aes_192_ctr();
++    case NID_aes_256_ctr:
++      return EVP_aes_256_ctr();
++    case NID_aes_128_ecb:
++      return EVP_aes_128_ecb();
++    case NID_aes_192_ecb:
++      return EVP_aes_192_ecb();
++    case NID_aes_256_ecb:
++      return EVP_aes_256_ecb();
++    case NID_aes_128_gcm:
++      return EVP_aes_128_gcm();
++    case NID_aes_192_gcm:
++      return EVP_aes_192_gcm();
++    case NID_aes_256_gcm:
++      return EVP_aes_256_gcm();
++    case NID_aes_128_ofb128:
++      return EVP_aes_128_ofb();
++    case NID_aes_192_ofb128:
++      return EVP_aes_192_ofb();
++    case NID_aes_256_ofb128:
++      return EVP_aes_256_ofb();
++    case NID_des_ecb:
++      return EVP_des_ecb();
++    case NID_des_ede_ecb:
++      return EVP_des_ede();
++    case NID_des_ede_cbc:
++      return EVP_des_ede_cbc();
++    case NID_rc2_cbc:
++      return EVP_rc2_cbc();
++    case NID_rc2_40_cbc:
++      return EVP_rc2_40_cbc();
+     default:
+       return NULL;
+   }

patches/chromium/.patches

@@ -57,7 +57,6 @@ allow_new_privileges_in_unsandboxed_child_processes.patch
 expose_setuseragent_on_networkcontext.patch
 feat_add_set_theme_source_to_allow_apps_to.patch
 add_webmessageportconverter_entangleandinjectmessageportchannel.patch
-revert_remove_contentrendererclient_shouldfork.patch
 ignore_rc_check.patch
 remove_usage_of_incognito_apis_in_the_spellchecker.patch
 chore_use_electron_resources_not_chrome_for_spellchecker.patch
@@ -70,7 +69,7 @@ gpu_notify_when_dxdiag_request_fails.patch
 feat_allow_embedders_to_add_observers_on_created_hunspell.patch
 feat_add_onclose_to_messageport.patch
 ui_gtk_public_header.patch
-allow_in_process_windows_to_have_different_web_prefs.patch
+allow_in-process_windows_to_have_different_web_prefs.patch
 refactor_expose_cursor_changes_to_the_webcontentsobserver.patch
 crash_allow_setting_more_options.patch
 breakpad_treat_node_processes_as_browser_processes.patch
@@ -90,6 +89,7 @@ export_gin_v8platform_pageallocator_for_usage_outside_of_the_gin.patch
 fix_export_zlib_symbols.patch
 don_t_use_potentially_null_getwebframe_-_view_when_get_blink.patch
 web_contents.patch
+webview_fullscreen.patch
 disable_unload_metrics.patch
 fix_add_check_for_sandbox_then_result.patch
 extend_apply_webpreferences.patch
@@ -98,7 +98,10 @@ add_setter_for_browsermainloop_result_code.patch
 make_include_of_stack_trace_h_unconditional.patch
 build_libc_as_static_library.patch
 build_do_not_depend_on_packed_resource_integrity.patch
-build_read_idl_files_as_utf8_to_fix_python3_character_encodding.patch
 refactor_restore_base_adaptcallbackforrepeating.patch
 hack_to_allow_gclient_sync_with_host_os_mac_on_linux_in_ci.patch
 don_t_run_pcscan_notifythreadcreated_if_pcscan_is_disabled.patch
+add_gin_wrappable_crash_key.patch
+logging_win32_only_create_a_console_if_logging_to_stderr.patch
+feat_expose_raw_response_headers_from_urlloader.patch
+fix_media_key_usage_with_globalshortcuts.patch

patches/chromium/add_didinstallconditionalfeatures.patch

@@ -10,7 +10,7 @@ DidCreateScriptContext is called, not all JS APIs are available in the
 context, which can cause some preload scripts to trip.
 
 diff --git a/content/public/renderer/render_frame_observer.h b/content/public/renderer/render_frame_observer.h
-index 3d985164eee3d7d8ef9e7ff2215ec9a17ec157a5..9c1c4fd8528fbb088f1836c8503c5875727f5d62 100644
+index e24c169444c699f295de2c1f1f42683eeca73436..4675cdccb1876a318a9a0253cdf552bb65516310 100644
 --- a/content/public/renderer/render_frame_observer.h
 +++ b/content/public/renderer/render_frame_observer.h
 @@ -127,6 +127,8 @@ class CONTENT_EXPORT RenderFrameObserver : public IPC::Listener,
@@ -23,10 +23,10 @@ index 3d985164eee3d7d8ef9e7ff2215ec9a17ec157a5..9c1c4fd8528fbb088f1836c8503c5875
                                          int32_t world_id) {}
    virtual void DidClearWindowObject() {}
 diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
-index 105dc2b5db804a699da4173476281b7ff240f0dc..197d97364bb19a1378d57cced8c485e86fda1e18 100644
+index d88901876c14b375bfe2e65698d741e10882fd48..c3bed8fa670cb079bc182addd93f9507e5448dca 100644
 --- a/content/renderer/render_frame_impl.cc
 +++ b/content/renderer/render_frame_impl.cc
-@@ -4263,6 +4263,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
+@@ -4449,6 +4449,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
      observer.DidCreateScriptContext(context, world_id);
  }
  
@@ -40,10 +40,10 @@ index 105dc2b5db804a699da4173476281b7ff240f0dc..197d97364bb19a1378d57cced8c485e8
                                                 int world_id) {
    for (auto& observer : observers_)
 diff --git a/content/renderer/render_frame_impl.h b/content/renderer/render_frame_impl.h
-index 53299308d20eaaf5e26b8a5dc34d1c66d7b0fdf8..fa63808238ede5bebc3589901e318acc882b766a 100644
+index 1714c5b0a43fa21e370136afd8572b98df805f0f..8d71e6b8dd6d0b229f040b6b97bbda2845bd0db3 100644
 --- a/content/renderer/render_frame_impl.h
 +++ b/content/renderer/render_frame_impl.h
-@@ -583,6 +583,8 @@ class CONTENT_EXPORT RenderFrameImpl
+@@ -589,6 +589,8 @@ class CONTENT_EXPORT RenderFrameImpl
        blink::WebLocalFrameClient::LazyLoadBehavior lazy_load_behavior) override;
    void DidCreateScriptContext(v8::Local<v8::Context> context,
                                int world_id) override;
@@ -53,10 +53,10 @@ index 53299308d20eaaf5e26b8a5dc34d1c66d7b0fdf8..fa63808238ede5bebc3589901e318acc
                                  int world_id) override;
    void DidChangeScrollOffset() override;
 diff --git a/third_party/blink/public/web/web_local_frame_client.h b/third_party/blink/public/web/web_local_frame_client.h
-index 493358dade0f6a1359f95bc3f8b3adc4303b8bcc..c0a53b380d5d3d2430e353d581dab6f183fa48b7 100644
+index 99ddb8f449481647a499a5bb3fd7f5d5272ae414..00d7f0bbb8dc3afdc2303668481cf17fbdfbdcba 100644
 --- a/third_party/blink/public/web/web_local_frame_client.h
 +++ b/third_party/blink/public/web/web_local_frame_client.h
-@@ -583,6 +583,9 @@ class BLINK_EXPORT WebLocalFrameClient {
+@@ -587,6 +587,9 @@ class BLINK_EXPORT WebLocalFrameClient {
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) {}
  
@@ -67,10 +67,10 @@ index 493358dade0f6a1359f95bc3f8b3adc4303b8bcc..c0a53b380d5d3d2430e353d581dab6f1
    virtual void WillReleaseScriptContext(v8::Local<v8::Context>,
                                          int32_t world_id) {}
 diff --git a/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc b/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
-index 83b81f4c1fd4232ee5c2b7b1b7b85424164f3acc..bdd4a0031af6f9c2b701979dd469867c018e5753 100644
+index fbef5207c921a5443f26083a860becc48eb497c1..5a25ce658f3115325e2213063ac502c855d878ca 100644
 --- a/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
 +++ b/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
-@@ -187,6 +187,7 @@ void LocalWindowProxy::Initialize() {
+@@ -200,6 +200,7 @@ void LocalWindowProxy::Initialize() {
    }
  
    InstallConditionalFeatures();
@@ -79,10 +79,10 @@ index 83b81f4c1fd4232ee5c2b7b1b7b85424164f3acc..bdd4a0031af6f9c2b701979dd469867c
    if (World().IsMainWorld()) {
      GetFrame()->Loader().DispatchDidClearWindowObjectInMainWorld();
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client.h b/third_party/blink/renderer/core/frame/local_frame_client.h
-index fafb45421f5bc348672d20caa23b5b35293db811..1172958ff116b2f98c994245c3c3a42c6a18627b 100644
+index fd9d33e9ee3214673757d2857f339fff70e139f2..ed2ccb72e394f177ec17d823fbf22d725ba43853 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client.h
-@@ -298,6 +298,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
+@@ -299,6 +299,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
  
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) = 0;
@@ -92,7 +92,7 @@ index fafb45421f5bc348672d20caa23b5b35293db811..1172958ff116b2f98c994245c3c3a42c
                                          int32_t world_id) = 0;
    virtual bool AllowScriptExtensions() = 0;
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
-index 69b8211729d5b10bad95abc2ed40e9f7844666c7..a2996e454141b1823b6baa0184ccbdde784808ab 100644
+index 96aea6ae2dc5322699741701569e8a1ccd4b9728..92a957fc4971ed3d5b343e8db4db9d603f11b1e9 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
 @@ -273,6 +273,13 @@ void LocalFrameClientImpl::DidCreateScriptContext(
@@ -110,7 +110,7 @@ index 69b8211729d5b10bad95abc2ed40e9f7844666c7..a2996e454141b1823b6baa0184ccbdde
      v8::Local<v8::Context> context,
      int32_t world_id) {
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.h b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
-index a853d0dd0ecfd676b6ada622f38a6546e526be92..d39a81547c3335d6b2ff3219ddcf5f3b2daa1c9c 100644
+index b66e501d692b75e37f50fa3be018df092fc35176..3135bdfa960e9e914ded8ee87f227d5897c9ed33 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 @@ -77,6 +77,8 @@ class CORE_EXPORT LocalFrameClientImpl final : public LocalFrameClient {
@@ -123,10 +123,10 @@ index a853d0dd0ecfd676b6ada622f38a6546e526be92..d39a81547c3335d6b2ff3219ddcf5f3b
                                  int32_t world_id) override;
  
 diff --git a/third_party/blink/renderer/core/loader/empty_clients.h b/third_party/blink/renderer/core/loader/empty_clients.h
-index 461ecb3cf70026a1f6a43a72ed9e0ad6c27296fd..b7e5a66f9dc0d27df09ddaf9483d56af0e892489 100644
+index e405538cf1f520c67bcb72e164c66f4a4859d588..054df6b7718cef2c891eb4d00c95792dde5abd4b 100644
 --- a/third_party/blink/renderer/core/loader/empty_clients.h
 +++ b/third_party/blink/renderer/core/loader/empty_clients.h
-@@ -348,6 +348,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
+@@ -355,6 +355,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
  
    void DidCreateScriptContext(v8::Local<v8::Context>,
                                int32_t world_id) override {}

patches/chromium/add_gin_wrappable_crash_key.patch

@@ -0,0 +1,63 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: VerteDinde <khammond@slack-corp.com>
+Date: Thu, 15 Jul 2021 12:16:50 -0700
+Subject: chore: add gin::wrappable wrapperinfo crash key
+
+This patch adds an additional crash key for gin::Wrappable, to help
+debug a crash that is occurring during garbage collection in SecondWeakCallback.
+
+The crash seems to be due to a class that is holding a reference to
+gin::Wrappable even after being deleted. This added crash key compares
+the soon-to-be-deleted WrapperInfo with known WrapperInfo components to
+help determine where the crash originated from.
+
+This patch should not be upstreamed, and can be removed in Electron 15 and
+beyond once we identify the cause of the crash.
+
+diff --git a/gin/BUILD.gn b/gin/BUILD.gn
+index c6059fdb0e0f74ee3ef78c5517634ed5a36f1b10..e16b2ec43b98c3b8724fd85085a33fe52a1e1979 100644
+--- a/gin/BUILD.gn
++++ b/gin/BUILD.gn
+@@ -88,6 +88,10 @@ component("gin") {
+     frameworks = [ "CoreFoundation.framework" ]
+   }
+ 
++  if (!is_mas_build) {
++    public_deps += [ "//components/crash/core/common:crash_key" ]
++  }
++
+   configs += [
+     "//tools/v8_context_snapshot:use_v8_context_snapshot",
+     "//v8:external_startup_data",
+diff --git a/gin/wrappable.cc b/gin/wrappable.cc
+index fe07eb94a8e679859bba6d76ff0d6ee86bd0c67e..ecb0aa2c4ec57e1814f4c94194e775440f4e35ee 100644
+--- a/gin/wrappable.cc
++++ b/gin/wrappable.cc
+@@ -8,6 +8,11 @@
+ #include "gin/object_template_builder.h"
+ #include "gin/per_isolate_data.h"
+ 
++#if !defined(MAS_BUILD)
++#include "components/crash/core/common/crash_key.h"
++#include "electron/shell/common/crash_keys.h"
++#endif
++
+ namespace gin {
+ 
+ WrappableBase::WrappableBase() = default;
+@@ -36,6 +41,15 @@ void WrappableBase::FirstWeakCallback(
+ void WrappableBase::SecondWeakCallback(
+     const v8::WeakCallbackInfo<WrappableBase>& data) {
+   WrappableBase* wrappable = data.GetParameter();
++
++#if !defined(MAS_BUILD)
++  WrapperInfo* wrapperInfo = static_cast<WrapperInfo*>(data.GetInternalField(0));
++  std::string location = electron::crash_keys::GetCrashValueForGinWrappable(wrapperInfo);
++
++  static crash_reporter::CrashKeyString<32> crash_key("gin-wrappable-fatal.location");
++  crash_reporter::ScopedCrashKeyString auto_clear(&crash_key, location);
++#endif
++
+   delete wrappable;
+ }
+ 

patches/chromium/add_setter_for_browsermainloop_result_code.patch

@@ -10,7 +10,7 @@ valid use cases for setting custom exit codes of the main loop.  This
 exposes a simple setter that embedders can call.
 
 diff --git a/content/browser/browser_main_loop.h b/content/browser/browser_main_loop.h
-index 090ca9c6e8785c6e9f1b9245771645ea19805795..fdf587055a71103c21f27fd79e5714baa24ea5c4 100644
+index 5d41104a616c53d93ff8eb68ce2f87b1c2be7025..21223accc340242d2e0e301e92d7dafd01023e23 100644
 --- a/content/browser/browser_main_loop.h
 +++ b/content/browser/browser_main_loop.h
 @@ -161,6 +161,10 @@ class CONTENT_EXPORT BrowserMainLoop {