chore: bump chromium to 110.0.5451.0 (23-x-y) (#36568)

chore: bump chromium to 110.0.5451.0 (main) (#36394)

* chore: bump chromium in DEPS to 110.0.5425.0

* chore: bump chromium in DEPS to 110.0.5427.0

* chore: bump chromium in DEPS to 110.0.5429.0

* chore: bump chromium in DEPS to 110.0.5431.0

* chore: update patches/chromium/picture-in-picture.patch to fix upstream code shear

https://chromium-review.googlesource.com/c/chromium/src/+/4024078

* chore: sync patch w/upstream shear: remove_usage_of_incognito_apis_in_the_spellchecker.patch

https://chromium-review.googlesource.com/c/chromium/src/+/3967854

* chore: sync patch w/upstream shear: feat_expose_raw_response_headers_from_urlloader.patch

https://chromium-review.googlesource.com/c/chromium/src/+/3983373

* chore: sync patch w/upstream shear: chromium/custom_protocols_plzserviceworker.patch

https://chromium-review.googlesource.com/c/chromium/src/+/3983373

* build: update references to core_api_provider; its location was moved upstream

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4006696

* build: remove back_to_tab_image_button from our enable_picture_in_picture deps

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4024078

back_to_tab_image_button has been removed upstream

* chore: update patches

* chore: bump chromium in DEPS to 110.0.5433.0

* chore: sync patch w/upstream shear: chromium/printing.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4006638

* chore: sync patch w/trivial upstream shear: chromium/process_singleton.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4031817

* refactor: remove kAutofillCenterAlignedSuggestions feature flag check.

This behavior had been an experiment behind a feature flag. The
experiment was a success so the feature was kept & the flag was removed.

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3870616
moves from disabled-by-default to enabled-by-default

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4030556
removed the feature flag

* chore: update patches

* chore: bump chromium in DEPS to 110.0.5435.0

* chore: update patches

* chore: sync code with upstream change: AXLMode method name

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3950054

* 3841761: Adapting code to support kSystemProfileSelectionDefaultNone experiment

https://chromium-review.googlesource.com/c/chromium/src/+/3841761

* chore: bump chromium in DEPS to 110.0.5437.0

* 4040140: Pip 2.0: Merge VideoOverlayWindowViews and OverlayWindowViews

https://chromium-review.googlesource.com/c/chromium/src/+/4040140

* 4045567: Fix a crash opening a popup from tab capture fullscreen

https://chromium-review.googlesource.com/c/chromium/src/+/4045567

* chore: fixup patch indices

* 4048263: Remove deprecated Value calls in frame_tracker_unittest.cc.

https://chromium-review.googlesource.com/c/chromium/src/+/4048263

* 4004606: [intl] Migrate to ICU 72

https://chromium-review.googlesource.com/c/v8/v8/+/4004606

* chore: bump chromium in DEPS to 110.0.5439.0

* 3890670: Prerender: Add first implementation of prerender-in-new-tab mode

https://chromium-review.googlesource.com/c/chromium/src/+/3890670

* chore: fixup patch indices

* chore: bump chromium in DEPS to 110.0.5441.0

* chore: update patches

* chore: bump chromium in DEPS to 110.0.5443.0

* 4035451: Remove remaining uses of ScopedNestableTaskAllower.

https://chromium-review.googlesource.com/c/chromium/src/+/4035451

* chore: bump chromium in DEPS to 110.0.5445.0

* chore: update patches

* fixup! 3890670: Prerender: Add first implementation of prerender-in-new-tab mode

* test: disable parallel/test-worker-init-failure

Refs https://chromium-review.googlesource.com/c/v8/v8/+/4017512
Refs https://github.com/nodejs/node-v8/issues/246

* chore: disable parallel/test-fetch

Test is flaky on Linux CI, but runs fine locally.

* chore: bump chromium in DEPS to 110.0.5451.0

* chore: update patches

* chore: cleanup patch

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: electron-patch-conflict-fixer[bot] <83340002+electron-patch-conflict-fixer[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>

.devcontainer/README.md

@@ -4,14 +4,13 @@ Welcome to the Codespaces Electron Developer Environment.
 
 ## Quick Start
 
-Upon creation of your codespace you should have [build tools](https://github.com/electron/build-tools) installed and an initialized gclient checkout of Electron.  In order to build electron you'll need to run the following commands.
+Upon creation of your codespace you should have [build tools](https://github.com/electron/build-tools) installed and an initialized gclient checkout of Electron.  In order to build electron you'll need to run the following command.
 
 ```bash
-e sync -vv
 e build
 ```
 
-The initial sync will take approximately ~30 minutes and the build will take ~8 minutes.  Incremental syncs and incremental builds are substantially quicker.
+The initial build will take ~8 minutes.  Incremental builds are substantially quicker.  If you pull changes from upstream that touch either the `patches` folder or the `DEPS` folder you will have to run `e sync` in order to keep your checkout up to date.
 
 ## Directory Structure
 

.devcontainer/devcontainer.json

@@ -2,6 +2,7 @@
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "buildtools",
 	"onCreateCommand": ".devcontainer/on-create-command.sh",
+	"updateContentCommand": ".devcontainer/update-content-command.sh",
 	"workspaceFolder": "/workspaces/gclient/src/electron",
 	"extensions": [
 		"joeleinbinder.mojom-language",
@@ -11,14 +12,28 @@
 		"mutantdino.resourcemonitor",
 		"dbaeumer.vscode-eslint",
 		"shakram02.bash-beautify",
-		"marshallofsound.gnls-electron"
+		"marshallofsound.gnls-electron",
+		"CircleCI.circleci"
 	],
 	"settings": {
+		"editor.tabSize": 2,
+		"bashBeautify.tabSize": 2,
+		"typescript.tsdk": "node_modules/typescript/lib",
 		"[gn]": {
 			"editor.formatOnSave": true
 		},
-		"editor.tabSize": 2,
-		"bashBeautify.tabSize": 2
+		"[javascript]": {
+			"editor.codeActionsOnSave": {
+				"source.fixAll.eslint": true
+			}
+		},
+		"[typescript]": {
+			"editor.codeActionsOnSave": {
+				"source.fixAll.eslint": true
+			}
+		},
+		"javascript.preferences.quoteStyle": "single",
+		"typescript.preferences.quoteStyle": "single"
 	},
 	"forwardPorts": [8088, 6080, 5901],
 	"portsAttributes": {
@@ -36,8 +51,15 @@
 		}
 	},
 	"hostRequirements": {
-		"storage": "32gb",
-		"cpus": 8
+		"storage": "128gb",
+		"cpus": 16
 	},
-	"remoteUser": "builduser"
+	"remoteUser": "builduser",
+	"customizations": {
+		"codespaces": {
+			"openFiles": [
+				".devcontainer/README.md"
+			]
+		}
+	}
 }

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:27db4a3e3512bfd2e47f58cea69922da0835f1d9
+    image: ghcr.io/electron/devcontainer:3d8d44d0f15b05bef6149e448f9cc522111847e9
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.devcontainer/on-create-command.sh

@@ -10,6 +10,7 @@ export PATH="$PATH:$buildtools/src"
 
 # Create the persisted buildtools config folder
 mkdir -p $buildtools_configs
+mkdir -p $gclient_root/.git-cache
 rm -f $buildtools/configs
 ln -s $buildtools_configs $buildtools/configs
 

.devcontainer/update-content-command.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -eo pipefail
+
+buildtools=$HOME/.electron_build_tools
+
+export PATH="$PATH:$buildtools/src"
+
+# Sync latest
+e d gclient sync --with_branch_heads --with_tags

.github/CODEOWNERS

@@ -4,7 +4,7 @@
 # https://git-scm.com/docs/gitignore
 
 # Upgrades WG
-/patches/                               @electron/wg-upgrades @electron/wg-security
+/patches/                               @electron/patch-owners
 DEPS                                    @electron/wg-upgrades
 
 # Releases WG

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,4 +1,5 @@
 #### Description of Change
+
 <!--
 Thank you for your Pull Request. Please provide a description above and review
 the requirements below.
@@ -12,7 +13,7 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 - [ ] PR description included and stakeholders cc'd
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
-- [ ] relevant documentation is changed or added
+- [ ] relevant documentation, tutorials, templates and examples are changed or added
 - [ ] [PR release notes](https://github.com/electron/clerk/blob/master/README.md) describe the change in a way relevant to app developers, and are [capitalized, punctuated, and past tense](https://github.com/electron/clerk/blob/master/README.md#examples).
 
 #### Release Notes

.github/semantic.yml

@@ -1,2 +0,0 @@
-# Always validate the PR title, and ignore the commits
-titleOnly: true

.github/workflows/electron_woa_testing.yml

@@ -10,6 +10,9 @@ on:
         type: text
         required: true
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   electron-woa-init:
     if: ${{ github.event_name == 'push' && github.repository == 'electron/electron' }}
@@ -26,7 +29,7 @@ jobs:
       checks: write
       pull-requests: write
     steps:
-    - uses: LouisBrunner/checks-action@v1.1.1
+    - uses: LouisBrunner/checks-action@442ad2296fb110373e3fe01c2a3717b546583631 # tag: v1.1.1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         name: electron-woa-testing
@@ -39,7 +42,7 @@ jobs:
         Remove-Item * -Recurse -Force
       shell: powershell
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag: v3
       with:
         path: src\electron
         fetch-depth: 0
@@ -117,21 +120,6 @@ jobs:
         MOCHA_MULTI_REPORTERS: 'mocha-junit-reporter, tap'
         MOCHA_REPORTER: mocha-multi-reporters
         ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
-    - name: Run Electron Remote based tests
-      if: ${{ success() || failure() }}
-      run: |
-        cd src
-        set npm_config_nodedir=%cd%\out\Default\gen\node_headers
-        set npm_config_arch=arm64
-        cd electron
-        node script/yarn test --runners=remote --enable-logging --disable-features=CalculateNativeWinOcclusion
-      env:
-        ELECTRON_OUT_DIR: Default
-        IGNORE_YARN_INSTALL_ERROR: 1
-        ELECTRON_TEST_RESULTS_DIR: junit
-        MOCHA_MULTI_REPORTERS: 'mocha-junit-reporter, tap'
-        MOCHA_REPORTER: mocha-multi-reporters
-        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
     - name: Verify ffmpeg
       run: |
         cd src
@@ -149,7 +137,7 @@ jobs:
       run: |
         Remove-Item -path $env:APPDATA/Electron* -Recurse -Force -ErrorAction Ignore
       shell: powershell
-    - uses: LouisBrunner/checks-action@v1.1.1
+    - uses: LouisBrunner/checks-action@442ad2296fb110373e3fe01c2a3717b546583631 # tag: v1.1.1
       if: ${{ success() }}
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
@@ -158,7 +146,7 @@ jobs:
         details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
         output: |
           {"summary":"${{ job.status }}","text_description":"See job details here: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}
-    - uses: LouisBrunner/checks-action@v1.1.1
+    - uses: LouisBrunner/checks-action@442ad2296fb110373e3fe01c2a3717b546583631 # tag: v1.1.1
       if: ${{ success() }}
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
@@ -167,7 +155,7 @@ jobs:
         details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
         output: |
           {"summary":"Job Succeeded","text_description":"See job details here: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}          
-    - uses: LouisBrunner/checks-action@v1.1.1
+    - uses: LouisBrunner/checks-action@442ad2296fb110373e3fe01c2a3717b546583631 # tag: v1.1.1
       if: ${{ ! success() }}
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
@@ -175,4 +163,4 @@ jobs:
         conclusion: "${{ job.status }}"
         details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
         output: |
-          {"summary":"Job Failed","text_description":"See job details here: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}                    
+          {"summary":"Job Failed","text_description":"See job details here: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}                    

.github/workflows/issue-labeled.yml

@@ -0,0 +1,30 @@
+name: Issue Labeled
+
+on:
+  issues:
+    types: [labeled]
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  issue-labeled:
+    permissions:
+      issues: write  # for actions-cool/issues-helper to update issues
+      pull-requests: write  # for actions-cool/issues-helper to update PRs
+    runs-on: ubuntu-latest
+    steps:
+      - name: blocked/need-repro
+        if: github.event.label.name == 'blocked/need-repro'
+        uses: actions-cool/issues-helper@dad28fdb88da5f082c04659b7373d85790f9b135 # v3.3.0
+        with:
+          actions: 'create-comment'
+          body: |
+            Hello @${{ github.event.issue.user.login }}. Thanks for reporting this and helping to make Electron better!
+
+            Would it be possible for you to make a standalone testcase with only the code necessary to reproduce the issue? For example, [Electron Fiddle](https://www.electronjs.org/fiddle) is a great tool for making small test cases and makes it easy to publish your test case to a [gist](https://gist.github.com) that Electron maintainers can use.
+
+            Stand-alone test cases make fixing issues go more smoothly: it ensure everyone's looking at the same issue, it removes all unnecessary variables from the equation, and it can also provide the basis for automated regression tests. 
+
+            Now adding the `blocked/need-repro` label for this reason. After you make a test case, please link to it in a followup comment. This issue will be closed in 10 days if the above is not addressed.
+  

.github/workflows/release_dependency_versions.yml

@@ -7,22 +7,25 @@ on:
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   check_tag:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag: v3
     - name: Check Tag
       run: |
-        if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.0\.0$ ]]; then
+        if [[ ${{ github.event.release.tag_name }} =~ ^v[0-9]+\.0\.0$ ]]; then
           echo ::set-output name=should_release::true
         fi
   trigger:
     runs-on: ubuntu-latest
     needs: check_tag
-    if: jobs.check_tag.outputs.should_release == 'true'
+    if: needs.check_tag.outputs.should_release == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag: v3
       - name: Trigger New chromedriver Release
         run: |
           gh api /repos/:owner/chromedriver/actions/workflows/release.yml/dispatches --input - <<< '{"ref":"main","inputs":{"version":"${{ github.event.release.tag_name }}"}}'

.github/workflows/scorecards.yml

@@ -0,0 +1,54 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '44 17 * * 0'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge.
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
+        with:
+          results_file: results.sarif
+          results_format: sarif
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
+        with:
+          sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@v4
+        uses: amannn/action-semantic-pull-request@505e44b4f33b4c801f063838b3f053990ee46ea7 # tag: v4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/stale.yml

@@ -0,0 +1,25 @@
+name: 'Close stale issues'
+on:
+  schedule:
+    # 1:30am every day
+    - cron: '30 1 * * *'
+
+permissions:
+  issues: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@3de2653986ebd134983c79fe2be5d45cc3d9f4e1
+        with:
+          days-before-stale: 90
+          days-before-close: 30
+          stale-issue-label: stale
+          operations-per-run: 1750
+          stale-issue-message: >
+            This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
+          close-issue-message: >
+            This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:"
+          only-pr-labels: not-a-real-label

.github/workflows/update_appveyor_image.yml

@@ -0,0 +1,62 @@
+name: Update AppVeyor Image
+
+# Run chron daily Mon-Fri
+on:
+  schedule:
+    - cron: '0 8 * * 1-5' # runs 8:00 every business day (see https://crontab.guru)
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  bake-appveyor-image:
+    name: Bake AppVeyor Image
+    permissions:
+      contents: write
+      pull-requests: write  # to create a new PR with updated Appveyor images
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Yarn install
+      run: |
+        node script/yarn.js install --frozen-lockfile
+    - name: Set Repo for Commit
+      run: git config --global --add safe.directory $GITHUB_WORKSPACE
+    - name: Check AppVeyor Image
+      env:
+        APPVEYOR_TOKEN: ${{ secrets.APPVEYOR_TOKEN }}
+      run: |
+        node ./script/prepare-appveyor
+        if [ -f ./image_version.txt ]; then
+          echo "APPVEYOR_IMAGE_VERSION="$(cat image_version.txt)"" >> $GITHUB_ENV
+          rm image_version.txt
+        fi
+    - name: (Optionally) Update Appveyor Image
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: mikefarah/yq@v4.27.2
+      with:
+        cmd: yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml"
+    - name: (Optionally) Generate Commit Diff
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        diff -w -B appveyor.yml appveyor2.yml > appveyor.diff || true
+        patch -f appveyor.yml < appveyor.diff
+        rm appveyor2.yml appveyor.diff
+    - name: (Optionally) Commit and Pull Request
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: peter-evans/create-pull-request@v4
+      with:
+        token: ${{ secrets.ACTIONS_GITHUB_TOKEN }}
+        commit-message: 'build: update appveyor image to latest version'
+        committer: GitHub <noreply@github.com>
+        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        signoff: false
+        branch: bump-appveyor-image
+        delete-branch: true
+        title: 'build: update appveyor image to latest version'
+        body: |
+          This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.

.gitignore

@@ -41,7 +41,7 @@ spec/.hash
 .eslintcache*
 
 # Generated native addon files
-/spec-main/fixtures/native-addon/echo/build/
+/spec/fixtures/native-addon/echo/build/
 
 # If someone runs tsc this is where stuff will end up
 ts-gen
@@ -53,4 +53,4 @@ ts-gen
 # Used to accelerate builds after sync
 patches/mtime-cache.json
 
-spec/fixtures/logo.png
+spec/fixtures/logo.png

.nvmrc

@@ -1 +1 @@
-14
+16

BUILD.gn

@@ -107,6 +107,14 @@ branding = read_file("shell/app/BRANDING.json", "json")
 electron_project_name = branding.project_name
 electron_product_name = branding.product_name
 electron_mac_bundle_id = branding.mac_bundle_id
+electron_version = exec_script("script/print-version.py",
+                               [],
+                               "trim string",
+                               [
+                                 ".git/packed-refs",
+                                 ".git/HEAD",
+                                 "script/lib/get-version.js",
+                               ])
 
 if (is_mas_build) {
   assert(is_mac,
@@ -202,6 +210,15 @@ webpack_build("electron_isolated_renderer_bundle") {
   out_file = "$target_gen_dir/js2c/isolated_bundle.js"
 }
 
+webpack_build("electron_utility_bundle") {
+  deps = [ ":build_electron_definitions" ]
+
+  inputs = auto_filenames.utility_bundle_deps
+
+  config_file = "//electron/build/webpack/webpack.config.utility.js"
+  out_file = "$target_gen_dir/js2c/utility_init.js"
+}
+
 action("electron_js2c") {
   deps = [
     ":electron_asar_bundle",
@@ -209,6 +226,7 @@ action("electron_js2c") {
     ":electron_isolated_renderer_bundle",
     ":electron_renderer_bundle",
     ":electron_sandboxed_renderer_bundle",
+    ":electron_utility_bundle",
     ":electron_worker_bundle",
   ]
 
@@ -218,6 +236,7 @@ action("electron_js2c") {
     "$target_gen_dir/js2c/isolated_bundle.js",
     "$target_gen_dir/js2c/renderer_init.js",
     "$target_gen_dir/js2c/sandbox_bundle.js",
+    "$target_gen_dir/js2c/utility_init.js",
     "$target_gen_dir/js2c/worker_init.js",
   ]
 
@@ -302,12 +321,9 @@ npm_action("electron_version_args") {
 
   outputs = [ "$target_gen_dir/electron_version.args" ]
 
-  args = rebase_path(outputs)
+  args = rebase_path(outputs) + [ "$electron_version" ]
 
-  inputs = [
-    "ELECTRON_VERSION",
-    "script/generate-version-json.js",
-  ]
+  inputs = [ "script/generate-version-json.js" ]
 }
 
 templated_file("electron_version_header") {
@@ -319,6 +335,39 @@ templated_file("electron_version_header") {
   args_files = get_target_outputs(":electron_version_args")
 }
 
+templated_file("electron_win_rc") {
+  deps = [ ":electron_version_args" ]
+
+  template = "build/templates/electron_rc.tmpl"
+  output = "$target_gen_dir/win-resources/electron.rc"
+
+  args_files = get_target_outputs(":electron_version_args")
+}
+
+copy("electron_win_resource_files") {
+  sources = [
+    "shell/browser/resources/win/electron.ico",
+    "shell/browser/resources/win/resource.h",
+  ]
+  outputs = [ "$target_gen_dir/win-resources/{{source_file_part}}" ]
+}
+
+templated_file("electron_version_file") {
+  deps = [ ":electron_version_args" ]
+
+  template = "build/templates/version_string.tmpl"
+  output = "$root_build_dir/version"
+
+  args_files = get_target_outputs(":electron_version_args")
+}
+
+group("electron_win32_resources") {
+  public_deps = [
+    ":electron_win_rc",
+    ":electron_win_resource_files",
+  ]
+}
+
 action("electron_fuses") {
   script = "build/fuses/build.py"
 
@@ -368,6 +417,7 @@ source_set("electron_lib") {
     "chromium_src:chrome",
     "chromium_src:chrome_spellchecker",
     "shell/common/api:mojo",
+    "shell/services/node/public/mojom",
     "//base:base_static",
     "//base/allocator:buildflags",
     "//chrome:strings",
@@ -404,9 +454,6 @@ source_set("electron_lib") {
     "//media/mojo/mojom",
     "//net:extras",
     "//net:net_resources",
-    "//ppapi/host",
-    "//ppapi/proxy",
-    "//ppapi/shared_impl",
     "//printing/buildflags",
     "//services/device/public/cpp/geolocation",
     "//services/device/public/cpp/hid",
@@ -465,6 +512,8 @@ source_set("electron_lib") {
     ]
   }
 
+  configs += [ "//electron/build/config:mas_build" ]
+
   sources = filenames.lib_sources
   if (is_win) {
     sources += filenames.lib_sources_win
@@ -493,13 +542,6 @@ source_set("electron_lib") {
     ]
   }
 
-  if (is_linux) {
-    deps += [
-      "//components/crash/content/browser",
-      "//ui/gtk:gtk_config",
-    ]
-  }
-
   if (is_mac) {
     deps += [
       "//components/remote_cocoa/app_shim",
@@ -533,7 +575,6 @@ source_set("electron_lib") {
     if (is_mas_build) {
       sources += [ "shell/browser/api/electron_api_app_mas.mm" ]
       sources -= [ "shell/browser/auto_updater_mac.mm" ]
-      defines += [ "MAS_BUILD" ]
       sources -= [
         "shell/app/electron_crash_reporter_client.cc",
         "shell/app/electron_crash_reporter_client.h",
@@ -562,11 +603,14 @@ source_set("electron_lib") {
       ":electron_gtk_stubs",
       ":libnotify_loader",
       "//build/config/linux/gtk",
+      "//components/crash/content/browser",
       "//dbus",
       "//device/bluetooth",
+      "//third_party/crashpad/crashpad/client",
       "//ui/base/ime/linux",
       "//ui/events/devices/x11",
       "//ui/events/platform/x11",
+      "//ui/gtk:gtk_config",
       "//ui/linux:linux_ui",
       "//ui/linux:linux_ui_factory",
       "//ui/views/controls/webview",
@@ -588,16 +632,8 @@ source_set("electron_lib") {
     sources += [
       "shell/browser/certificate_manager_model.cc",
       "shell/browser/certificate_manager_model.h",
-      "shell/browser/ui/gtk/app_indicator_icon.cc",
-      "shell/browser/ui/gtk/app_indicator_icon.h",
-      "shell/browser/ui/gtk/app_indicator_icon_menu.cc",
-      "shell/browser/ui/gtk/app_indicator_icon_menu.h",
-      "shell/browser/ui/gtk/gtk_status_icon.cc",
-      "shell/browser/ui/gtk/gtk_status_icon.h",
       "shell/browser/ui/gtk/menu_util.cc",
       "shell/browser/ui/gtk/menu_util.h",
-      "shell/browser/ui/gtk/status_icon.cc",
-      "shell/browser/ui/gtk/status_icon.h",
       "shell/browser/ui/gtk_util.cc",
       "shell/browser/ui/gtk_util.h",
     ]
@@ -620,11 +656,23 @@ source_set("electron_lib") {
   if (enable_plugins) {
     deps += [ "chromium_src:plugins" ]
     sources += [
+      "shell/common/plugin_info.cc",
+      "shell/common/plugin_info.h",
+      "shell/renderer/electron_renderer_pepper_host_factory.cc",
+      "shell/renderer/electron_renderer_pepper_host_factory.h",
       "shell/renderer/pepper_helper.cc",
       "shell/renderer/pepper_helper.h",
     ]
   }
 
+  if (enable_ppapi) {
+    deps += [
+      "//ppapi/host",
+      "//ppapi/proxy",
+      "//ppapi/shared_impl",
+    ]
+  }
+
   if (enable_run_as_node) {
     sources += [
       "shell/app/node_main.cc",
@@ -672,7 +720,7 @@ source_set("electron_lib") {
     ]
   }
 
-  if (enable_basic_printing) {
+  if (enable_printing) {
     sources += [
       "shell/browser/printing/print_view_manager_electron.cc",
       "shell/browser/printing/print_view_manager_electron.h",
@@ -698,7 +746,7 @@ source_set("electron_lib") {
       "//components/update_client:update_client",
       "//components/zoom",
       "//extensions/browser",
-      "//extensions/browser:core_api_provider",
+      "//extensions/browser/api:api_provider",
       "//extensions/browser/updater",
       "//extensions/common",
       "//extensions/common:core_api_provider",
@@ -750,7 +798,6 @@ if (is_mac) {
   electron_helper_name = "$electron_product_name Helper"
   electron_login_helper_name = "$electron_product_name Login Helper"
   electron_framework_version = "A"
-  electron_version = read_file("ELECTRON_VERSION", "trim string")
 
   mac_xib_bundle_data("electron_xibs") {
     sources = [ "shell/common/resources/mac/MainMenu.xib" ]
@@ -923,6 +970,7 @@ if (is_mac) {
         deps += [ "//sandbox/mac:seatbelt" ]
       }
       defines = [ "HELPER_EXECUTABLE" ]
+      extra_configs = [ "//electron/build/config:mas_build" ]
       sources = [
         "shell/app/electron_main_mac.cc",
         "shell/app/uv_stdio_fix.cc",
@@ -1093,6 +1141,7 @@ if (is_mac) {
       "-rpath",
       "@executable_path/../Frameworks",
     ]
+    extra_configs = [ "//electron/build/config:mas_build" ]
   }
 
   if (enable_dsyms) {
@@ -1191,6 +1240,7 @@ if (is_mac) {
       ":default_app_asar",
       ":electron_app_manifest",
       ":electron_lib",
+      ":electron_win32_resources",
       ":packed_resources",
       "//components/crash/core/app",
       "//content:sandbox_helper_win",
@@ -1224,8 +1274,7 @@ if (is_mac) {
 
     if (is_win) {
       sources += [
-        # TODO: we should be generating our .rc files more like how chrome does
-        "shell/browser/resources/win/electron.rc",
+        "$target_gen_dir/win-resources/electron.rc",
         "shell/browser/resources/win/resource.h",
       ]
 
@@ -1407,15 +1456,10 @@ group("licenses") {
   ]
 }
 
-copy("electron_version") {
-  sources = [ "ELECTRON_VERSION" ]
-  outputs = [ "$root_build_dir/version" ]
-}
-
 dist_zip("electron_dist_zip") {
   data_deps = [
     ":electron_app",
-    ":electron_version",
+    ":electron_version_file",
     ":licenses",
   ]
   if (is_linux) {
@@ -1433,7 +1477,7 @@ dist_zip("electron_ffmpeg_zip") {
 
 electron_chromedriver_deps = [
   ":licenses",
-  "//chrome/test/chromedriver",
+  "//chrome/test/chromedriver:chromedriver_server",
   "//electron/buildflags",
 ]
 

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '105.0.5187.0',
+    '110.0.5451.0',
   'node_version':
-    'v16.16.0',
+    'v18.12.1',
   'nan_version':
     '16fa32231e2ccd89d2804b3f765319128b20c4ac',
   'squirrel.mac_version':

ELECTRON_VERSION

@@ -1 +0,0 @@
-21.0.0-nightly.20220803

README.md

@@ -5,14 +5,14 @@
 [![Electron Discord Invite](https://img.shields.io/discord/745037351163527189?color=%237289DA&label=chat&logo=discord&logoColor=white)](https://discord.gg/electronjs)
 
 :memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪.
-View these docs in other languages at [electron/i18n](https://github.com/electron/i18n/tree/master/content/).
+View these docs in other languages on our [Crowdin](https://crowdin.com/project/electron) project.
 
 The Electron framework lets you write cross-platform desktop applications
 using JavaScript, HTML and CSS. It is based on [Node.js](https://nodejs.org/) and
 [Chromium](https://www.chromium.org) and is used by the [Atom
 editor](https://github.com/atom/atom) and many other [apps](https://electronjs.org/apps).
 
-Follow [@ElectronJS](https://twitter.com/electronjs) on Twitter for important
+Follow [@electronjs](https://twitter.com/electronjs) on Twitter for important
 announcements.
 
 This project adheres to the Contributor Covenant
@@ -38,8 +38,8 @@ For more installation options and troubleshooting tips, see
 
 Each Electron release provides binaries for macOS, Windows, and Linux.
 
-* macOS (El Capitan and up): Electron provides 64-bit Intel and ARM binaries for macOS. Apple Silicon support was added in Electron 11.
-* Windows (Windows 7 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8.
+* macOS (High Sierra and up): Electron provides 64-bit Intel and ARM binaries for macOS. Apple Silicon support was added in Electron 11.
+* Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7 and 8 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
 * Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
   * Ubuntu 14.04 and newer
   * Fedora 24 and newer

SECURITY.md

@@ -2,7 +2,7 @@
 
 The Electron team and community take security bugs in Electron seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
 
-To report a security issue, email [security@electronjs.org](mailto:security@electronjs.org) and include the word "SECURITY" in the subject line.
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/electron/electron/security/advisories/new) tab.
 
 The Electron team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
 

appveyor-bake.yml

@@ -0,0 +1,52 @@
+# The config is used to bake appveyor images, not for running CI jobs.
+# The config expects the following environment variables to be set:
+#  - "APPVEYOR_BAKE_IMAGE" e.g. 'electron-99.0.4767.0'. Name of the image to be baked.
+#      Typically named after the Chromium version on which the image is built.
+#      This can be set dynamically in the prepare-appveyor script.
+
+version: 1.0.{build}
+build_cloud: electronhq-16-core
+image: Windows_Default_Appveyor
+environment:
+  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
+  ELECTRON_OUT_DIR: Default
+  ELECTRON_ENABLE_STACK_DUMPING: 1
+  MOCHA_REPORTER: mocha-multi-reporters
+  MOCHA_MULTI_REPORTERS: mocha-appveyor-reporter, tap
+  GOMA_FALLBACK_ON_AUTH_FAILURE: true
+  DEPOT_TOOLS_WIN_TOOLCHAIN: 0
+  PYTHONIOENCODING: UTF-8
+build_script:
+  - ps: Resize-Partition -DriveLetter C -Size (256GB) # ensure initial partition size
+  - ps: Get-Partition -DriveLetter C
+  - git config --global core.longpaths true
+  - cd ..
+  - mkdir src
+  - ps: git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git  
+  - ps: $env:PATH="$pwd\depot_tools;$env:PATH"  
+  - update_depot_tools.bat
+  - ps: Move-Item $env:APPVEYOR_BUILD_FOLDER -Destination src\electron
+  - src\electron\script\setup-win-for-dev.bat
+  - >-
+      gclient config
+      --name "src\electron"
+      --unmanaged
+      %GCLIENT_EXTRA_ARGS%
+      "https://github.com/electron/electron"
+  - ps: cd src\electron
+  - ps: node script\generate-deps-hash.js
+  - ps: $depshash = Get-Content .\.depshash -Raw
+  - ps: Copy-Item -path .\.depshash -destination ..\.depshash
+  - ps: cd ..\..
+  - gclient sync --with_branch_heads --with_tags --nohooks
+  - ps: regsvr32 /s "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\DIA SDK\bin\amd64\msdia140.dll"
+on_image_bake:
+  - ps: >-
+      echo "Baking image: $env:APPVEYOR_BAKE_IMAGE at dir $PWD"
+  - ps: Remove-Item -Recurse -Force $pwd\depot_tools
+  - ps: Remove-Item -Recurse -Force $pwd\src\electron
+# Uncomment these lines to enable RDP
+#on_finish:
+#  - ps: >-
+#       $env:APPVEYOR_RDP_PASSWORD = "electron"
+#       $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))

appveyor.yml

@@ -24,223 +24,260 @@
 # https://www.appveyor.com/docs/build-configuration/#custom-environment-variables
 
 version: 1.0.{build}
-build_cloud: electron-16-core
-image: vs2019bt-16.16.11
+build_cloud: electronhq-16-core
+image: e-110.0.5415.0-fix
 environment:
-  GIT_CACHE_PATH: C:\Users\electron\libcc_cache
+  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
   ELECTRON_OUT_DIR: Default
   ELECTRON_ENABLE_STACK_DUMPING: 1
   ELECTRON_ALSO_LOG_TO_STDERR: 1
   MOCHA_REPORTER: mocha-multi-reporters
   MOCHA_MULTI_REPORTERS: mocha-appveyor-reporter, tap
   GOMA_FALLBACK_ON_AUTH_FAILURE: true
-build_script:
-  - ps: >-
-      if(($env:APPVEYOR_PULL_REQUEST_HEAD_REPO_NAME -split "/")[0] -eq ($env:APPVEYOR_REPO_NAME -split "/")[0]) {
-        Write-warning "Skipping PR build for branch"; Exit-AppveyorBuild
-      } else {
-        node script/yarn.js install --frozen-lockfile
+  DEPOT_TOOLS_WIN_TOOLCHAIN: 0
+  PYTHONIOENCODING: UTF-8
 
-        $result = node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
-        Write-Output $result
-        if ($result.ExitCode -eq 0) {
-          Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
-        }
-      }
-  - echo "Building $env:GN_CONFIG build"
-  - git config --global core.longpaths true
-  - cd ..
-  - mkdir src
-  - update_depot_tools.bat
-  - ps: Move-Item $env:APPVEYOR_BUILD_FOLDER -Destination src\electron
-  - ps: >-
-      if (Test-Path 'env:RAW_GOMA_AUTH') {
-        $env:GOMA_OAUTH2_CONFIG_FILE = "$pwd\.goma_oauth2_config"
-        $env:RAW_GOMA_AUTH | Set-Content $env:GOMA_OAUTH2_CONFIG_FILE
-      }
-  - git clone https://github.com/electron/build-tools.git
-  - cd build-tools
-  - npm install
-  - mkdir third_party
-  - ps: >-
-      node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
-  - ps: $env:GN_GOMA_FILE = node -e "console.log(require('./src/utils/goma.js').gnFilePath)"
-  - ps: $env:LOCAL_GOMA_DIR = node -e "console.log(require('./src/utils/goma.js').dir)"
-  - cd ..
-  - ps: .\src\electron\script\start-goma.ps1 -gomaDir $env:LOCAL_GOMA_DIR
-  - ps: >-
-      if (Test-Path 'env:RAW_GOMA_AUTH') {
-        $goma_login = python $env:LOCAL_GOMA_DIR\goma_auth.py info
-        if ($goma_login -eq 'Login as Fermi Planck') {
-          Write-warning "Goma authentication is correct";
-        } else {
-          Write-warning "WARNING!!!!!! Goma authentication is incorrect; please update Goma auth token.";
-          $host.SetShouldExit(1)
-        }
-      }
-  - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
-  - ps: >-
-      if ($env:GN_CONFIG -ne 'release') {
-        $env:NINJA_STATUS="[%r processes, %f/%t @ %o/s : %es] "
-      }
-  - >-
-      gclient config
-      --name "src\electron"
-      --unmanaged
-      %GCLIENT_EXTRA_ARGS%
-      "https://github.com/electron/electron"
-  - ps: >-
-      if ($env:GN_CONFIG -eq 'release') {
-        $env:RUN_GCLIENT_SYNC="true"
-      } else {
-        cd src\electron
-        node script\generate-deps-hash.js
-        $depshash = Get-Content .\.depshash -Raw 
-        $zipfile = "Z:\$depshash.7z"
-        cd ..\..
-        if (Test-Path -Path $zipfile) {
-          # file exists, unzip and then gclient sync
-          7z x -y $zipfile -mmt=30 -aoa
-          if (-not (Test-Path -Path "src\buildtools")) {
-            # the zip file must be corrupt - resync
-            $env:RUN_GCLIENT_SYNC="true"
-            if ($env:TARGET_ARCH -ne 'ia32') {
-              # only save on x64/woa to avoid contention saving
-              $env:SAVE_GCLIENT_SRC="true"
+  matrix:
+
+    - job_name: Build
+    - job_name: Test
+      job_depends_on: Build
+
+clone_folder: C:\projects\src\electron
+
+# the first failed job cancels other jobs and fails entire build
+matrix:
+  fast_finish: true
+
+for:
+
+  - matrix:
+      only:
+        - job_name: Build
+
+    init:
+      - ps: >-
+          if(($env:APPVEYOR_PULL_REQUEST_HEAD_REPO_NAME -split "/")[0] -eq ($env:APPVEYOR_REPO_NAME -split "/")[0]) {
+            Write-warning "Skipping PR build for branch"; Exit-AppveyorBuild
+          }
+
+    build_script:
+      - ps: |
+          node script/yarn.js install --frozen-lockfile
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          if ($LASTEXITCODE -eq 0) {
+            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+          }
+          $global:LASTEXITCODE = 0
+      - cd ..
+      - ps: Write-Host "Building $env:GN_CONFIG build"
+      - git config --global core.longpaths true
+      - ps: >-
+          if (Test-Path -Path "$pwd\depot_tools") {
+            Remove-Item -Recurse -Force $pwd\depot_tools
+          }
+      - ps: >-
+          if (Test-Path -Path "$pwd\build-tools") {
+            Remove-Item -Recurse -Force $pwd\build-tools
+          }
+      - ps: git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+      - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
+      - ps: >-
+          if (Test-Path -Path "$pwd\src\electron") {
+            Remove-Item -Recurse -Force $pwd\src\electron
+          }
+      - ps: >-
+          if (Test-Path 'env:RAW_GOMA_AUTH') {
+            $env:GOMA_OAUTH2_CONFIG_FILE = "$pwd\.goma_oauth2_config"
+            $env:RAW_GOMA_AUTH | Set-Content $env:GOMA_OAUTH2_CONFIG_FILE
+          }
+      - git clone https://github.com/electron/build-tools.git
+      - cd build-tools
+      - npm install
+      - mkdir third_party
+      - ps: >-
+          node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
+      - ps: $env:GN_GOMA_FILE = node -e "console.log(require('./src/utils/goma.js').gnFilePath)"
+      - ps: $env:LOCAL_GOMA_DIR = node -e "console.log(require('./src/utils/goma.js').dir)"
+      - cd ..\..
+      - ps: .\src\electron\script\start-goma.ps1 -gomaDir $env:LOCAL_GOMA_DIR
+      - ps: >-
+          if (Test-Path 'env:RAW_GOMA_AUTH') {
+            $goma_login = python $env:LOCAL_GOMA_DIR\goma_auth.py info
+            if ($goma_login -eq 'Login as Fermi Planck') {
+              Write-warning "Goma authentication is correct";
+            } else {
+              Write-warning "WARNING!!!!!! Goma authentication is incorrect; please update Goma auth token.";
+              $host.SetShouldExit(1)
             }
+          }
+      - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
+      - ps: >-
+          if ($env:GN_CONFIG -ne 'release') {
+            $env:NINJA_STATUS="[%r processes, %f/%t @ %o/s : %es] "
+          }
+      - gclient config --name "src\electron" --unmanaged %GCLIENT_EXTRA_ARGS% "https://github.com/electron/electron"
+      # Patches are applied in the image bake. Check depshash to see if patches have changed. 
+      - ps: $env:RUN_GCLIENT_SYNC="false"
+      - ps: $depshash_baked = Get-Content .\src\.depshash -Raw
+      - ps: cd src\electron
+      - ps: node script\generate-deps-hash.js
+      - ps: $depshash = Get-Content .\.depshash -Raw
+      - ps: cd ..\..
+      - ps: >-
+          if ($depshash_baked -ne $depshash) {
+            $env:RUN_GCLIENT_SYNC="true"
+          }
+      - if "%RUN_GCLIENT_SYNC%"=="true" ( gclient sync --with_branch_heads --with_tags ) else ( gclient runhooks )
+      - cd src
+      - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn
+      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") import(\"%GN_GOMA_FILE%\") %GN_EXTRA_ARGS% "
+      - gn check out/Default //electron:electron_lib
+      - gn check out/Default //electron:electron_app
+      - gn check out/Default //electron/shell/common/api:mojo
+      - if DEFINED GN_GOMA_FILE (ninja -j 300 -C out/Default electron:electron_app) else (ninja -C out/Default electron:electron_app)
+      - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
+      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") %GN_EXTRA_ARGS%"
+      - ninja -C out/ffmpeg electron:electron_ffmpeg_zip
+      - ninja -C out/Default electron:electron_dist_zip
+      - ninja -C out/Default shell_browser_ui_unittests
+      - gn desc out/Default v8:run_mksnapshot_default args > out/Default/default_mksnapshot_args
+      # Remove unused args from mksnapshot_args
+      - ps: >-
+          Get-Content out/Default/default_mksnapshot_args | Where-Object { -not $_.Contains('--turbo-profiling-input') -And -not $_.Contains('builtins-pgo') } | Set-Content out/Default/mksnapshot_args
+      - ninja -C out/Default electron:electron_mksnapshot_zip
+      - cd out\Default
+      - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
+      - cd ..\..
+      - ninja -C out/Default electron:hunspell_dictionaries_zip
+      - ninja -C out/Default electron:electron_chromedriver_zip
+      - ninja -C out/Default third_party/electron_node:headers
+      - python %LOCAL_GOMA_DIR%\goma_ctl.py stat
+      - ps: >-
+          Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
+      - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
+      - 7z a node_headers.zip out\Default\gen\node_headers
+      - ps: >-
+          if ($env:GN_CONFIG -eq 'release') {
+            # Needed for msdia140.dll on 64-bit windows
+            $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
+            ninja -C out/Default electron:electron_symbols
+          }
+      - ps: >-
+          if ($env:GN_CONFIG -eq 'release') {
+            python3 electron\script\zip-symbols.py
+            appveyor-retry appveyor PushArtifact out/Default/symbols.zip
           } else {
-            # update angle
-            cd src\third_party\angle
-            git remote set-url origin  https://chromium.googlesource.com/angle/angle.git
-            git fetch
-            cd ..\..\..
+            # It's useful to have pdb files when debugging testing builds that are
+            # built on CI.
+            7z a pdb.zip out\Default\*.pdb
           }
-        } else {    
-          # file does not exist, gclient sync, then zip
-          $env:RUN_GCLIENT_SYNC="true"
-          if ($env:TARGET_ARCH -ne 'ia32') {
-            # only save on x64/woa to avoid contention saving
-            $env:SAVE_GCLIENT_SRC="true"
-          }
-        }
-      }
-  - if "%RUN_GCLIENT_SYNC%"=="true" ( gclient sync )
-  - ps: >-
-      if ($env:SAVE_GCLIENT_SRC -eq 'true') {
-        # archive current source for future use 
-        # only run on x64/woa to avoid contention saving
-        $(7z a $zipfile src -xr!android_webview -xr!electron -xr'!*\.git' -xr!third_party\WebKit\LayoutTests! -xr!third_party\blink\web_tests -xr!third_party\blink\perf_tests -slp -t7z -mmt=30)
-        if ($LASTEXITCODE -ne 0) {
-          Write-warning "Could not save source to shared drive; continuing anyway"
-        }
-        # build time generation of file gen/angle/angle_commit.h depends on
-        # third_party/angle/.git
-        # https://chromium-review.googlesource.com/c/angle/angle/+/2074924       
-        $(7z a $zipfile src\third_party\angle\.git)
-        if ($LASTEXITCODE -ne 0) {
-          Write-warning "Failed to add third_party\angle\.git; continuing anyway"
-        }
-        # build time generation of file dawn/common/Version_autogen.h depends on third_party/dawn/.git/HEAD
-        # https://dawn-review.googlesource.com/c/dawn/+/83901        
-        $(7z a $zipfile src\third_party\dawn\.git)
-        if ($LASTEXITCODE -ne 0) {
-          Write-warning "Failed to add third_party\dawn\.git; continuing anyway"
-        }
-      }
-  - cd src
-  - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn 
-  - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") import(\"%GN_GOMA_FILE%\") %GN_EXTRA_ARGS% "
-  - gn check out/Default //electron:electron_lib
-  - gn check out/Default //electron:electron_app
-  - gn check out/Default //electron/shell/common/api:mojo
-  - if DEFINED GN_GOMA_FILE (ninja -j 300 -C out/Default electron:electron_app) else (ninja -C out/Default electron:electron_app)
-  - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
-  - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") %GN_EXTRA_ARGS%"
-  - ninja -C out/ffmpeg electron:electron_ffmpeg_zip
-  - ninja -C out/Default electron:electron_dist_zip
-  - ninja -C out/Default shell_browser_ui_unittests
-  - gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
-  - ninja -C out/Default electron:electron_mksnapshot_zip
-  - cd out\Default
-  - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
-  - cd ..\..
-  - ninja -C out/Default electron:hunspell_dictionaries_zip
-  - ninja -C out/Default electron:electron_chromedriver_zip
-  - ninja -C out/Default third_party/electron_node:headers
-  - python %LOCAL_GOMA_DIR%\goma_ctl.py stat
-  - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
-  - 7z a node_headers.zip out\Default\gen\node_headers
-  - ps: >-
-      if ($env:GN_CONFIG -eq 'release') {
-        # Needed for msdia140.dll on 64-bit windows
-        $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-        ninja -C out/Default electron:electron_symbols
-      }
-  - ps: >-
-      if ($env:GN_CONFIG -eq 'release') {
-        python electron\script\zip-symbols.py
-        appveyor-retry appveyor PushArtifact out/Default/symbols.zip
-      } else {
-        # It's useful to have pdb files when debugging testing builds that are
-        # built on CI.
-        7z a pdb.zip out\Default\*.pdb
-      }
-  - python electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.win.%TARGET_ARCH%.manifest
-test_script:
-  # Workaround for https://github.com/appveyor/ci/issues/2420
-  - set "PATH=%PATH%;C:\Program Files\Git\mingw64\libexec\git-core"
-  - ps: >-
-      if ((-Not (Test-Path Env:\TEST_WOA)) -And (-Not (Test-Path Env:\ELECTRON_RELEASE)) -And ($env:GN_CONFIG -in "testing", "release")) {
-        $env:RUN_TESTS="true"
-      }
-  - ps: >-
-      if ($env:RUN_TESTS -eq 'true') {
-        New-Item .\out\Default\gen\node_headers\Release -Type directory
-        Copy-Item -path .\out\Default\electron.lib -destination .\out\Default\gen\node_headers\Release\node.lib
-      } else {
-        echo "Skipping tests for $env:GN_CONFIG build"
-      }
-  - cd electron
-  - if "%RUN_TESTS%"=="true" ( echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging=file --log-file=%cd%\electron.log )
-  - if "%RUN_TESTS%"=="true" ( echo Running remote test suite & node script/yarn test -- --trace-uncaught --runners=remote --runTestFilesSeparately --enable-logging=file --log-file=%cd%\electron.log )
-  - if "%RUN_TESTS%"=="true" ( echo Running native test suite & node script/yarn test -- --trace-uncaught --runners=native --enable-logging=file --log-file=%cd%\electron.log )  
-  - cd ..
-  - if "%RUN_TESTS%"=="true" ( echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg )
-  - echo "About to verify mksnapshot"
-  - if "%RUN_TESTS%"=="true" ( echo Verifying mksnapshot & python electron\script\verify-mksnapshot.py --build-dir out\Default --source-root %cd% )
-  - echo "Done verifying mksnapshot"
-  - if "%RUN_TESTS%"=="true" ( echo Verifying chromedriver & python electron\script\verify-chromedriver.py --build-dir out\Default --source-root %cd% )
-  - echo "Done verifying chromedriver"
-deploy_script:
-  - cd electron
-  - ps: >-
-      if (Test-Path Env:\ELECTRON_RELEASE) {
-        if (Test-Path Env:\UPLOAD_TO_STORAGE) {
-          Write-Output "Uploading Electron release distribution to azure"
-          & python script\release\uploaders\upload.py --verbose --upload_to_storage
-        } else {
-          Write-Output "Uploading Electron release distribution to github releases"
-          & python script\release\uploaders\upload.py --verbose
-        }
-      } elseif (Test-Path Env:\TEST_WOA) {
-        node script/release/ci-release-build.js --job=electron-woa-testing --ci=GHA --appveyorJobId=$env:APPVEYOR_JOB_ID $env:APPVEYOR_REPO_BRANCH
-      }
-on_finish:
-  # Uncomment this lines to enable RDP
-  #- ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-  - cd ..
-  - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
-  - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
-  - if exist out\Default\shell_browser_ui_unittests.exe (appveyor-retry appveyor PushArtifact out\Default\shell_browser_ui_unittests.exe)
-  - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
-  - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
-  - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
-  - if exist out\Default\mksnapshot.zip (appveyor-retry appveyor PushArtifact out\Default\mksnapshot.zip)
-  - if exist out\Default\hunspell_dictionaries.zip (appveyor-retry appveyor PushArtifact out\Default\hunspell_dictionaries.zip)
-  - if exist out\Default\electron.lib (appveyor-retry appveyor PushArtifact out\Default\electron.lib)
-  - ps: >-
-      if ((Test-Path "pdb.zip") -And ($env:GN_CONFIG -ne 'release')) {
-        appveyor-retry appveyor PushArtifact pdb.zip
-      }
+      - python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.win.%TARGET_ARCH%.manifest
 
-  - if exist electron\electron.log ( appveyor-retry appveyor PushArtifact electron\electron.log )
+    deploy_script:
+      - cd electron
+      - ps: >-
+          if (Test-Path Env:\ELECTRON_RELEASE) {
+            if (Test-Path Env:\UPLOAD_TO_STORAGE) {
+              Write-Output "Uploading Electron release distribution to azure"
+              & python3 script\release\uploaders\upload.py --verbose --upload_to_storage
+            } else {
+              Write-Output "Uploading Electron release distribution to github releases"
+              & python3 script\release\uploaders\upload.py --verbose
+            }
+          } elseif (Test-Path Env:\TEST_WOA) {
+            node script/release/ci-release-build.js --job=electron-woa-testing --ci=GHA --appveyorJobId=$env:APPVEYOR_JOB_ID $env:APPVEYOR_REPO_BRANCH
+          }
+    on_finish:
+      # Uncomment this lines to enable RDP
+      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+      - cd C:\projects\src
+      - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
+      - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
+      - if exist out\Default\shell_browser_ui_unittests.exe (appveyor-retry appveyor PushArtifact out\Default\shell_browser_ui_unittests.exe)
+      - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
+      - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
+      - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
+      - if exist out\Default\mksnapshot.zip (appveyor-retry appveyor PushArtifact out\Default\mksnapshot.zip)
+      - if exist out\Default\hunspell_dictionaries.zip (appveyor-retry appveyor PushArtifact out\Default\hunspell_dictionaries.zip)
+      - if exist out\Default\electron.lib (appveyor-retry appveyor PushArtifact out\Default\electron.lib)
+      - ps: >-
+          if ((Test-Path "pdb.zip") -And ($env:GN_CONFIG -ne 'release')) {
+            appveyor-retry appveyor PushArtifact pdb.zip
+          }
+  - matrix:
+      only:
+        - job_name: Test
+
+    init:
+      - ps: |
+          if ($env:RUN_TESTS -ne 'true') {
+            Write-warning "Skipping tests for $env:APPVEYOR_PROJECT_NAME"; Exit-AppveyorBuild
+          }
+          if(($env:APPVEYOR_PULL_REQUEST_HEAD_REPO_NAME -split "/")[0] -eq ($env:APPVEYOR_REPO_NAME -split "/")[0]) {
+            Write-warning "Skipping PR build for branch"; Exit-AppveyorBuild
+          }
+    build_script:
+      - ps: |
+          node script/yarn.js install --frozen-lockfile
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          if ($LASTEXITCODE -eq 0) {
+            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+          }
+          $global:LASTEXITCODE = 0
+      - cd ..
+      - mkdir out\Default
+      - cd ..
+      - ps: |
+          # Download build artifacts
+          $apiUrl = 'https://ci.appveyor.com/api'
+          $build_info = Invoke-RestMethod -Method Get -Uri "$apiUrl/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/builds/$env:APPVEYOR_BUILD_ID"
+          $artifacts_to_download = @('dist.zip','shell_browser_ui_unittests.exe','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib')
+          foreach ($job in $build_info.build.jobs) {
+            if ($job.name -eq "Build") {
+              $jobId = $job.jobId
+              foreach($artifact_name in $artifacts_to_download) {
+                if ($artifact_name -eq 'shell_browser_ui_unittests.exe' -Or $artifact_name -eq 'electron.lib') {
+                  $outfile = "src\out\Default\$artifact_name"
+                } else {
+                  $outfile = $artifact_name
+                }
+                Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/$artifact_name" -OutFile $outfile
+              }
+            }
+          }
+      - ps: |
+          $out_default_zips = @('dist.zip','chromedriver.zip','mksnapshot.zip')
+          foreach($zip_name in $out_default_zips) {
+            7z x -y -osrc\out\Default $zip_name
+          }
+      - ps: 7z x -y -osrc\out\ffmpeg ffmpeg.zip
+      - ps: 7z x -y -osrc node_headers.zip
+
+    test_script:
+      # Workaround for https://github.com/appveyor/ci/issues/2420
+      - set "PATH=%PATH%;C:\Program Files\Git\mingw64\libexec\git-core"
+      - ps: |
+          cd src
+          New-Item .\out\Default\gen\node_headers\Release -Type directory
+          Copy-Item -path .\out\Default\electron.lib -destination .\out\Default\gen\node_headers\Release\node.lib
+      - cd electron
+      # Explicitly set npm_config_arch because the .env doesn't persist
+      - ps: >-
+          if ($env:TARGET_ARCH -eq 'ia32') {
+            $env:npm_config_arch = "ia32"
+          }
+      - echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging=file --log-file=%cd%\electron.log
+      - echo Running native test suite & node script/yarn test -- --trace-uncaught --runners=native --enable-logging=file --log-file=%cd%\electron.log
+      - cd ..
+      - echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg
+      - echo "About to verify mksnapshot"
+      - echo Verifying mksnapshot & python electron\script\verify-mksnapshot.py --build-dir out\Default --source-root %cd%
+      - echo "Done verifying mksnapshot"
+      - echo Verifying chromedriver & python electron\script\verify-chromedriver.py --build-dir out\Default --source-root %cd%
+      - echo "Done verifying chromedriver"
+
+    # Uncomment these lines to enable RDP
+    # on_finish:
+      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+      - if exist electron\electron.log ( appveyor-retry appveyor PushArtifact electron\electron.log )

build/args/all.gn

@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 
 # Registry of NMVs --> https://github.com/nodejs/node/blob/master/doc/abi_version_registry.json
-node_module_version = 109
+node_module_version = 113
 
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -20,7 +20,7 @@ enable_cdm_host_verification = false
 proprietary_codecs = true
 ffmpeg_branding = "Chrome"
 
-enable_basic_printing = true
+enable_printing = true
 
 # Removes DLLs from the build, which are only meant to be used for Chromium development.
 # See https://github.com/electron/electron/pull/17985
@@ -45,3 +45,6 @@ enable_cet_shadow_stack = false
 # V8 in the browser process.
 # Ref: https://source.chromium.org/chromium/chromium/src/+/45fba672185aae233e75d6ddc81ea1e0b30db050:v8/BUILD.gn;l=281
 is_cfi = false
+
+# TODO: fix this once sysroots have been updated.
+use_qt = false

build/args/native_tests.gn

@@ -1,4 +1,4 @@
-root_extra_deps = [ "//electron/spec" ]
+root_extra_deps = [ "//electron/spec-chromium:spec" ]
 
 dcheck_always_on = true
 is_debug = false

build/config/BUILD.gn

@@ -1,6 +1,8 @@
 # For MAS build, we force defining "MAS_BUILD".
 config("mas_build") {
   if (is_mas_build) {
-    defines = [ "MAS_BUILD" ]
+    defines = [ "IS_MAS_BUILD()=1" ]
+  } else {
+    defines = [ "IS_MAS_BUILD()=0" ]
   }
 }

build/fuses/fuses.json5

@@ -7,5 +7,6 @@
   "node_options": "1",
   "node_cli_inspect": "1",
   "embedded_asar_integrity_validation": "0",
-  "only_load_app_from_asar": "0"
+  "only_load_app_from_asar": "0",
+  "load_browser_process_specific_v8_snapshot": "0"
 }

build/profile_toolchain.py

@@ -5,8 +5,6 @@ import sys
 import os
 import optparse
 import json
-import re
-import subprocess
 
 sys.path.append("%s/../../build" % os.path.dirname(os.path.realpath(__file__)))
 
@@ -36,56 +34,10 @@ def calculate_hash(root):
         return CalculateHash('.', None)
 
 def windows_installed_software():
-    powershell_command = [
-        "Get-CimInstance",
-        "-Namespace",
-        "root\cimv2",
-        "-Class",
-        "Win32_product",
-        "|",
-        "Select",
-        "vendor,",
-        "description,",
-        "@{l='install_location';e='InstallLocation'},",
-        "@{l='install_date';e='InstallDate'},",
-        "@{l='install_date_2';e='InstallDate2'},",
-        "caption,",
-        "version,",
-        "name,",
-        "@{l='sku_number';e='SKUNumber'}",
-        "|",
-        "ConvertTo-Json",
-    ]
-
-    proc = subprocess.Popen(
-        ["powershell.exe", "-Command", "-"],
-        stdin=subprocess.PIPE,
-        stdout=subprocess.PIPE,
-    )
-
-    stdout, _ = proc.communicate(" ".join(powershell_command).encode("utf-8"))
-
-    if proc.returncode != 0:
-        raise RuntimeError("Failed to get list of installed software")
-
-    # On AppVeyor there's other output related to PSReadline,
-    # so grab only the JSON output and ignore everything else
-    json_match = re.match(
-        r".*(\[.*{.*}.*\]).*", stdout.decode("utf-8"), re.DOTALL
-    )
-
-    if not json_match:
-        raise RuntimeError(
-            "Couldn't find JSON output for list of installed software"
-        )
-
-    # Filter out missing keys
-    return list(
-        map(
-            lambda info: {k: info[k] for k in info if info[k]},
-            json.loads(json_match.group(1)),
-        )
-    )
+    # file_path = os.path.join(os.getcwd(), 'installed_software.json')
+    # return json.loads(open('installed_software.json').read().decode('utf-8'))
+    f = open('installed_software.json', encoding='utf-8-sig')
+    return json.load(f)
 
 
 def windows_profile():

build/templates/electron_rc.tmpl

@@ -50,8 +50,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 21,0,0,20220803
- PRODUCTVERSION 21,0,0,20220803
+ FILEVERSION $major,$minor,$patch,$prerelease_number
+ PRODUCTVERSION $major,$minor,$patch,$prerelease_number
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -68,12 +68,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "GitHub, Inc."
             VALUE "FileDescription", "Electron"
-            VALUE "FileVersion", "21.0.0"
+            VALUE "FileVersion", "$major.$minor.$patch"
             VALUE "InternalName", "electron.exe"
             VALUE "LegalCopyright", "Copyright (C) 2015 GitHub, Inc. All rights reserved."
             VALUE "OriginalFilename", "electron.exe"
             VALUE "ProductName", "Electron"
-            VALUE "ProductVersion", "21.0.0"
+            VALUE "ProductVersion", "$major.$minor.$patch"
             VALUE "SquirrelAwareVersion", "1"
         END
     END

build/templates/version_string.tmpl

@@ -0,0 +1 @@
+$full_version

build/webpack/webpack.config.base.js

@@ -75,9 +75,17 @@ module.exports = ({
 
     if (targetDeletesNodeGlobals) {
       plugins.push(new webpack.ProvidePlugin({
-        process: ['@electron/internal/common/webpack-provider', 'process'],
+        Buffer: ['@electron/internal/common/webpack-provider', 'Buffer'],
         global: ['@electron/internal/common/webpack-provider', '_global'],
-        Buffer: ['@electron/internal/common/webpack-provider', 'Buffer']
+        process: ['@electron/internal/common/webpack-provider', 'process']
+      }));
+    }
+
+    // Webpack 5 no longer polyfills process or Buffer.
+    if (!alwaysHasNode) {
+      plugins.push(new webpack.ProvidePlugin({
+        Buffer: ['buffer', 'Buffer'],
+        process: 'process/browser'
       }));
     }
 
@@ -129,7 +137,12 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
           // Force timers to resolve to our dependency that doesn't use window.postMessage
           timers: path.resolve(electronRoot, 'node_modules', 'timers-browserify', 'main.js')
         },
-        extensions: ['.ts', '.js']
+        extensions: ['.ts', '.js'],
+        fallback: {
+          // We provide our own "timers" import above, any usage of setImmediate inside
+          // one of our renderer bundles should import it from the 'timers' package
+          setImmediate: false
+        }
       },
       module: {
         rules: [{
@@ -150,10 +163,7 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
       },
       node: {
         __dirname: false,
-        __filename: false,
-        // We provide our own "timers" import above, any usage of setImmediate inside
-        // one of our renderer bundles should import it from the 'timers' package
-        setImmediate: false
+        __filename: false
       },
       optimization: {
         minimize: env.mode === 'production',

build/webpack/webpack.config.utility.js

@@ -0,0 +1,4 @@
+module.exports = require('./webpack.config.base')({
+  target: 'utility',
+  alwaysHasNode: true
+});

build/webpack/webpack.gni

@@ -30,11 +30,14 @@ template("webpack_build") {
     args = [
       "--config",
       rebase_path(invoker.config_file),
-      "--output-filename=" + get_path_info(invoker.out_file, "file"),
-      "--output-path=" + rebase_path(get_path_info(invoker.out_file, "dir")),
-      "--env.buildflags=" +
-          rebase_path("$target_gen_dir/buildflags/buildflags.h"),
-      "--env.mode=" + mode,
+      "--output-filename",
+      get_path_info(invoker.out_file, "file"),
+      "--output-path",
+      rebase_path(get_path_info(invoker.out_file, "dir")),
+      "--env",
+      "buildflags=" + rebase_path("$target_gen_dir/buildflags/buildflags.h"),
+      "--env",
+      "mode=" + mode,
     ]
     deps += [ "//electron/buildflags" ]
 

chromium_src/BUILD.gn

@@ -6,6 +6,7 @@ import("//build/config/ozone.gni")
 import("//build/config/ui.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//electron/buildflags/buildflags.gni")
+import("//ppapi/buildflags/buildflags.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//third_party/widevine/cdm/widevine.gni")
 
@@ -55,6 +56,14 @@ static_library("chrome") {
     "//chrome/browser/process_singleton.h",
     "//chrome/browser/process_singleton_internal.cc",
     "//chrome/browser/process_singleton_internal.h",
+    "//chrome/browser/themes/browser_theme_pack.cc",
+    "//chrome/browser/themes/browser_theme_pack.h",
+    "//chrome/browser/themes/custom_theme_supplier.cc",
+    "//chrome/browser/themes/custom_theme_supplier.h",
+    "//chrome/browser/themes/theme_properties.cc",
+    "//chrome/browser/themes/theme_properties.h",
+    "//chrome/browser/ui/color/chrome_color_mixers.cc",
+    "//chrome/browser/ui/color/chrome_color_mixers.h",
     "//chrome/browser/ui/exclusive_access/exclusive_access_bubble_type.cc",
     "//chrome/browser/ui/exclusive_access/exclusive_access_bubble_type.h",
     "//chrome/browser/ui/exclusive_access/exclusive_access_controller_base.cc",
@@ -69,7 +78,11 @@ static_library("chrome") {
     "//chrome/browser/ui/exclusive_access/keyboard_lock_controller.h",
     "//chrome/browser/ui/exclusive_access/mouse_lock_controller.cc",
     "//chrome/browser/ui/exclusive_access/mouse_lock_controller.h",
+    "//chrome/browser/ui/frame/window_frame_util.cc",
+    "//chrome/browser/ui/frame/window_frame_util.h",
     "//chrome/browser/ui/native_window_tracker.h",
+    "//chrome/browser/ui/ui_features.cc",
+    "//chrome/browser/ui/ui_features.h",
     "//chrome/browser/ui/views/eye_dropper/eye_dropper.cc",
     "//chrome/browser/ui/views/eye_dropper/eye_dropper.h",
     "//chrome/browser/ui/views/eye_dropper/eye_dropper_view.cc",
@@ -110,6 +123,8 @@ static_library("chrome") {
       "//chrome/browser/ui/view_ids.h",
       "//chrome/browser/win/chrome_process_finder.cc",
       "//chrome/browser/win/chrome_process_finder.h",
+      "//chrome/browser/win/titlebar_config.cc",
+      "//chrome/browser/win/titlebar_config.h",
       "//chrome/browser/win/titlebar_config.h",
       "//chrome/child/v8_crashpad_support_win.cc",
       "//chrome/child/v8_crashpad_support_win.h",
@@ -131,6 +146,7 @@ static_library("chrome") {
 
   public_deps = [
     "//chrome/browser:dev_ui_browser_resources",
+    "//chrome/browser/ui/color:mixers",
     "//chrome/common",
     "//chrome/common:version_header",
     "//components/keyed_service/content",
@@ -141,10 +157,7 @@ static_library("chrome") {
     "//services/strings",
   ]
 
-  deps = [
-    "//chrome/browser:resource_prefetch_predictor_proto",
-    "//components/optimization_guide/proto:optimization_guide_proto",
-  ]
+  deps = [ "//chrome/browser:resource_prefetch_predictor_proto" ]
 
   if (is_linux) {
     sources += [ "//chrome/browser/icon_loader_auralinux.cc" ]
@@ -199,7 +212,7 @@ static_library("chrome") {
     deps += [ "//components/cdm/renderer" ]
   }
 
-  if (enable_basic_printing) {
+  if (enable_printing) {
     sources += [
       "//chrome/browser/bad_message.cc",
       "//chrome/browser/bad_message.h",
@@ -217,6 +230,10 @@ static_library("chrome") {
       "//chrome/browser/printing/printer_query.h",
       "//chrome/browser/printing/printing_service.cc",
       "//chrome/browser/printing/printing_service.h",
+      "//components/printing/browser/print_to_pdf/pdf_print_job.cc",
+      "//components/printing/browser/print_to_pdf/pdf_print_job.h",
+      "//components/printing/browser/print_to_pdf/pdf_print_result.cc",
+      "//components/printing/browser/print_to_pdf/pdf_print_result.h",
       "//components/printing/browser/print_to_pdf/pdf_print_utils.cc",
       "//components/printing/browser/print_to_pdf/pdf_print_utils.h",
     ]
@@ -247,7 +264,10 @@ static_library("chrome") {
       sources += [
         "//chrome/browser/printing/pdf_to_emf_converter.cc",
         "//chrome/browser/printing/pdf_to_emf_converter.h",
+        "//chrome/browser/printing/printer_xml_parser_impl.cc",
+        "//chrome/browser/printing/printer_xml_parser_impl.h",
       ]
+      deps += [ "//printing:printing_base" ]
     }
   }
 
@@ -255,20 +275,14 @@ static_library("chrome") {
     sources += [
       "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.cc",
       "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
-      "//chrome/browser/ui/views/overlay/back_to_tab_image_button.cc",
-      "//chrome/browser/ui/views/overlay/back_to_tab_image_button.h",
       "//chrome/browser/ui/views/overlay/back_to_tab_label_button.cc",
       "//chrome/browser/ui/views/overlay/close_image_button.cc",
       "//chrome/browser/ui/views/overlay/close_image_button.h",
       "//chrome/browser/ui/views/overlay/constants.h",
-      "//chrome/browser/ui/views/overlay/document_overlay_window_views.cc",
-      "//chrome/browser/ui/views/overlay/document_overlay_window_views.h",
       "//chrome/browser/ui/views/overlay/hang_up_button.cc",
       "//chrome/browser/ui/views/overlay/hang_up_button.h",
       "//chrome/browser/ui/views/overlay/overlay_window_image_button.cc",
       "//chrome/browser/ui/views/overlay/overlay_window_image_button.h",
-      "//chrome/browser/ui/views/overlay/overlay_window_views.cc",
-      "//chrome/browser/ui/views/overlay/overlay_window_views.h",
       "//chrome/browser/ui/views/overlay/playback_image_button.cc",
       "//chrome/browser/ui/views/overlay/playback_image_button.h",
       "//chrome/browser/ui/views/overlay/resize_handle_button.cc",
@@ -298,10 +312,10 @@ static_library("chrome") {
       "//chrome/browser/extensions/chrome_url_request_util.h",
       "//chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.cc",
       "//chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.h",
-      "//chrome/renderer/extensions/extension_hooks_delegate.cc",
-      "//chrome/renderer/extensions/extension_hooks_delegate.h",
-      "//chrome/renderer/extensions/tabs_hooks_delegate.cc",
-      "//chrome/renderer/extensions/tabs_hooks_delegate.h",
+      "//chrome/renderer/extensions/api/extension_hooks_delegate.cc",
+      "//chrome/renderer/extensions/api/extension_hooks_delegate.h",
+      "//chrome/renderer/extensions/api/tabs_hooks_delegate.cc",
+      "//chrome/renderer/extensions/api/tabs_hooks_delegate.h",
     ]
 
     if (enable_pdf_viewer) {
@@ -358,15 +372,20 @@ source_set("plugins") {
   deps += [
     "//components/strings",
     "//media:media_buildflags",
-    "//ppapi/buildflags",
-    "//ppapi/host",
-    "//ppapi/proxy",
-    "//ppapi/proxy:ipc",
-    "//ppapi/shared_impl",
     "//services/device/public/mojom",
     "//skia",
     "//storage/browser",
   ]
+
+  if (enable_ppapi) {
+    deps += [
+      "//ppapi/buildflags",
+      "//ppapi/host",
+      "//ppapi/proxy",
+      "//ppapi/proxy:ipc",
+      "//ppapi/shared_impl",
+    ]
+  }
 }
 
 # This source set is just so we don't have to depend on all of //chrome/browser
@@ -380,6 +399,10 @@ source_set("chrome_spellchecker") {
 
   if (enable_builtin_spellchecker) {
     sources += [
+      "//chrome/browser/profiles/profile_keyed_service_factory.cc",
+      "//chrome/browser/profiles/profile_keyed_service_factory.h",
+      "//chrome/browser/profiles/profile_selections.cc",
+      "//chrome/browser/profiles/profile_selections.h",
       "//chrome/browser/spellchecker/spell_check_host_chrome_impl.cc",
       "//chrome/browser/spellchecker/spell_check_host_chrome_impl.h",
       "//chrome/browser/spellchecker/spellcheck_custom_dictionary.cc",

default_app/main.ts

@@ -83,7 +83,7 @@ function loadApplicationPackage (packagePath: string) {
   });
 
   try {
-    // Override app name and version.
+    // Override app's package.json data.
     packagePath = path.resolve(packagePath);
     const packageJsonPath = path.join(packagePath, 'package.json');
     let appPath;
@@ -104,6 +104,16 @@ function loadApplicationPackage (packagePath: string) {
       } else if (packageJson.name) {
         app.name = packageJson.name;
       }
+      if (packageJson.desktopName) {
+        app.setDesktopName(packageJson.desktopName);
+      } else {
+        app.setDesktopName(`${app.name}.desktop`);
+      }
+      // Set v8 flags, deliberately lazy load so that apps that do not use this
+      // feature do not pay the price
+      if (packageJson.v8Flags) {
+        require('v8').setFlagsFromString(packageJson.v8Flags);
+      }
       appPath = packagePath;
     }
 

docs/README.md

@@ -68,6 +68,7 @@ an issue:
   * [Mac App Store](tutorial/mac-app-store-submission-guide.md)
   * [Windows Store](tutorial/windows-store-guide.md)
   * [Snapcraft](tutorial/snapcraft.md)
+  * [ASAR Archives](tutorial/asar-archives.md)
 * [Updates](tutorial/updates.md)
 * [Getting Support](tutorial/support.md)
 
@@ -82,7 +83,6 @@ These individual tutorials expand on topics discussed in the guide above.
 * Electron Releases & Developer Feedback
   * [Versioning Policy](tutorial/electron-versioning.md)
   * [Release Timelines](tutorial/electron-timelines.md)
-* [Testing Widevine CDM](tutorial/testing-widevine-cdm.md)
 
 ---
 

docs/api/app.md

@@ -715,7 +715,9 @@ To set the locale, you'll want to use a command line switch at app startup, whic
 **Note:** When distributing your packaged app, you have to also ship the
 `locales` folder.
 
-**Note:** On Windows, you have to call it after the `ready` events gets emitted.
+**Note:** This API must be called after the `ready` event is emitted.
+
+**Note:** To see example return values of this API compared to other locale and language APIs, see [`app.getPreferredSystemLanguages()`](#appgetpreferredsystemlanguages).
 
 ### `app.getLocaleCountryCode()`
 
@@ -723,6 +725,44 @@ Returns `string` - User operating system's locale two-letter [ISO 3166](https://
 
 **Note:** When unable to detect locale country code, it returns empty string.
 
+### `app.getSystemLocale()`
+
+Returns `string` - The current system locale. On Windows and Linux, it is fetched using Chromium's `i18n` library. On macOS, `[NSLocale currentLocale]` is used instead. To get the user's current system language, which is not always the same as the locale, it is better to use [`app.getPreferredSystemLanguages()`](#appgetpreferredsystemlanguages).
+
+Different operating systems also use the regional data differently:
+
+* Windows 11 uses the regional format for numbers, dates, and times.
+* macOS Monterey uses the region for formatting numbers, dates, times, and for selecting the currency symbol to use.
+
+Therefore, this API can be used for purposes such as choosing a format for rendering dates and times in a calendar app, especially when the developer wants the format to be consistent with the OS.
+
+**Note:** This API must be called after the `ready` event is emitted.
+
+**Note:** To see example return values of this API compared to other locale and language APIs, see [`app.getPreferredSystemLanguages()`](#appgetpreferredsystemlanguages).
+
+### `app.getPreferredSystemLanguages()`
+
+Returns `string[]` - The user's preferred system languages from most preferred to least preferred, including the country codes if applicable. A user can modify and add to this list on Windows or macOS through the Language and Region settings.
+
+The API uses `GlobalizationPreferences` (with a fallback to `GetSystemPreferredUILanguages`) on Windows, `\[NSLocale preferredLanguages\]` on macOS, and `g_get_language_names` on Linux.
+
+This API can be used for purposes such as deciding what language to present the application in.
+
+Here are some examples of return values of the various language and locale APIs with different configurations:
+
+* For Windows, where the application locale is German, the regional format is Finnish (Finland), and the preferred system languages from most to least preferred are French (Canada), English (US), Simplified Chinese (China), Finnish, and Spanish (Latin America):
+  * `app.getLocale()` returns `'de'`
+  * `app.getSystemLocale()` returns `'fi-FI'`
+  * `app.getPreferredSystemLanguages()` returns `['fr-CA', 'en-US', 'zh-Hans-CN', 'fi', 'es-419']`
+* On macOS, where the application locale is German, the region is Finland, and the preferred system languages from most to least preferred are French (Canada), English (US), Simplified Chinese, and Spanish (Latin America):
+  * `app.getLocale()` returns `'de'`
+  * `app.getSystemLocale()` returns `'fr-FI'`
+  * `app.getPreferredSystemLanguages()` returns `['fr-CA', 'en-US', 'zh-Hans-FI', 'es-419']`
+
+Both the available languages and regions and the possible return values differ between the two operating systems.
+
+As can be seen with the example above, on Windows, it is possible that a preferred system language has no country code, and that one of the preferred system languages corresponds with the language used for the regional format. On macOS, the region serves more as a default country code: the user doesn't need to have Finnish as a preferred language to use Finland as the region,and the country code `FI` is used as the country code for preferred system languages that do not have associated countries in the language name.
+
 ### `app.addRecentDocument(path)` _macOS_ _Windows_
 
 * `path` string
@@ -1197,7 +1237,7 @@ For `infoType` equal to `basic`:
 }
 ```
 
-Using `basic` should be preferred if only basic information like `vendorId` or `driverId` is needed.
+Using `basic` should be preferred if only basic information like `vendorId` or `deviceId` is needed.
 
 ### `app.setBadgeCount([count])` _Linux_ _macOS_
 

docs/api/browser-window.md

@@ -192,6 +192,7 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
     macOS. Default is `false`.
   * `skipTaskbar` boolean (optional) _macOS_ _Windows_ - Whether to show the window in taskbar.
     Default is `false`.
+  * `hiddenInMissionControl` boolean (optional) _macOS_ - Whether window should be hidden when the user toggles into mission control.
   * `kiosk` boolean (optional) - Whether the window is in kiosk mode. Default is `false`.
   * `title` string (optional) - Default window title. Default is `"Electron"`. If the HTML tag `<title>` is defined in the HTML file loaded by `loadURL()`, this property will be ignored.
   * `icon` ([NativeImage](native-image.md) | string) (optional) - The window icon. On Windows it is
@@ -246,7 +247,8 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
   * `trafficLightPosition` [Point](structures/point.md) (optional) _macOS_ -
     Set a custom position for the traffic light buttons in frameless windows.
   * `roundedCorners` boolean (optional) _macOS_ - Whether frameless window
-    should have rounded corners on macOS. Default is `true`.
+    should have rounded corners on macOS. Default is `true`. Setting this property
+    to `false` will prevent the window from being fullscreenable.
   * `fullscreenWindowTitle` boolean (optional) _macOS_ _Deprecated_ - Shows
     the title in the title bar in full screen mode on macOS for `hiddenInset`
     titleBarStyle. Default is `false`.
@@ -651,18 +653,36 @@ The following app commands are explicitly supported on Linux:
 * `browser-backward`
 * `browser-forward`
 
-#### Event: 'scroll-touch-begin' _macOS_
+#### Event: 'scroll-touch-begin' _macOS_ _Deprecated_
 
 Emitted when scroll wheel event phase has begun.
 
-#### Event: 'scroll-touch-end' _macOS_
+> **Note**
+> This event is deprecated beginning in Electron 22.0.0. See [Breaking
+> Changes](breaking-changes.md#deprecated-browserwindow-scroll-touch--events)
+> for details of how to migrate to using the [WebContents
+> `input-event`](api/web-contents.md#event-input-event) event.
+
+#### Event: 'scroll-touch-end' _macOS_ _Deprecated_
 
 Emitted when scroll wheel event phase has ended.
 
-#### Event: 'scroll-touch-edge' _macOS_
+> **Note**
+> This event is deprecated beginning in Electron 22.0.0. See [Breaking
+> Changes](breaking-changes.md#deprecated-browserwindow-scroll-touch--events)
+> for details of how to migrate to using the [WebContents
+> `input-event`](api/web-contents.md#event-input-event) event.
+
+#### Event: 'scroll-touch-edge' _macOS_ _Deprecated_
 
 Emitted when scroll wheel event phase filed upon reaching the edge of element.
 
+> **Note**
+> This event is deprecated beginning in Electron 22.0.0. See [Breaking
+> Changes](breaking-changes.md#deprecated-browserwindow-scroll-touch--events)
+> for details of how to migrate to using the [WebContents
+> `input-event`](api/web-contents.md#event-input-event) event.
+
 #### Event: 'swipe' _macOS_
 
 Returns:
@@ -1236,6 +1256,16 @@ Returns `boolean` - Whether the window can be manually closed by user.
 
 On Linux always returns `true`.
 
+#### `win.setHiddenInMissionControl(hidden)` _macOS_
+
+* `hidden` boolean
+
+Sets whether the window will be hidden when the user toggles into mission control.
+
+#### `win.isHiddenInMissionControl()` _macOS_
+
+Returns `boolean` - Whether the window will be hidden when the user toggles into mission control.
+
 #### `win.setAlwaysOnTop(flag[, level][, relativeLevel])`
 
 * `flag` boolean
@@ -1418,13 +1448,16 @@ Returns `boolean` - Whether the window's document has been edited.
 
 #### `win.blurWebView()`
 
-#### `win.capturePage([rect])`
+#### `win.capturePage([rect, opts])`
 
 * `rect` [Rectangle](structures/rectangle.md) (optional) - The bounds to capture
+* `opts` Object (optional)
+  * `stayHidden` boolean (optional) -  Keep the page hidden instead of visible. Default is `false`.
+  * `stayAwake` boolean (optional) -  Keep the system awake instead of allowing it to sleep. Default is `false`.
 
 Returns `Promise<NativeImage>` - Resolves with a [NativeImage](native-image.md)
 
-Captures a snapshot of the page within `rect`. Omitting `rect` will capture the whole visible page. If the page is not visible, `rect` may be empty.
+Captures a snapshot of the page within `rect`. Omitting `rect` will capture the whole visible page. If the page is not visible, `rect` may be empty. The page is considered visible when its browser window is hidden and the capturer count is non-zero. If you would like the page to stay hidden, you should ensure that `stayHidden` is set to true.
 
 #### `win.loadURL(url[, options])`
 

docs/api/context-bridge.md

@@ -46,6 +46,12 @@ The `contextBridge` module has the following methods:
 * `apiKey` string - The key to inject the API onto `window` with.  The API will be accessible on `window[apiKey]`.
 * `api` any - Your API, more information on what this API can be and how it works is available below.
 
+### `contextBridge.exposeInIsolatedWorld(worldId, apiKey, api)`
+
+* `worldId` Integer - The ID of the world to inject the API into. `0` is the default world, `999` is the world used by Electron's `contextIsolation` feature. Using 999 would expose the object for preload context. We recommend using 1000+ while creating isolated world.
+* `apiKey` string - The key to inject the API onto `window` with.  The API will be accessible on `window[apiKey]`.
+* `api` any - Your API, more information on what this API can be and how it works is available below.
+
 ## Usage
 
 ### API
@@ -84,6 +90,26 @@ contextBridge.exposeInMainWorld(
 )
 ```
 
+An example of `exposeInIsolatedWorld` is shown below:
+
+```javascript
+const { contextBridge, ipcRenderer } = require('electron')
+
+contextBridge.exposeInIsolatedWorld(
+  1004,
+  'electron',
+  {
+    doThing: () => ipcRenderer.send('do-a-thing')
+  }
+)
+```
+
+```javascript
+// Renderer (In isolated world id1004)
+
+window.electron.doThing()
+```
+
 ### API Functions
 
 `Function` values that you bind through the `contextBridge` are proxied through Electron to ensure that contexts remain isolated.  This

docs/api/extensions.md

@@ -20,7 +20,7 @@ work). Extensions are installed per-`session`. To load an extension, call
 ```js
 const { session } = require('electron')
 
-session.loadExtension('path/to/unpacked/extension').then(({ id }) => {
+session.defaultSession.loadExtension('path/to/unpacked/extension').then(({ id }) => {
   // ...
 })
 ```

docs/api/ipc-renderer.md

@@ -96,14 +96,6 @@ Algorithm][SCA], just like [`window.postMessage`][], so prototype chains will no
 included. Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will
 throw an exception.
 
-> **NOTE:** Sending non-standard JavaScript types such as DOM objects or
-> special Electron objects will throw an exception.
->
-> Since the main process does not have support for DOM objects such as
-> `ImageBitmap`, `File`, `DOMMatrix` and so on, such objects cannot be sent over
-> Electron's IPC to the main process, as the main process would have no way to decode
-> them. Attempting to send such objects over IPC will result in an error.
-
 The main process should listen for `channel` with
 [`ipcMain.handle()`](./ipc-main.md#ipcmainhandlechannel-listener).
 
@@ -126,6 +118,21 @@ If you need to transfer a [`MessagePort`][] to the main process, use [`ipcRender
 
 If you do not need a response to the message, consider using [`ipcRenderer.send`](#ipcrenderersendchannel-args).
 
+> **Note**
+> Sending non-standard JavaScript types such as DOM objects or
+> special Electron objects will throw an exception.
+>
+> Since the main process does not have support for DOM objects such as
+> `ImageBitmap`, `File`, `DOMMatrix` and so on, such objects cannot be sent over
+> Electron's IPC to the main process, as the main process would have no way to decode
+> them. Attempting to send such objects over IPC will result in an error.
+
+> **Note**
+> If the handler in the main process throws an error,
+> the promise returned by `invoke` will reject.
+> However, the `Error` object in the renderer process
+> will not be the same as the one thrown in the main process.
+
 ### `ipcRenderer.sendSync(channel, ...args)`
 
 * `channel` string

docs/api/menu-item.md

@@ -14,7 +14,7 @@ See [`Menu`](menu.md) for examples.
     * `menuItem` MenuItem
     * `browserWindow` [BrowserWindow](browser-window.md) | undefined - This will not be defined if no window is open.
     * `event` [KeyboardEvent](structures/keyboard-event.md)
-  * `role` string (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, 'showSubstitutions', 'toggleSmartQuotes', 'toggleSmartDashes', 'toggleTextReplacement', `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
+  * `role` string (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `showSubstitutions`, `toggleSmartQuotes`, `toggleSmartDashes`, `toggleTextReplacement`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
     `click` property will be ignored. See [roles](#roles).
   * `type` string (optional) - Can be `normal`, `separator`, `submenu`, `checkbox` or
     `radio`.

docs/api/parent-port.md

@@ -0,0 +1,46 @@
+# parentPort
+
+> Interface for communication with parent process.
+
+Process: [Utility](../glossary.md#utility-process)
+
+`parentPort` is an [EventEmitter][event-emitter].
+_This object is not exported from the `'electron'` module. It is only available as a property of the process object in the Electron API._
+
+```js
+// Main process
+const child = utilityProcess.fork(path.join(__dirname, 'test.js'))
+child.postMessage({ message: 'hello' })
+child.on('message', (data) => {
+  console.log(data) // hello world!
+})
+
+// Child process
+process.parentPort.on('message', (e) => {
+  process.parentPort.postMessage(`${e.data} world!`)
+})
+```
+
+## Events
+
+The `parentPort` object emits the following events:
+
+### Event: 'message'
+
+Returns:
+
+* `messageEvent` Object
+  * `data` any
+  * `ports` MessagePortMain[]
+
+Emitted when the process receives a message. Messages received on
+this port will be queued up until a handler is registered for this
+event.
+
+## Methods
+
+### `parentPort.postMessage(message)`
+
+* `message` any
+
+Sends a message from the process to its parent.

docs/api/process.md

@@ -113,6 +113,7 @@ A `string` representing the current process's type, can be:
 * `browser` - The main process
 * `renderer` - A renderer process
 * `worker` - In a web worker
+* `utility` - In a node process launched as a service
 
 ### `process.versions.chrome` _Readonly_
 
@@ -134,6 +135,11 @@ Each frame has its own JavaScript context. When contextIsolation is enabled, the
 world also has a separate JavaScript context.
 This property is only available in the renderer process.
 
+### `process.parentPort`
+
+A [`Electron.ParentPort`](parent-port.md) property if this is a [`UtilityProcess`](utility-process.md)
+(or `null` otherwise) allowing communication with the parent process.
+
 ## Methods
 
 The `process` object has the following methods:

docs/api/protocol.md

@@ -10,11 +10,12 @@ An example of implementing a protocol that has the same effect as the
 ```javascript
 const { app, protocol } = require('electron')
 const path = require('path')
+const url = require('url')
 
 app.whenReady().then(() => {
   protocol.registerFileProtocol('atom', (request, callback) => {
-    const url = request.url.substr(7)
-    callback({ path: path.normalize(`${__dirname}/${url}`) })
+    const filePath = url.fileURLToPath('file://' + request.url.slice('atom://'.length))
+    callback(filePath)
   })
 })
 ```
@@ -175,7 +176,7 @@ property.
 * `handler` Function
   * `request` [ProtocolRequest](structures/protocol-request.md)
   * `callback` Function
-    * `response` ProtocolResponse
+    * `response` [ProtocolResponse](structures/protocol-response.md)
 
 Returns `boolean` - Whether the protocol was successfully registered
 

docs/api/session.md

@@ -239,7 +239,7 @@ app.whenReady().then(() => {
     const selectedDevice = details.deviceList.find((device) => {
       return device.vendorId === '9025' && device.productId === '67'
     })
-    callback(selectedPort?.deviceId)
+    callback(selectedDevice?.deviceId)
   })
 })
 ```
@@ -385,6 +385,162 @@ callback from `select-serial-port` is called.  This event is intended for use
 when using a UI to ask users to pick a port so that the UI can be updated
 to remove the specified port.
 
+#### Event: 'serial-port-revoked'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `port` [SerialPort](structures/serial-port.md)
+  * `frame` [WebFrameMain](web-frame-main.md)
+  * `origin` string - The origin that the device has been revoked from.
+
+Emitted after `SerialPort.forget()` has been called.  This event can be used
+to help maintain persistent storage of permissions when `setDevicePermissionHandler` is used.
+
+```js
+// Browser Process
+const { app, BrowserWindow } = require('electron')
+
+app.whenReady().then(() => {
+  const win = new BrowserWindow({
+    width: 800,
+    height: 600
+  })
+
+  win.webContents.session.on('serial-port-revoked', (event, details) => {
+    console.log(`Access revoked for serial device from origin ${details.origin}`)
+  })
+})
+```
+
+```js
+// Renderer Process
+
+const portConnect = async () => {
+  // Request a port.
+  const port = await navigator.serial.requestPort()
+
+  // Wait for the serial port to open.
+  await port.open({ baudRate: 9600 })
+
+  // ...later, revoke access to the serial port.
+  await port.forget()
+}
+```
+
+#### Event: 'select-usb-device'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `deviceList` [USBDevice[]](structures/usb-device.md)
+  * `frame` [WebFrameMain](web-frame-main.md)
+* `callback` Function
+  * `deviceId` string (optional)
+
+Emitted when a USB device needs to be selected when a call to
+`navigator.usb.requestDevice` is made. `callback` should be called with
+`deviceId` to be selected; passing no arguments to `callback` will
+cancel the request.  Additionally, permissioning on `navigator.usb` can
+be further managed by using [ses.setPermissionCheckHandler(handler)](#sessetpermissioncheckhandlerhandler)
+and [ses.setDevicePermissionHandler(handler)`](#sessetdevicepermissionhandlerhandler).
+
+```javascript
+const { app, BrowserWindow } = require('electron')
+
+let win = null
+
+app.whenReady().then(() => {
+  win = new BrowserWindow()
+
+  win.webContents.session.setPermissionCheckHandler((webContents, permission, requestingOrigin, details) => {
+    if (permission === 'usb') {
+      // Add logic here to determine if permission should be given to allow USB selection
+      return true
+    }
+    return false
+  })
+
+  // Optionally, retrieve previously persisted devices from a persistent store (fetchGrantedDevices needs to be implemented by developer to fetch persisted permissions)
+  const grantedDevices = fetchGrantedDevices()
+
+  win.webContents.session.setDevicePermissionHandler((details) => {
+    if (new URL(details.origin).hostname === 'some-host' && details.deviceType === 'usb') {
+      if (details.device.vendorId === 123 && details.device.productId === 345) {
+        // Always allow this type of device (this allows skipping the call to `navigator.usb.requestDevice` first)
+        return true
+      }
+
+      // Search through the list of devices that have previously been granted permission
+      return grantedDevices.some((grantedDevice) => {
+        return grantedDevice.vendorId === details.device.vendorId &&
+              grantedDevice.productId === details.device.productId &&
+              grantedDevice.serialNumber && grantedDevice.serialNumber === details.device.serialNumber
+      })
+    }
+    return false
+  })
+
+  win.webContents.session.on('select-usb-device', (event, details, callback) => {
+    event.preventDefault()
+    const selectedDevice = details.deviceList.find((device) => {
+      return device.vendorId === '9025' && device.productId === '67'
+    })
+    if (selectedDevice) {
+      // Optionally, add this to the persisted devices (updateGrantedDevices needs to be implemented by developer to persist permissions)
+      grantedDevices.push(selectedDevice)
+      updateGrantedDevices(grantedDevices)
+    }
+    callback(selectedDevice?.deviceId)
+  })
+})
+```
+
+#### Event: 'usb-device-added'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `device` [USBDevice](structures/usb-device.md)
+  * `frame` [WebFrameMain](web-frame-main.md)
+
+Emitted after `navigator.usb.requestDevice` has been called and
+`select-usb-device` has fired if a new device becomes available before
+the callback from `select-usb-device` is called.  This event is intended for
+use when using a UI to ask users to pick a device so that the UI can be updated
+with the newly added device.
+
+#### Event: 'usb-device-removed'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `device` [USBDevice](structures/usb-device.md)
+  * `frame` [WebFrameMain](web-frame-main.md)
+
+Emitted after `navigator.usb.requestDevice` has been called and
+`select-usb-device` has fired if a device has been removed before the callback
+from `select-usb-device` is called.  This event is intended for use when using
+a UI to ask users to pick a device so that the UI can be updated to remove the
+specified device.
+
+#### Event: 'usb-device-revoked'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `device` [USBDevice[]](structures/usb-device.md)
+  * `origin` string (optional) - The origin that the device has been revoked from.
+
+Emitted after `USBDevice.forget()` has been called.  This event can be used
+to help maintain persistent storage of permissions when
+`setDevicePermissionHandler` is used.
+
 ### Instance Methods
 
 The following methods are available on instances of `Session`:
@@ -409,7 +565,7 @@ Clears the session’s HTTP cache.
     `shadercache`, `websql`, `serviceworkers`, `cachestorage`. If not
     specified, clear all storage types.
   * `quotas` string[] (optional) - The types of quotas to clear, can contain:
-    `temporary`, `persistent`, `syncable`. If not specified, clear all quotas.
+    `temporary`, `syncable`. If not specified, clear all quotas.
 
 Returns `Promise<void>` - resolves when the storage data has been cleared.
 
@@ -635,7 +791,7 @@ win.webContents.session.setCertificateVerifyProc((request, callback) => {
     * `notifications` - Request notification creation and the ability to display them in the user's system tray.
     * `midi` - Request MIDI access in the `webmidi` API.
     * `midiSysex` - Request the use of system exclusive messages in the `webmidi` API.
-    * `pointerLock` - Request to directly interpret mouse movements as an input method. Click [here](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API) to know more.
+    * `pointerLock` - Request to directly interpret mouse movements as an input method. Click [here](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API) to know more. These requests always appear to originate from the main frame.
     * `fullscreen` - Request for the app to enter fullscreen mode.
     * `openExternal` - Request to open links in external applications.
     * `unknown` - An unrecognized permission request
@@ -670,7 +826,7 @@ session.fromPartition('some-partition').setPermissionRequestHandler((webContents
 
 * `handler` Function\<boolean> | null
   * `webContents` ([WebContents](web-contents.md) | null) - WebContents checking the permission.  Please note that if the request comes from a subframe you should use `requestingUrl` to check the request origin.  All cross origin sub frames making permission checks will pass a `null` webContents to this handler, while certain other permission checks such as `notifications` checks will always pass `null`.  You should use `embeddingOrigin` and `requestingOrigin` to determine what origin the owning frame and the requesting frame are on respectively.
-  * `permission` string - Type of permission check.  Valid values are `midiSysex`, `notifications`, `geolocation`, `media`,`mediaKeySystem`,`midi`, `pointerLock`, `fullscreen`, `openExternal`, `hid`, or `serial`.
+  * `permission` string - Type of permission check.  Valid values are `midiSysex`, `notifications`, `geolocation`, `media`,`mediaKeySystem`,`midi`, `pointerLock`, `fullscreen`, `openExternal`, `hid`, `serial`, or `usb`.
   * `requestingOrigin` string - The origin URL of the permission check
   * `details` Object - Some properties are only available on certain permission types.
     * `embeddingOrigin` string (optional) - The origin of the frame embedding the frame that made the permission check.  Only set for cross-origin sub frames making permission checks.
@@ -698,11 +854,65 @@ session.fromPartition('some-partition').setPermissionCheckHandler((webContents,
 })
 ```
 
+#### `ses.setDisplayMediaRequestHandler(handler)`
+
+* `handler` Function | null
+  * `request` Object
+    * `frame` [WebFrameMain](web-frame-main.md) - Frame that is requesting access to media.
+    * `securityOrigin` String - Origin of the page making the request.
+    * `videoRequested` Boolean - true if the web content requested a video stream.
+    * `audioRequested` Boolean - true if the web content requested an audio stream.
+    * `userGesture` Boolean - Whether a user gesture was active when this request was triggered.
+  * `callback` Function
+    * `streams` Object
+      * `video` Object | [WebFrameMain](web-frame-main.md) (optional)
+        * `id` String - The id of the stream being granted. This will usually
+          come from a [DesktopCapturerSource](structures/desktop-capturer-source.md)
+          object.
+        * `name` String - The name of the stream being granted. This will
+          usually come from a [DesktopCapturerSource](structures/desktop-capturer-source.md)
+          object.
+      * `audio` String | [WebFrameMain](web-frame-main.md) (optional) - If
+        a string is specified, can be `loopback` or `loopbackWithMute`.
+        Specifying a loopback device will capture system audio, and is
+        currently only supported on Windows. If a WebFrameMain is specified,
+        will capture audio from that frame.
+
+This handler will be called when web content requests access to display media
+via the `navigator.mediaDevices.getDisplayMedia` API. Use the
+[desktopCapturer](desktop-capturer.md) API to choose which stream(s) to grant
+access to.
+
+```javascript
+const { session, desktopCapturer } = require('electron')
+
+session.defaultSession.setDisplayMediaRequestHandler((request, callback) => {
+  desktopCapturer.getSources({ types: ['screen'] }).then((sources) => {
+    // Grant access to the first screen found.
+    callback({ video: sources[0] })
+  })
+})
+```
+
+Passing a [WebFrameMain](web-frame-main.md) object as a video or audio stream
+will capture the video or audio stream from that frame.
+
+```javascript
+const { session } = require('electron')
+
+session.defaultSession.setDisplayMediaRequestHandler((request, callback) => {
+  // Allow the tab to capture itself.
+  callback({ video: request.frame })
+})
+```
+
+Passing `null` instead of a function resets the handler to its default state.
+
 #### `ses.setDevicePermissionHandler(handler)`
 
 * `handler` Function\<boolean> | null
   * `details` Object
-    * `deviceType` string - The type of device that permission is being requested on, can be `hid` or `serial`.
+    * `deviceType` string - The type of device that permission is being requested on, can be `hid`, `serial`, or `usb`.
     * `origin` string - The origin URL of the device permission check.
     * `device` [HIDDevice](structures/hid-device.md) | [SerialPort](structures/serial-port.md)- the device that permission is being requested for.
 
@@ -730,6 +940,8 @@ app.whenReady().then(() => {
       return true
     } else if (permission === 'serial') {
       // Add logic here to determine if permission should be given to allow serial port selection
+    } else if (permission === 'usb') {
+      // Add logic here to determine if permission should be given to allow USB device selection
     }
     return false
   })
@@ -769,6 +981,71 @@ app.whenReady().then(() => {
 })
 ```
 
+#### `ses.setBluetoothPairingHandler(handler)` _Windows_ _Linux_
+
+* `handler` Function | null
+  * `details` Object
+    * `deviceId` string
+    * `pairingKind` string - The type of pairing prompt being requested.
+      One of the following values:
+      * `confirm`
+        This prompt is requesting confirmation that the Bluetooth device should
+        be paired.
+      * `confirmPin`
+        This prompt is requesting confirmation that the provided PIN matches the
+        pin displayed on the device.
+      * `providePin`
+        This prompt is requesting that a pin be provided for the device.
+    * `frame` [WebFrameMain](web-frame-main.md)
+    * `pin` string (optional) - The pin value to verify if `pairingKind` is `confirmPin`.
+  * `callback` Function
+    * `response` Object
+      * `confirmed` boolean - `false` should be passed in if the dialog is canceled.
+        If the `pairingKind` is `confirm` or `confirmPin`, this value should indicate
+        if the pairing is confirmed.  If the `pairingKind` is `providePin` the value
+        should be `true` when a value is provided.
+      * `pin` string | null (optional) - When the `pairingKind` is `providePin`
+        this value should be the required pin for the Bluetooth device.
+
+Sets a handler to respond to Bluetooth pairing requests. This handler
+allows developers to handle devices that require additional validation
+before pairing.  When a handler is not defined, any pairing on Linux or Windows
+that requires additional validation will be automatically cancelled.
+macOS does not require a handler because macOS handles the pairing
+automatically.  To clear the handler, call `setBluetoothPairingHandler(null)`.
+
+```javascript
+
+const { app, BrowserWindow, ipcMain, session } = require('electron')
+
+let bluetoothPinCallback = null
+
+function createWindow () {
+  const mainWindow = new BrowserWindow({
+    webPreferences: {
+      preload: path.join(__dirname, 'preload.js')
+    }
+  })
+}
+
+// Listen for an IPC message from the renderer to get the response for the Bluetooth pairing.
+ipcMain.on('bluetooth-pairing-response', (event, response) => {
+  bluetoothPinCallback(response)
+})
+
+mainWindow.webContents.session.setBluetoothPairingHandler((details, callback) => {
+  bluetoothPinCallback = callback
+  // Send a IPC message to the renderer to prompt the user to confirm the pairing.
+  // Note that this will require logic in the renderer to handle this message and
+  // display a prompt to the user.
+  mainWindow.webContents.send('bluetooth-pairing-request', details)
+})
+
+app.whenReady().then(() => {
+  createWindow()
+})
+```
+
 #### `ses.clearHostResolverCache()`
 
 Returns `Promise<void>` - Resolves when the operation is complete.
@@ -932,7 +1209,7 @@ Returns `string[]` - An array of language codes the spellchecker is enabled for.
 will fallback to using `en-US`.  By default on launch if this setting is an empty list Electron will try to populate this
 setting with the current OS locale.  This setting is persisted across restarts.
 
-**Note:** On macOS the OS spellchecker is used and has its own list of languages.  This API is a no-op on macOS.
+**Note:** On macOS the OS spellchecker is used and has its own list of languages. On macOS, this API will return whichever languages have been configured by the OS.
 
 #### `ses.setSpellCheckerDictionaryDownloadURL(url)`
 
@@ -1049,7 +1326,7 @@ is emitted.
 
 #### `ses.getStoragePath()`
 
-A `string | null` indicating the absolute file system path where data for this
+Returns `string | null` - The absolute file system path where data for this
 session is persisted on disk.  For in memory sessions this returns `null`.
 
 ### Instance Properties

docs/api/structures/input-event.md

@@ -1,5 +1,16 @@
 # InputEvent Object
 
+* `type` string - Can be `undefined`, `mouseDown`, `mouseUp`, `mouseMove`,
+  `mouseEnter`, `mouseLeave`, `contextMenu`, `mouseWheel`, `rawKeyDown`,
+  `keyDown`, `keyUp`, `char`, `gestureScrollBegin`, `gestureScrollEnd`,
+  `gestureScrollUpdate`, `gestureFlingStart`, `gestureFlingCancel`,
+  `gesturePinchBegin`, `gesturePinchEnd`, `gesturePinchUpdate`,
+  `gestureTapDown`, `gestureShowPress`, `gestureTap`, `gestureTapCancel`,
+  `gestureShortPress`, `gestureLongPress`, `gestureLongTap`,
+  `gestureTwoFingerTap`, `gestureTapUnconfirmed`, `gestureDoubleTap`,
+  `touchStart`, `touchMove`, `touchEnd`, `touchCancel`, `touchScrollStarted`,
+  `pointerDown`, `pointerUp`, `pointerMove`, `pointerRawUpdate`,
+  `pointerCancel` or `pointerCausedUaAction`.
 * `modifiers` string[] (optional) - An array of modifiers of the event, can
   be `shift`, `control`, `ctrl`, `alt`, `meta`, `command`, `cmd`, `isKeypad`,
   `isAutoRepeat`, `leftButtonDown`, `middleButtonDown`, `rightButtonDown`,

docs/api/structures/keyboard-input-event.md

@@ -1,6 +1,6 @@
 # KeyboardInputEvent Object extends `InputEvent`
 
-* `type` string - The type of the event, can be `keyDown`, `keyUp` or `char`.
+* `type` string - The type of the event, can be `rawKeyDown`, `keyDown`, `keyUp` or `char`.
 * `keyCode` string - The character that will be sent
   as the keyboard event. Should only use the valid key codes in
   [Accelerator](../accelerator.md).

docs/api/structures/new-window-web-contents-event.md

@@ -1,3 +0,0 @@
-# NewWindowWebContentsEvent Object extends `Event`
-
-* `newGuest` BrowserWindow (optional)

docs/api/structures/usb-device.md

@@ -0,0 +1,17 @@
+# USBDevice Object
+
+* `deviceId` string - Unique identifier for the device.
+* `vendorId` Integer - The USB vendor ID.
+* `productId` Integer - The USB product ID.
+* `productName` string (optional) - Name of the device.
+* `serialNumber` string (optional) - The USB device serial number.
+* `manufacturerName` string (optional) - The manufacturer name of the device.
+* `usbVersionMajor` Integer - The USB protocol major version supported by the device
+* `usbVersionMinor` Integer - The USB protocol minor version supported by the device
+* `usbVersionSubminor` Integer - The USB protocol subminor version supported by the device
+* `deviceClass` Integer - The device class for the communication interface supported by the device
+* `deviceSubclass` Integer - The device subclass for the communication interface supported by the device
+* `deviceProtocol` Integer - The device protocol for the communication interface supported by the device
+* `deviceVersionMajor` Integer - The major version number of the device as defined by the device manufacturer.
+* `deviceVersionMinor` Integer - The minor version number of the device as defined by the device manufacturer.
+* `deviceVersionSubminor` Integer - The subminor version number of the device as defined by the device manufacturer.

docs/api/tray.md

@@ -25,15 +25,17 @@ app.whenReady().then(() => {
 })
 ```
 
-__Platform limitations:__
+__Platform Considerations__
 
-* On Linux the app indicator will be used if it is supported, otherwise
-  `GtkStatusIcon` will be used instead.
-* On Linux distributions that only have app indicator support, you have to
-  install `libappindicator1` to make the tray icon work.
-* App indicator will only be shown when it has a context menu.
-* When app indicator is used on Linux, the `click` event is ignored.
-* On Linux in order for changes made to individual `MenuItem`s to take effect,
+__Linux__
+
+* Tray icon requires support of [StatusNotifierItem](https://www.freedesktop.org/wiki/Specifications/StatusNotifierItem/)
+  in user's desktop environment.
+* The `click` event is emitted when the tray icon receives activation from
+  user, however the StatusNotifierItem spec does not specify which action would
+  cause an activation, for some environments it is left mouse click, but for
+  some it might be double left mouse click.
+* In order for changes made to individual `MenuItem`s to take effect,
   you have to call `setContextMenu` again. For example:
 
 ```javascript
@@ -55,10 +57,16 @@ app.whenReady().then(() => {
 })
 ```
 
-* On Windows it is recommended to use `ICO` icons to get best visual effects.
+__MacOS__
 
-If you want to keep exact same behaviors on all platforms, you should not
-rely on the `click` event and always attach a context menu to the tray icon.
+* Icons passed to the Tray constructor should be [Template Images](native-image.md#template-image).
+* To make sure your icon isn't grainy on retina monitors, be sure your `@2x` image is 144dpi.
+* If you are bundling your application (e.g., with webpack for development), be sure that the file names are not being mangled or hashed. The filename needs to end in Template, and the `@2x` image needs to have the same filename as the standard image, or MacOS will not magically invert your image's colors or use the high density image.
+* 16x16 (72dpi) and 32x32@2x (144dpi) work well for most icons.
+
+__Windows__
+
+* It is recommended to use `ICO` icons to get best visual effects.
 
 ### `new Tray(image, [guid])`
 
@@ -81,6 +89,9 @@ Returns:
 
 Emitted when the tray icon is clicked.
 
+Note that on Linux this event is emitted when the tray icon receives an
+activation, which might not necessarily be left mouse click.
+
 #### Event: 'right-click' _macOS_ _Windows_
 
 Returns:

docs/api/utility-process.md

@@ -0,0 +1,137 @@
+# utilityProcess
+
+`utilityProcess` creates a child process with
+Node.js and Message ports enabled. It provides the equivalent of [`child_process.fork`][] API from Node.js
+but instead uses [Services API][] from Chromium to launch the child process.
+
+Process: [Main](../glossary.md#main-process)<br />
+
+## Methods
+
+### `utilityProcess.fork(modulePath[, args][, options])`
+
+* `modulePath` string - Path to the script that should run as entrypoint in the child process.
+* `args` string[] (optional) - List of string arguments that will be available as `process.argv`
+  in the child process.
+* `options` Object (optional)
+  * `env` Object (optional) - Environment key-value pairs. Default is `process.env`.
+  * `execArgv` string[] (optional) - List of string arguments passed to the executable.
+  * `cwd` string (optional) - Current working directory of the child process.
+  * `stdio` (string[] | string) (optional) - Allows configuring the mode for `stdout` and `stderr`
+    of the child process. Default is `inherit`.
+    String value can be one of `pipe`, `ignore`, `inherit`, for more details on these values you can refer to
+    [stdio][] documentation from Node.js. Currently this option only supports configuring `stdout` and
+    `stderr` to either `pipe`, `inherit` or `ignore`. Configuring `stdin` is not supported; `stdin` will
+    always be ignored.
+    For example, the supported values will be processed as following:
+    * `pipe`: equivalent to ['ignore', 'pipe', 'pipe'] (the default)
+    * `ignore`: equivalent to 'ignore', 'ignore', 'ignore']
+    * `inherit`: equivalent to ['ignore', 'inherit', 'inherit']
+  * `serviceName` string (optional) - Name of the process that will appear in `name` property of
+    [`child-process-gone` event of `app`](app.md#event-child-process-gone).
+    Default is `node.mojom.NodeService`.
+  * `allowLoadingUnsignedLibraries` boolean (optional) _macOS_ - With this flag, the utility process will be
+    launched via the `Electron Helper (Plugin).app` helper executable on macOS, which can be
+    codesigned with `com.apple.security.cs.disable-library-validation` and
+    `com.apple.security.cs.allow-unsigned-executable-memory` entitlements. This will allow the utility process
+    to load unsigned libraries. Unless you specifically need this capability, it is best to leave this disabled.
+    Default is `false`.
+
+Returns [`UtilityProcess`](utility-process.md#class-utilityprocess)
+
+## Class: UtilityProcess
+
+> Instances of the `UtilityProcess` represent the Chromium spawned child process
+> with Node.js integration.
+
+`UtilityProcess` is an [EventEmitter][event-emitter].
+
+### Instance Methods
+
+#### `child.postMessage(message, [transfer])`
+
+* `message` any
+* `transfer` MessagePortMain[] (optional)
+
+Send a message to the child process, optionally transferring ownership of
+zero or more [`MessagePortMain`][] objects.
+
+For example:
+
+```js
+// Main process
+const { port1, port2 } = new MessageChannelMain()
+const child = utilityProcess.fork(path.join(__dirname, 'test.js'))
+child.postMessage({ message: 'hello' }, [port1])
+
+// Child process
+process.parentPort.once('message', (e) => {
+  const [port] = e.ports
+  // ...
+})
+```
+
+#### `child.kill()`
+
+Returns `boolean`
+
+Terminates the process gracefully. On POSIX, it uses SIGTERM
+but will ensure the process is reaped on exit. This function returns
+true if the kill is successful, and false otherwise.
+
+### Instance Properties
+
+#### `child.pid`
+
+A `Integer | undefined` representing the process identifier (PID) of the child process.
+If the child process fails to spawn due to errors, then the value is `undefined`. When
+the child process exits, then the value is `undefined` after the `exit` event is emitted.
+
+#### `child.stdout`
+
+A `NodeJS.ReadableStream | null` that represents the child process's stdout.
+If the child was spawned with options.stdio[1] set to anything other than 'pipe', then this will be `null`.
+When the child process exits, then the value is `null` after the `exit` event is emitted.
+
+```js
+// Main process
+const { port1, port2 } = new MessageChannelMain()
+const child = utilityProcess.fork(path.join(__dirname, 'test.js'))
+child.stdout.on('data', (data) => {
+  console.log(`Received chunk ${data}`)
+})
+```
+
+#### `child.stderr`
+
+A `NodeJS.ReadableStream | null` that represents the child process's stderr.
+If the child was spawned with options.stdio[2] set to anything other than 'pipe', then this will be `null`.
+When the child process exits, then the value is `null` after the `exit` event is emitted.
+
+### Instance Events
+
+#### Event: 'spawn'
+
+Emitted once the child process has spawned successfully.
+
+#### Event: 'exit'
+
+Returns:
+
+* `code` number - Contains the exit code for
+the process obtained from waitpid on posix, or GetExitCodeProcess on windows.
+
+Emitted after the child process ends.
+
+#### Event: 'message'
+
+Returns:
+
+* `message` any
+
+Emitted when the child process sends a message using [`process.parentPort.postMessage()`](process.md#processparentport).
+
+[`child_process.fork`]: https://nodejs.org/dist/latest-v16.x/docs/api/child_process.html#child_processforkmodulepath-args-options
+[Services API]: https://chromium.googlesource.com/chromium/src/+/master/docs/mojo_and_services.md
+[stdio]: https://nodejs.org/dist/latest/docs/api/child_process.html#optionsstdio
+[event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter

docs/api/web-contents.md

@@ -45,6 +45,13 @@ returns `null`.
 Returns `WebContents` | undefined - A WebContents instance with the given ID, or
 `undefined` if there is no WebContents associated with the given ID.
 
+### `webContents.fromFrame(frame)`
+
+* `frame` WebFrameMain
+
+Returns `WebContents` | undefined - A WebContents instance with the given WebFrameMain, or
+`undefined` if there is no WebContents associated with the given WebFrameMain.
+
 ### `webContents.fromDevToolsTargetId(targetId)`
 
 * `targetId` string - The Chrome DevTools Protocol [TargetID](https://chromedevtools.github.io/devtools-protocol/tot/Target/#type-TargetID) associated with the WebContents instance.
@@ -130,10 +137,6 @@ Corresponds to the points in time when the spinner of the tab stopped spinning.
 
 #### Event: 'dom-ready'
 
-Returns:
-
-* `event` Event
-
 Emitted when the document in the top-level frame is loaded.
 
 #### Event: 'page-title-updated'
@@ -156,63 +159,17 @@ Returns:
 
 Emitted when page receives favicon urls.
 
-#### Event: 'new-window' _Deprecated_
+#### Event: 'content-bounds-updated'
 
 Returns:
 
-* `event` NewWindowWebContentsEvent
-* `url` string
-* `frameName` string
-* `disposition` string - Can be `default`, `foreground-tab`, `background-tab`,
-  `new-window`, `save-to-disk` and `other`.
-* `options` BrowserWindowConstructorOptions - The options which will be used for creating the new
-  [`BrowserWindow`](browser-window.md).
-* `additionalFeatures` string[] - The non-standard features (features not handled
-  by Chromium or Electron) given to `window.open()`. Deprecated, and will now
-  always be the empty array `[]`.
-* `referrer` [Referrer](structures/referrer.md) - The referrer that will be
-  passed to the new window. May or may not result in the `Referer` header being
-  sent, depending on the referrer policy.
-* `postBody` [PostBody](structures/post-body.md) (optional) - The post data that
-  will be sent to the new window, along with the appropriate headers that will
-  be set. If no post data is to be sent, the value will be `null`. Only defined
-  when the window is being created by a form that set `target=_blank`.
+* `event` Event
+* `bounds` [Rectangle](structures/rectangle.md) - requested new content bounds
 
-Deprecated in favor of [`webContents.setWindowOpenHandler`](web-contents.md#contentssetwindowopenhandlerhandler).
+Emitted when the page calls `window.moveTo`, `window.resizeTo` or related APIs.
 
-Emitted when the page requests to open a new window for a `url`. It could be
-requested by `window.open` or an external link like `<a target='_blank'>`.
-
-By default a new `BrowserWindow` will be created for the `url`.
-
-Calling `event.preventDefault()` will prevent Electron from automatically creating a
-new [`BrowserWindow`](browser-window.md). If you call `event.preventDefault()` and manually create a new
-[`BrowserWindow`](browser-window.md) then you must set `event.newGuest` to reference the new [`BrowserWindow`](browser-window.md)
-instance, failing to do so may result in unexpected behavior. For example:
-
-```javascript
-myBrowserWindow.webContents.on('new-window', (event, url, frameName, disposition, options, additionalFeatures, referrer, postBody) => {
-  event.preventDefault()
-  const win = new BrowserWindow({
-    webContents: options.webContents, // use existing webContents if provided
-    show: false
-  })
-  win.once('ready-to-show', () => win.show())
-  if (!options.webContents) {
-    const loadOptions = {
-      httpReferrer: referrer
-    }
-    if (postBody != null) {
-      const { data, contentType, boundary } = postBody
-      loadOptions.postData = postBody.data
-      loadOptions.extraHeaders = `content-type: ${contentType}; boundary=${boundary}`
-    }
-
-    win.loadURL(url, loadOptions) // existing webContents will be navigated automatically
-  }
-  event.newGuest = win
-})
-```
+By default, this will move the window. To prevent that behavior, call
+`event.preventDefault()`.
 
 #### Event: 'did-create-window'
 
@@ -454,6 +411,16 @@ Emitted when a plugin process has crashed.
 
 Emitted when `webContents` is destroyed.
 
+#### Event: 'input-event'
+
+Returns:
+
+* `event` Event
+* `inputEvent` [InputEvent](structures/input-event.md)
+
+Emitted when an input event is sent to the WebContents. See
+[InputEvent](structures/input-event.md) for details.
+
 #### Event: 'before-input-event'
 
 Returns:
@@ -862,6 +829,8 @@ Returns:
 
 Emitted when the renderer process sends an asynchronous message via `ipcRenderer.send()`.
 
+See also [`webContents.ipc`](#contentsipc-readonly), which provides an [`IpcMain`](ipc-main.md)-like interface for responding to IPC messages specifically from this WebContents.
+
 #### Event: 'ipc-message-sync'
 
 Returns:
@@ -872,6 +841,8 @@ Returns:
 
 Emitted when the renderer process sends a synchronous message via `ipcRenderer.sendSync()`.
 
+See also [`webContents.ipc`](#contentsipc-readonly), which provides an [`IpcMain`](ipc-main.md)-like interface for responding to IPC messages specifically from this WebContents.
+
 #### Event: 'preferred-size-changed'
 
 Returns:
@@ -980,6 +951,21 @@ Returns `string` - The title of the current web page.
 
 Returns `boolean` - Whether the web page is destroyed.
 
+#### `contents.close([opts])`
+
+* `opts` Object (optional)
+  * `waitForBeforeUnload` boolean - if true, fire the `beforeunload` event
+    before closing the page. If the page prevents the unload, the WebContents
+    will not be closed. The [`will-prevent-unload`](#event-will-prevent-unload)
+    will be fired if the page requests prevention of unload.
+
+Closes the page, as if the web content had called `window.close()`.
+
+If the page is successfully closed (i.e. the unload is not prevented by the
+page, or `waitForBeforeUnload` is false or unspecified), the WebContents will
+be destroyed and no longer usable. The [`destroyed`](#event-destroyed) event
+will be emitted.
+
 #### `contents.focus()`
 
 Focuses the web page.
@@ -1169,7 +1155,7 @@ Ignore application menu shortcuts while this web contents is focused.
 
 #### `contents.setWindowOpenHandler(handler)`
 
-* `handler` Function<{action: 'deny'} | {action: 'allow', overrideBrowserWindowOptions?: BrowserWindowConstructorOptions}>
+* `handler` Function<{action: 'deny'} | {action: 'allow', outlivesOpener?: boolean, overrideBrowserWindowOptions?: BrowserWindowConstructorOptions}>
   * `details` Object
     * `url` string - The _resolved_ version of the URL passed to `window.open()`. e.g. opening a window with `window.open('foo')` will yield something like `https://the-origin/the/current/path/foo`.
     * `frameName` string - Name of the window provided in `window.open()`
@@ -1184,8 +1170,11 @@ Ignore application menu shortcuts while this web contents is focused.
       be set. If no post data is to be sent, the value will be `null`. Only defined
       when the window is being created by a form that set `target=_blank`.
 
-  Returns `{action: 'deny'} | {action: 'allow', overrideBrowserWindowOptions?: BrowserWindowConstructorOptions}` - `deny` cancels the creation of the new
+  Returns `{action: 'deny'} | {action: 'allow', outlivesOpener?: boolean, overrideBrowserWindowOptions?: BrowserWindowConstructorOptions}` - `deny` cancels the creation of the new
   window. `allow` will allow the new window to be created. Specifying `overrideBrowserWindowOptions` allows customization of the created window.
+  By default, child windows are closed when their opener is closed. This can be
+  changed by specifying `outlivesOpener: true`, in which case the opened window
+  will not be closed when its opener is closed.
   Returning an unrecognized value such as a null, undefined, or an object
   without a recognized 'action' value will result in a console error and have
   the same effect as returning `{action: 'deny'}`.
@@ -1352,20 +1341,25 @@ const requestId = webContents.findInPage('api')
 console.log(requestId)
 ```
 
-#### `contents.capturePage([rect])`
+#### `contents.capturePage([rect, opts])`
 
 * `rect` [Rectangle](structures/rectangle.md) (optional) - The area of the page to be captured.
+* `opts` Object (optional)
+  * `stayHidden` boolean (optional) -  Keep the page hidden instead of visible. Default is `false`.
+  * `stayAwake` boolean (optional) -  Keep the system awake instead of allowing it to sleep. Default is `false`.
 
 Returns `Promise<NativeImage>` - Resolves with a [NativeImage](native-image.md)
 
 Captures a snapshot of the page within `rect`. Omitting `rect` will capture the whole visible page.
+The page is considered visible when its browser window is hidden and the capturer count is non-zero.
+If you would like the page to stay hidden, you should ensure that `stayHidden` is set to true.
 
 #### `contents.isBeingCaptured()`
 
 Returns `boolean` - Whether this page is being captured. It returns true when the capturer count
 is large then 0.
 
-#### `contents.incrementCapturerCount([size, stayHidden, stayAwake])`
+#### `contents.incrementCapturerCount([size, stayHidden, stayAwake])` _Deprecated_
 
 * `size` [Size](structures/size.md) (optional) - The preferred size for the capturer.
 * `stayHidden` boolean (optional) -  Keep the page hidden instead of visible.
@@ -1376,7 +1370,9 @@ hidden and the capturer count is non-zero. If you would like the page to stay hi
 
 This also affects the Page Visibility API.
 
-#### `contents.decrementCapturerCount([stayHidden, stayAwake])`
+**Deprecated:** This API's functionality is now handled automatically within `contents.capturePage()`. See [breaking changes](../breaking-changes.md).
+
+#### `contents.decrementCapturerCount([stayHidden, stayAwake])` _Deprecated_
 
 * `stayHidden` boolean (optional) -  Keep the page in hidden state instead of visible.
 * `stayAwake` boolean (optional) -  Keep the system awake instead of allowing it to sleep.
@@ -1385,6 +1381,9 @@ Decrease the capturer count by one. The page will be set to hidden or occluded s
 browser window is hidden or occluded and the capturer count reaches zero. If you want to
 decrease the hidden capturer count instead you should set `stayHidden` to true.
 
+**Deprecated:** This API's functionality is now handled automatically within `contents.capturePage()`.
+See [breaking changes](../breaking-changes.md).
+
 #### `contents.getPrinters()` _Deprecated_
 
 Get the system printer list.
@@ -1622,6 +1621,8 @@ Opens the devtools.
 When `contents` is a `<webview>` tag, the `mode` would be `detach` by default,
 explicitly passing an empty `mode` can force using last used dock state.
 
+On Windows, if Windows Control Overlay is enabled, Devtools will be opened with `mode: 'detach'`.
+
 #### `contents.closeDevTools()`
 
 Closes the devtools.
@@ -1985,6 +1986,35 @@ This corresponds to the [animationPolicy][] accessibility feature in Chromium.
 
 ### Instance Properties
 
+#### `contents.ipc` _Readonly_
+
+An [`IpcMain`](ipc-main.md) scoped to just IPC messages sent from this
+WebContents.
+
+IPC messages sent with `ipcRenderer.send`, `ipcRenderer.sendSync` or
+`ipcRenderer.postMessage` will be delivered in the following order:
+
+1. `contents.on('ipc-message')`
+2. `contents.mainFrame.on(channel)`
+3. `contents.ipc.on(channel)`
+4. `ipcMain.on(channel)`
+
+Handlers registered with `invoke` will be checked in the following order. The
+first one that is defined will be called, the rest will be ignored.
+
+1. `contents.mainFrame.handle(channel)`
+2. `contents.handle(channel)`
+3. `ipcMain.handle(channel)`
+
+A handler or event listener registered on the WebContents will receive IPC
+messages sent from any frame, including child frames. In most cases, only the
+main frame can send IPC messages. However, if the `nodeIntegrationInSubFrames`
+option is enabled, it is possible for child frames to send IPC messages also.
+In that case, handlers should check the `senderFrame` property of the IPC event
+to ensure that the message is coming from the expected frame. Alternatively,
+register handlers on the appropriate frame directly using the
+[`WebFrameMain.ipc`](web-frame-main.md#frameipc-readonly) interface.
+
 #### `contents.audioMuted`
 
 A `boolean` property that determines whether this page is muted.
@@ -2044,6 +2074,11 @@ when the page becomes backgrounded. This also affects the Page Visibility API.
 
 A [`WebFrameMain`](web-frame-main.md) property that represents the top frame of the page's frame hierarchy.
 
+#### `contents.opener` _Readonly_
+
+A [`WebFrameMain`](web-frame-main.md) property that represents the frame that opened this WebContents, either
+with open(), or by navigating a link with a target attribute.
+
 [keyboardevent]: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
 [SCA]: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm

docs/api/web-frame-main.md

@@ -140,10 +140,45 @@ ipcRenderer.on('port', (e, msg) => {
 
 ### Instance Properties
 
+#### `frame.ipc` _Readonly_
+
+An [`IpcMain`](ipc-main.md) instance scoped to the frame.
+
+IPC messages sent with `ipcRenderer.send`, `ipcRenderer.sendSync` or
+`ipcRenderer.postMessage` will be delivered in the following order:
+
+1. `contents.on('ipc-message')`
+2. `contents.mainFrame.on(channel)`
+3. `contents.ipc.on(channel)`
+4. `ipcMain.on(channel)`
+
+Handlers registered with `invoke` will be checked in the following order. The
+first one that is defined will be called, the rest will be ignored.
+
+1. `contents.mainFrame.handle(channel)`
+2. `contents.handle(channel)`
+3. `ipcMain.handle(channel)`
+
+In most cases, only the main frame of a WebContents can send or receive IPC
+messages. However, if the `nodeIntegrationInSubFrames` option is enabled, it is
+possible for child frames to send and receive IPC messages also. The
+[`WebContents.ipc`](web-contents.md#contentsipc-readonly) interface may be more
+convenient when `nodeIntegrationInSubFrames` is not enabled.
+
 #### `frame.url` _Readonly_
 
 A `string` representing the current URL of the frame.
 
+#### `frame.origin` _Readonly_
+
+A `string` representing the current origin of the frame, serialized according
+to [RFC 6454](https://www.rfc-editor.org/rfc/rfc6454). This may be different
+from the URL. For instance, if the frame is a child window opened to
+`about:blank`, then `frame.origin` will return the parent frame's origin, while
+`frame.url` will return the empty string. Pages without a scheme/host/port
+triple origin will have the serialized origin of `"null"` (that is, the string
+containing the letters n, u, l, l).
+
 #### `frame.top` _Readonly_
 
 A `WebFrameMain | null` representing top frame in the frame hierarchy to which `frame`

docs/api/web-request.md

@@ -28,7 +28,7 @@ const { session } = require('electron')
 
 // Modify the user agent for all requests to the following urls.
 const filter = {
-  urls: ['https://*.github.com/*', '*://electron.github.io']
+  urls: ['https://*.github.com/*', '*://electron.github.io/*']
 }
 
 session.defaultSession.webRequest.onBeforeSendHeaders(filter, (details, callback) => {

docs/api/webview-tag.md

@@ -805,33 +805,6 @@ const requestId = webview.findInPage('test')
 console.log(requestId)
 ```
 
-### Event: 'new-window'
-
-Returns:
-
-* `url` string
-* `frameName` string
-* `disposition` string - Can be `default`, `foreground-tab`, `background-tab`,
-  `new-window`, `save-to-disk` and `other`.
-* `options` BrowserWindowConstructorOptions - The options which should be used for creating the new
-  [`BrowserWindow`](browser-window.md).
-
-Fired when the guest page attempts to open a new browser window.
-
-The following example code opens the new url in system's default browser.
-
-```javascript
-const { shell } = require('electron')
-const webview = document.querySelector('webview')
-
-webview.addEventListener('new-window', async (e) => {
-  const protocol = (new URL(e.url)).protocol
-  if (protocol === 'http:' || protocol === 'https:') {
-    await shell.openExternal(e.url)
-  }
-})
-```
-
 ### Event: 'will-navigate'
 
 Returns:

docs/breaking-changes.md

@@ -12,7 +12,165 @@ This document uses the following convention to categorize breaking changes:
 * **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
 * **Removed:** An API or feature was removed, and is no longer supported by Electron.
 
-## Planned Breaking API Changes (20.0)
+## Planned Breaking API Changes (23.0)
+
+### Removed: Windows 7 / 8 / 8.1 support
+
+[Windows 7, Windows 8, and Windows 8.1 are no longer supported](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice). Electron follows the planned Chromium deprecation policy, which will [deprecate Windows 7 support beginning in Chromium 109](https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en).
+
+Older versions of Electron will continue to run on these operating systems, but Windows 10 or later will be required to run Electron v23.0.0 and higher.
+
+### Removed: BrowserWindow `scroll-touch-*` events
+
+The deprecated `scroll-touch-begin`, `scroll-touch-end` and `scroll-touch-edge`
+events on BrowserWindow have been removed. Instead, use the newly available
+[`input-event` event](api/web-contents.md#event-input-event) on WebContents.
+
+```js
+// Removed in Electron 23.0
+win.on('scroll-touch-begin', scrollTouchBegin)
+win.on('scroll-touch-edge', scrollTouchEdge)
+win.on('scroll-touch-end', scrollTouchEnd)
+
+// Replace with
+win.webContents.on('input-event', (_, event) => {
+  if (event.type === 'gestureScrollBegin') {
+    scrollTouchBegin()
+  } else if (event.type === 'gestureScrollUpdate') {
+    scrollTouchEdge()
+  } else if (event.type === 'gestureScrollEnd') {
+    scrollTouchEnd()
+  }
+})
+```
+
+### Removed: `webContents.incrementCapturerCount(stayHidden, stayAwake)`
+
+The `webContents.incrementCapturerCount(stayHidden, stayAwake)` function has been removed.
+It is now automatically handled by `webContents.capturePage` when a page capture completes.
+
+```js
+const w = new BrowserWindow({ show: false })
+
+// Removed in Electron 23
+w.webContents.incrementCapturerCount()
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+  w.webContents.decrementCapturerCount()
+})
+
+// Replace with
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+})
+```
+
+### Removed: `webContents.decrementCapturerCount(stayHidden, stayAwake)`
+
+The `webContents.decrementCapturerCount(stayHidden, stayAwake)` function has been removed.
+It is now automatically handled by `webContents.capturePage` when a page capture completes.
+
+```js
+const w = new BrowserWindow({ show: false })
+
+// Removed in Electron 23
+w.webContents.incrementCapturerCount()
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+  w.webContents.decrementCapturerCount()
+})
+
+// Replace with
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+})
+```
+
+## Planned Breaking API Changes (22.0)
+
+### Deprecated: `webContents.incrementCapturerCount(stayHidden, stayAwake)`
+
+`webContents.incrementCapturerCount(stayHidden, stayAwake)` has been deprecated.
+It is now automatically handled by `webContents.capturePage` when a page capture completes.
+
+```js
+const w = new BrowserWindow({ show: false })
+
+// Removed in Electron 23
+w.webContents.incrementCapturerCount()
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+  w.webContents.decrementCapturerCount()
+})
+
+// Replace with
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+})
+```
+
+### Deprecated: `webContents.decrementCapturerCount(stayHidden, stayAwake)`
+
+`webContents.decrementCapturerCount(stayHidden, stayAwake)` has been deprecated.
+It is now automatically handled by `webContents.capturePage` when a page capture completes.
+
+```js
+const w = new BrowserWindow({ show: false })
+
+// Removed in Electron 23
+w.webContents.incrementCapturerCount()
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+  w.webContents.decrementCapturerCount()
+})
+
+// Replace with
+w.capturePage().then(image => {
+  console.log(image.toDataURL())
+})
+```
+
+### Removed: WebContents `new-window` event
+
+The `new-window` event of WebContents has been removed. It is replaced by [`webContents.setWindowOpenHandler()`](api/web-contents.md#contentssetwindowopenhandlerhandler).
+
+```js
+// Removed in Electron 22
+webContents.on('new-window', (event) => {
+  event.preventDefault()
+})
+
+// Replace with
+webContents.setWindowOpenHandler((details) => {
+  return { action: 'deny' }
+})
+```
+
+### Deprecated: BrowserWindow `scroll-touch-*` events
+
+The `scroll-touch-begin`, `scroll-touch-end` and `scroll-touch-edge` events on
+BrowserWindow are deprecated. Instead, use the newly available [`input-event`
+event](api/web-contents.md#event-input-event) on WebContents.
+
+```js
+// Deprecated
+win.on('scroll-touch-begin', scrollTouchBegin)
+win.on('scroll-touch-edge', scrollTouchEdge)
+win.on('scroll-touch-end', scrollTouchEnd)
+
+// Replace with
+win.webContents.on('input-event', (_, event) => {
+  if (event.type === 'gestureScrollBegin') {
+    scrollTouchBegin()
+  } else if (event.type === 'gestureScrollUpdate') {
+    scrollTouchEdge()
+  } else if (event.type === 'gestureScrollEnd') {
+    scrollTouchEnd()
+  }
+})
+```
+
+## Planned Breaking API Changes (21.0)
 
 ### Behavior Changed: V8 Memory Cage enabled
 
@@ -76,6 +234,8 @@ webContents.printToPDF({
 })
 ```
 
+## Planned Breaking API Changes (20.0)
+
 ### Default Changed: renderers without `nodeIntegration: true` are sandboxed by default
 
 Previously, renderers that specified a preload script defaulted to being

docs/development/README.md

@@ -54,7 +54,7 @@ See [issues](issues.md) for more information.
 Most pull requests opened against the `electron/electron` repository include
 changes to either the C/C++ code in the `shell/` folder,
 the TypeScript code in the `lib/` folder, the documentation in `docs/`,
-or tests in the `spec/` and `spec-main/` folders.
+or tests in the `spec/` folder.
 
 See [pull requests](pull-requests.md) for more information.
 

docs/development/build-instructions-gn.md

@@ -146,7 +146,7 @@ $ ninja -C out/Release electron
 ```
 
 This will build all of what was previously 'libchromiumcontent' (i.e. the
-`content/` directory of `chromium` and its dependencies, incl. WebKit and V8),
+`content/` directory of `chromium` and its dependencies, incl. Blink and V8),
 so it will take a while.
 
 The built executable will be under `./out/Testing`:
@@ -281,9 +281,22 @@ $ cd electron
 $ gclient sync -f
 ```
 
+This may also happen if you have checked out a branch (as opposed to having a detached head) in `electron/src/`
+or some other dependency’s repository. If that is the case, a `git checkout --detach HEAD` in the appropriate repository should do the trick.
+
 ### I'm being asked for a username/password for chromium-internal.googlesource.com
 
 If you see a prompt for `Username for 'https://chrome-internal.googlesource.com':` when running `gclient sync` on Windows, it's probably because the `DEPOT_TOOLS_WIN_TOOLCHAIN` environment variable is not set to 0. Open `Control Panel` → `System and Security` → `System` → `Advanced system settings` and add a system variable
 `DEPOT_TOOLS_WIN_TOOLCHAIN` with value `0`.  This tells `depot_tools` to use
 your locally installed version of Visual Studio (by default, `depot_tools` will
 try to download a Google-internal version that only Googlers have access to).
+
+### `e` Module not found
+
+If `e` is not recognized despite running `npm i -g @electron/build-tools`, ie:
+
+```sh
+Error: Cannot find module '/Users/<user>/.electron_build_tools/src/e'
+```
+
+We recommend installing Node through [nvm](https://github.com/nvm-sh/nvm). This allows for easier Node version management, and is often a fix for missing `e` modules.

docs/development/build-instructions-macos.md

@@ -13,6 +13,46 @@ Follow the guidelines below for building **Electron itself** on macOS, for the p
 * [node.js](https://nodejs.org) (external)
 * Python >= 3.7
 
+### Arm64-specific prerequisites
+
+* Rosetta 2
+  * We recommend installing Rosetta if using dependencies that need to cross-compile on x64 and arm64 machines. Rosetta can be installed by using the softwareupdate command line tool.
+  * `$ softwareupdate --install-rosetta`
+
 ## Building Electron
 
 See [Build Instructions: GN](build-instructions-gn.md).
+
+## Troubleshooting
+
+### Xcode "incompatible architecture" errors (MacOS arm64-specific)
+
+If both Xcode and Xcode command line tools are installed (`$ xcode -select --install`, or directly download the correct version [here](https://developer.apple.com/download/all/?q=command%20line%20tools)), but the stack trace says otherwise like so:
+
+```sh
+xcrun: error: unable to load libxcrun
+(dlopen(/Users/<user>/.electron_build_tools/third_party/Xcode/Xcode.app/Contents/Developer/usr/lib/libxcrun.dylib (http://xcode.app/Contents/Developer/usr/lib/libxcrun.dylib), 0x0005):
+ tried: '/Users/<user>/.electron_build_tools/third_party/Xcode/Xcode.app/Contents/Developer/usr/lib/libxcrun.dylib (http://xcode.app/Contents/Developer/usr/lib/libxcrun.dylib)'
+ (mach-o file, but is an incompatible architecture (have (x86_64), need (arm64e))), '/Users/<user>/.electron_build_tools/third_party/Xcode/Xcode-11.1.0.app/Contents/Developer/usr/lib/libxcrun.dylib (http://xcode-11.1.0.app/Contents/Developer/usr/lib/libxcrun.dylib)' (mach-o file, but is an incompatible architecture (have (x86_64), need (arm64e)))).`
+```
+
+If you are on arm64 architecture, the build script may be pointing to the wrong Xcode version (11.x.y doesn't support arm64). Navigate to `/Users/<user>/.electron_build_tools/third_party/Xcode/` and rename `Xcode-13.3.0.app` to `Xcode.app` to ensure the right Xcode version is used.
+
+### Certificates fail to verify
+
+installing [`certifi`](https://pypi.org/project/certifi/) will fix the following error:
+
+```sh
+________ running 'python3 src/tools/clang/scripts/update.py' in '/Users/<user>/electron'
+Downloading https://commondatastorage.googleapis.com/chromium-browser-clang/Mac_arm64/clang-llvmorg-15-init-15652-g89a99ec9-1.tgz
+<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
+Retrying in 5 s ...
+Downloading https://commondatastorage.googleapis.com/chromium-browser-clang/Mac_arm64/clang-llvmorg-15-init-15652-g89a99ec9-1.tgz
+<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
+Retrying in 10 s ...
+Downloading https://commondatastorage.googleapis.com/chromium-browser-clang/Mac_arm64/clang-llvmorg-15-init-15652-g89a99ec9-1.tgz
+<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
+Retrying in 20 s ...
+```
+
+This issue has to do with Python 3.6 using its [own](https://github.com/python/cpython/blob/560ea272b01acaa6c531cc7d94331b2ef0854be6/Mac/BuildScript/resources/ReadMe.rtf#L35) copy of OpenSSL in lieu of the deprecated Apple-supplied OpenSSL libraries. `certifi` adds a curated bundle of default root certificates. This issue is documented in the Electron repo [here](https://github.com/electron/build-tools/issues/55). Further information about this issue can be found [here](https://stackoverflow.com/questions/27835619/urllib-and-ssl-certificate-verify-failed-error) and [here](https://stackoverflow.com/questions/40684543/how-to-make-python-use-ca-certificates-from-mac-os-truststore).

docs/development/build-instructions-windows.md

@@ -116,10 +116,6 @@ $ git config --system core.longpaths true
 
 This can happen during build, when Debugging Tools for Windows has been installed with Windows Driver Kit. Uninstall Windows Driver Kit and install Debugging Tools with steps described above.
 
-### ImportError: No module named win32file
-
-Make sure you have installed `pywin32` with `pip install pywin32`.
-
 ### Build Scripts Hang Until Keypress
 
 This bug is a "feature" of Windows' command prompt. It happens when clicking inside the prompt window with

docs/development/source-code-directory-structure.md

@@ -72,8 +72,7 @@ Electron
 |       |         message loop into Chromium's message loop.
 |       └── api/ - The implementation of common APIs, and foundations of
 |                  Electron's built-in modules.
-├── spec/ - Components of Electron's test suite run in the renderer process.
-├── spec-main/ - Components of Electron's test suite run in the main process.
+├── spec/ - Components of Electron's test suite run in the main process.
 └── BUILD.gn - Building rules of Electron.
 ```
 

docs/development/testing.md

@@ -32,9 +32,6 @@ app (surprise!) that can be found in the `spec` folder. Note that it has
 its own `package.json` and that its dependencies are therefore not defined
 in the top-level `package.json`.
 
-To run only tests in a specific process, run `npm run test --runners=PROCESS`
-where `PROCESS` is one of `main` or `remote`.
-
 To run only specific tests matching a pattern, run `npm run test --
 -g=PATTERN`, replacing the `PATTERN` with a regex that matches the tests
 you would like to run. As an example: If you want to run only IPC tests, you

docs/experimental.md

@@ -20,4 +20,4 @@ happen at an API WG meeting.  Things to consider when discussing / nominating:
 * During that time no major bugs / issues should have been caused by the adoption of this feature
 * The API is stable enough and hasn't been heavily impacted by Chromium upgrades
 * Is anyone using the API?
-* Is the API fulfilling the original proposed usecases, does it have any gaps?
+* Is the API fulfilling the original proposed use cases, does it have any gaps?

docs/faq.md

@@ -135,7 +135,7 @@ is only available in renderer processes.
 
 If [sub-pixel anti-aliasing](https://alienryderflex.com/sub_pixel/) is deactivated, then fonts on LCD screens can look blurry. Example:
 
-![subpixel rendering example]
+![Subpixel rendering example](images/subpixel-rendering-screenshot.gif)
 
 Sub-pixel anti-aliasing needs a non-transparent background of the layer containing the font glyphs. (See [this issue](https://github.com/electron/electron/issues/6344#issuecomment-420371918) for more info).
 
@@ -161,4 +161,3 @@ Notice that just setting the background in the CSS does not have the desired eff
 [indexed-db]: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API
 [message-port]: https://developer.mozilla.org/en-US/docs/Web/API/MessagePort
 [browser-window]: api/browser-window.md
-[subpixel rendering example]: images/subpixel-rendering-screenshot.gif

docs/fiddles/features/drag-and-drop/preload.js

@@ -1,5 +1,4 @@
 const { contextBridge, ipcRenderer } = require('electron')
-const path = require('path')
 
 contextBridge.exposeInMainWorld('electron', {
   startDrag: (fileName) => {

docs/fiddles/features/web-bluetooth/main.js

@@ -1,10 +1,13 @@
-const {app, BrowserWindow} = require('electron')
+const {app, BrowserWindow, ipcMain} = require('electron')
 const path = require('path')
 
 function createWindow () {
   const mainWindow = new BrowserWindow({
     width: 800,
-    height: 600
+    height: 600,
+    webPreferences: {
+      preload: path.join(__dirname, 'preload.js')
+    }    
   })
 
   mainWindow.webContents.on('select-bluetooth-device', (event, deviceList, callback) => {
@@ -14,6 +17,18 @@ function createWindow () {
     } 
   })
 
+  // Listen for a message from the renderer to get the response for the Bluetooth pairing.
+  ipcMain.on('bluetooth-pairing-response', (event, response) => {
+    bluetoothPinCallback(response)
+  })
+
+  mainWindow.webContents.session.setBluetoothPairingHandler((details, callback) => {
+
+    bluetoothPinCallback = callback
+    // Send a message to the renderer to prompt the user to confirm the pairing.
+    mainWindow.webContents.send('bluetooth-pairing-request', details)
+  })  
+
   mainWindow.loadFile('index.html')
 }
 

docs/fiddles/features/web-bluetooth/preload.js

@@ -0,0 +1,6 @@
+const { contextBridge, ipcRenderer } = require('electron')
+
+contextBridge.exposeInMainWorld('electronAPI', {
+  bluetoothPairingRequest: (callback) => ipcRenderer.on('bluetooth-pairing-request', callback),
+  bluetoothPairingResponse: (response) => ipcRenderer.send('bluetooth-pairing-response', response)
+})

docs/fiddles/features/web-bluetooth/renderer.js

@@ -5,4 +5,30 @@ async function testIt() {
   document.getElementById('device-name').innerHTML = device.name || `ID: ${device.id}`
 }
 
-document.getElementById('clickme').addEventListener('click',testIt)
+document.getElementById('clickme').addEventListener('click',testIt)
+
+window.electronAPI.bluetoothPairingRequest((event, details) => {
+  const response = {}
+  
+  switch (details.pairingKind) {
+    case 'confirm': {
+      response.confirmed = confirm(`Do you want to connect to device ${details.deviceId}?`)
+      break
+    }
+    case 'confirmPin': {
+      response.confirmed = confirm(`Does the pin ${details.pin} match the pin displayed on device ${details.deviceId}?`)
+      break
+    }
+    case 'providePin': {
+      const pin = prompt(`Please provide a pin for ${details.deviceId}.`)
+      if (pin) {
+        response.pin = pin
+        response.confirmed = true
+      } else {
+        response.confirmed = false
+      }
+    }
+  }
+
+  window.electronAPI.bluetoothPairingResponse(response)
+})

docs/fiddles/features/web-serial/main.js

@@ -33,12 +33,16 @@ function createWindow () {
     if (permission === 'serial' && details.securityOrigin === 'file:///') {
       return true
     }
+    
+    return false
   })
 
   mainWindow.webContents.session.setDevicePermissionHandler((details) => {
     if (details.deviceType === 'serial' && details.origin === 'file://') {
       return true
     }
+    
+    return false
   })
   
   mainWindow.loadFile('index.html')

docs/fiddles/features/web-usb/index.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'">
+    <title>WebUSB API</title>
+  </head>
+  <body>
+    <h1>WebUSB API</h1>
+
+    <button id="clickme">Test WebUSB</button>
+
+    <h3>USB devices automatically granted access via <i>setDevicePermissionHandler</i></h3>
+    <div id="granted-devices"></div>
+    
+    <h3>USB devices automatically granted access via <i>select-usb-device</i></h3>
+    <div id="granted-devices2"></div>
+
+    <script src="./renderer.js"></script>
+  </body>
+</html>

docs/fiddles/features/web-usb/main.js

@@ -0,0 +1,72 @@
+const {app, BrowserWindow} = require('electron')
+const e = require('express')
+const path = require('path')
+
+function createWindow () {
+  const mainWindow = new BrowserWindow({
+    width: 800,
+    height: 600
+  })
+  
+  let grantedDeviceThroughPermHandler
+
+  mainWindow.webContents.session.on('select-usb-device', (event, details, callback) => {
+    //Add events to handle devices being added or removed before the callback on
+    //`select-usb-device` is called.
+    mainWindow.webContents.session.on('usb-device-added', (event, device) => {    
+      console.log('usb-device-added FIRED WITH', device)
+      //Optionally update details.deviceList
+    })
+  
+    mainWindow.webContents.session.on('usb-device-removed', (event, device) => {
+      console.log('usb-device-removed FIRED WITH', device)
+      //Optionally update details.deviceList
+    })
+
+    event.preventDefault()
+    if (details.deviceList && details.deviceList.length > 0) {
+      const deviceToReturn  = details.deviceList.find((device) => {
+        if (!grantedDeviceThroughPermHandler || (device.deviceId != grantedDeviceThroughPermHandler.deviceId)) {
+          return true
+        }
+      })
+      if (deviceToReturn) {
+        callback(deviceToReturn.deviceId)        
+      } else {
+        callback()
+      }
+    }
+  })
+
+  mainWindow.webContents.session.setPermissionCheckHandler((webContents, permission, requestingOrigin, details) => {
+    if (permission === 'usb' && details.securityOrigin === 'file:///') {
+      return true
+    }
+  })
+
+  
+  mainWindow.webContents.session.setDevicePermissionHandler((details) => {
+    if (details.deviceType === 'usb' && details.origin === 'file://') {
+      if (!grantedDeviceThroughPermHandler) {        
+        grantedDeviceThroughPermHandler = details.device
+        return true
+      } else {
+        return false
+      }
+    }
+  })
+  
+  mainWindow.loadFile('index.html')
+}
+
+app.whenReady().then(() => {
+  createWindow()
+  
+  app.on('activate', function () {
+    if (BrowserWindow.getAllWindows().length === 0) createWindow()
+  })
+})
+
+app.on('window-all-closed', function () {
+  if (process.platform !== 'darwin') app.quit()
+})

docs/fiddles/features/web-usb/renderer.js

@@ -0,0 +1,33 @@
+function getDeviceDetails(device) {
+  return grantedDevice.productName || `Unknown device ${grantedDevice.deviceId}`
+}
+
+async function testIt() {
+  const noDevicesFoundMsg = 'No devices found'
+  const grantedDevices = await navigator.usb.getDevices()
+  let grantedDeviceList = ''
+  if (grantedDevices.length > 0) {    
+    grantedDevices.forEach(device => {
+      grantedDeviceList += `<hr>${getDeviceDetails(device)}</hr>`
+    })    
+  } else {
+    grantedDeviceList = noDevicesFoundMsg
+  }
+  document.getElementById('granted-devices').innerHTML = grantedDeviceList
+
+  grantedDeviceList = ''
+  try {
+    const grantedDevice = await navigator.usb.requestDevice({
+      filters: []
+    })
+    grantedDeviceList += `<hr>${getDeviceDetails(device)}</hr>`
+    
+  } catch (ex) {
+    if (ex.name === 'NotFoundError') {
+      grantedDeviceList = noDevicesFoundMsg
+    }
+  }
+  document.getElementById('granted-devices2').innerHTML = grantedDeviceList
+}
+
+document.getElementById('clickme').addEventListener('click',testIt)

docs/glossary.md

@@ -194,6 +194,15 @@ overly prescriptive about how it should be used. Userland enables users to
 create and share tools that provide additional functionality on top of what is
 available in "core".
 
+### utility process
+
+The utility process is a child of the main process that allows running any
+untrusted services that cannot be run in the main process. Chromium uses this
+process to perform network I/O, audio/video processing, device inputs etc.
+In Electron, you can create this process using [UtilityProcess][] API.
+
+See also: [process](#process), [main process](#main-process)
+
 ### V8
 
 V8 is Google's open source JavaScript engine. It is written in C++ and is
@@ -231,4 +240,5 @@ embedded content.
 [renderer]: #renderer-process
 [userland]: #userland
 [using native node modules]: tutorial/using-native-node-modules.md
+[UtilityProcess]: api/utility-process.md
 [v8]: #v8

docs/tutorial/accessibility.md

@@ -44,6 +44,4 @@ CFStringRef kAXManualAccessibility = CFSTR("AXManualAccessibility");
 ```
 
 [a11y-docs]: https://www.chromium.org/developers/design-documents/accessibility#TOC-How-Chrome-detects-the-presence-of-Assistive-Technology
-[a11y-devtools]: https://github.com/GoogleChrome/accessibility-developer-tools
-[a11y-devtools-wiki]: https://github.com/GoogleChrome/accessibility-developer-tools/wiki/Audit-Rules
 [setAccessibilitySupportEnabled]: ../api/app.md#appsetaccessibilitysupportenabledenabled-macos-windows

docs/tutorial/application-distribution.md

@@ -11,8 +11,8 @@ can either use specialized tooling or manual approaches.
 ## With tooling
 
 There are a couple tools out there that exist to package and distribute your Electron app.
-We recommend using [Electron Forge](https://www.electronforge.io). You can check out
-its documentation directly, or refer to the [Packaging and Distribution](./tutorial-5-packaging.md)
+We recommend using [Electron Forge](./forge-overview.md). You can check out
+its [documentation](https://www.electronforge.io) directly, or refer to the [Packaging and Distribution](./tutorial-5-packaging.md)
 part of the Electron tutorial.
 
 ## Manual packaging

docs/tutorial/asar-archives.md

@@ -0,0 +1,175 @@
+---
+title: ASAR Archives
+description: What is ASAR archive and how does it affect the application.
+slug: asar-archives
+hide_title: false
+---
+
+After creating an [application distribution](application-distribution.md), the
+app's source code are usually bundled into an [ASAR
+archive](https://github.com/electron/asar), which is a simple extensive archive
+format designed for Electron apps. By bundling the app we can mitigate issues
+around long path names on Windows, speed up `require` and conceal your source
+code from cursory inspection.
+
+The bundled app runs in a virtual file system and most APIs would just work
+normally, but for some cases you might want to work on ASAR archives explicitly
+due to a few caveats.
+
+## Using ASAR Archives
+
+In Electron there are two sets of APIs: Node APIs provided by Node.js and Web
+APIs provided by Chromium. Both APIs support reading files from ASAR archives.
+
+### Node API
+
+With special patches in Electron, Node APIs like `fs.readFile` and `require`
+treat ASAR archives as virtual directories, and the files in it as normal
+files in the filesystem.
+
+For example, suppose we have an `example.asar` archive under `/path/to`:
+
+```sh
+$ asar list /path/to/example.asar
+/app.js
+/file.txt
+/dir/module.js
+/static/index.html
+/static/main.css
+/static/jquery.min.js
+```
+
+Read a file in the ASAR archive:
+
+```javascript
+const fs = require('fs')
+fs.readFileSync('/path/to/example.asar/file.txt')
+```
+
+List all files under the root of the archive:
+
+```javascript
+const fs = require('fs')
+fs.readdirSync('/path/to/example.asar')
+```
+
+Use a module from the archive:
+
+```javascript
+require('./path/to/example.asar/dir/module.js')
+```
+
+You can also display a web page in an ASAR archive with `BrowserWindow`:
+
+```javascript
+const { BrowserWindow } = require('electron')
+const win = new BrowserWindow()
+
+win.loadURL('file:///path/to/example.asar/static/index.html')
+```
+
+### Web API
+
+In a web page, files in an archive can be requested with the `file:` protocol.
+Like the Node API, ASAR archives are treated as directories.
+
+For example, to get a file with `$.get`:
+
+```html
+<script>
+let $ = require('./jquery.min.js')
+$.get('file:///path/to/example.asar/file.txt', (data) => {
+  console.log(data)
+})
+</script>
+```
+
+### Treating an ASAR archive as a Normal File
+
+For some cases like verifying the ASAR archive's checksum, we need to read the
+content of an ASAR archive as a file. For this purpose you can use the built-in
+`original-fs` module which provides original `fs` APIs without `asar` support:
+
+```javascript
+const originalFs = require('original-fs')
+originalFs.readFileSync('/path/to/example.asar')
+```
+
+You can also set `process.noAsar` to `true` to disable the support for `asar` in
+the `fs` module:
+
+```javascript
+const fs = require('fs')
+process.noAsar = true
+fs.readFileSync('/path/to/example.asar')
+```
+
+## Limitations of the Node API
+
+Even though we tried hard to make ASAR archives in the Node API work like
+directories as much as possible, there are still limitations due to the
+low-level nature of the Node API.
+
+### Archives Are Read-only
+
+The archives can not be modified so all Node APIs that can modify files will not
+work with ASAR archives.
+
+### Working Directory Can Not Be Set to Directories in Archive
+
+Though ASAR archives are treated as directories, there are no actual
+directories in the filesystem, so you can never set the working directory to
+directories in ASAR archives. Passing them as the `cwd` option of some APIs
+will also cause errors.
+
+### Extra Unpacking on Some APIs
+
+Most `fs` APIs can read a file or get a file's information from ASAR archives
+without unpacking, but for some APIs that rely on passing the real file path to
+underlying system calls, Electron will extract the needed file into a
+temporary file and pass the path of the temporary file to the APIs to make them
+work. This adds a little overhead for those APIs.
+
+APIs that requires extra unpacking are:
+
+* `child_process.execFile`
+* `child_process.execFileSync`
+* `fs.open`
+* `fs.openSync`
+* `process.dlopen` - Used by `require` on native modules
+
+### Fake Stat Information of `fs.stat`
+
+The `Stats` object returned by `fs.stat` and its friends on files in `asar`
+archives is generated by guessing, because those files do not exist on the
+filesystem. So you should not trust the `Stats` object except for getting file
+size and checking file type.
+
+### Executing Binaries Inside ASAR archive
+
+There are Node APIs that can execute binaries like `child_process.exec`,
+`child_process.spawn` and `child_process.execFile`, but only `execFile` is
+supported to execute binaries inside ASAR archive.
+
+This is because `exec` and `spawn` accept `command` instead of `file` as input,
+and `command`s are executed under shell. There is no reliable way to determine
+whether a command uses a file in asar archive, and even if we do, we can not be
+sure whether we can replace the path in command without side effects.
+
+## Adding Unpacked Files to ASAR archives
+
+As stated above, some Node APIs will unpack the file to the filesystem when
+called. Apart from the performance issues, various anti-virus scanners might
+be triggered by this behavior.
+
+As a workaround, you can leave various files unpacked using the `--unpack` option.
+In the following example, shared libraries of native Node.js modules will not be
+packed:
+
+```sh
+$ asar pack app app.asar --unpack *.node
+```
+
+After running the command, you will notice that a folder named `app.asar.unpacked`
+was created together with the `app.asar` file. It contains the unpacked files
+and should be shipped together with the `app.asar` archive.

docs/tutorial/asar-integrity.md

@@ -0,0 +1,53 @@
+---
+title: 'ASAR Integrity'
+description: 'An experimental feature that ensures the validity of ASAR contents at runtime.'
+slug: asar-integrity
+hide_title: false
+---
+
+## Platform Support
+
+Currently ASAR integrity checking is only supported on macOS.
+
+## Requirements
+
+### Electron Forge / Electron Packager
+
+If you are using `>= electron-packager@15.4.0` or `>= @electron-forge/core@6.0.0-beta.61` then all these requirements are met for you automatically and you can skip to [Toggling the Fuse](#toggling-the-fuse).
+
+### Other build systems
+
+In order to enable ASAR integrity checking you need to ensure that your `app.asar` file was generated by a version of the `asar` npm package that supports asar integrity.  Support was introduced in version `3.1.0`.
+
+Your must then populate a valid `ElectronAsarIntegrity` dictionary block in your packaged apps `Info.plist`.  An example is included below.
+
+```plist
+<key>ElectronAsarIntegrity</key>
+<dict>
+  <key>Resources/app.asar</key>
+  <dict>
+    <key>algorithm</key>
+    <string>SHA256</string>
+    <key>hash</key>
+    <string>9d1f61ea03c4bb62b4416387a521101b81151da0cfbe18c9f8c8b818c5cebfac</string>
+  </dict>
+</dict>
+```
+
+Valid `algorithm` values are currently `SHA256` only.  The `hash` is a hash of the ASAR header using the given algorithm.  The `asar` package exposes a `getRawHeader` method whose result can then be hashed to generate this value.
+
+## Toggling the Fuse
+
+ASAR integrity checking is currently disabled by default and can be enabled by toggling a fuse. See [Electron Fuses](fuses.md) for more information on what Electron Fuses are and how they work.  When enabling this fuse you typically also want to enable the `onlyLoadAppFromAsar` fuse otherwise the validity checking can be bypassed via the Electron app code search path.
+
+```js
+require('@electron/fuses').flipFuses(
+  // E.g. /a/b/Foo.app
+  pathToPackagedApp,
+  {
+    version: FuseVersion.V1,
+    [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
+    [FuseV1Options.OnlyLoadAppFromAsar]: true
+  }
+)
+```

docs/tutorial/automated-testing.md

@@ -22,7 +22,7 @@ There are a few ways that you can set up testing using WebDriver.
 Node.js package for testing with WebDriver. Its ecosystem also includes various plugins
 (e.g. reporter and services) that can help you put together your test setup.
 
-#### Install the testrunner
+#### Install the test runner
 
 First you need to run the WebdriverIO starter toolkit in your project root directory:
 

docs/tutorial/boilerplates-and-clis.md

@@ -26,10 +26,8 @@ beginners, using a command line tool is likely to be helpful*.
 
 ## electron-forge
 
-A "complete tool for building modern Electron applications". Electron Forge
-unifies the existing (and well maintained) build tools for Electron development
-into a cohesive package so that anyone can jump right in to Electron
-development.
+Electron Forge is a tool for packaging and publishing Electron applications. It unifies Electron's tooling ecosystem
+into a single extensible interface so that anyone can jump right into making Electron apps.
 
 Forge comes with [a ready-to-use template](https://electronforge.io/templates) using Webpack as a bundler. It includes an example typescript configuration and provides two configuration files to enable easy customization. It uses the same core modules used by the
 greater Electron community (like [`electron-packager`](https://github.com/electron/electron-packager)) –

docs/tutorial/code-signing.md

@@ -52,89 +52,17 @@ ways to get your application signed and notarized.
 If you're using Electron's favorite build tool, getting your application signed
 and notarized requires a few additions to your configuration. [Forge](https://electronforge.io) is a
 collection of the official Electron tools, using [`electron-packager`],
-[`electron-osx-sign`], and [`electron-notarize`] under the hood.
+[`@electron/osx-sign`], and [`@electron/notarize`] under the hood.
 
-Let's take a look at an example `package.json` configuration with all required fields. Not all of them are
-required: the tools will be clever enough to automatically find a suitable `identity`, for instance,
-but we recommend that you are explicit.
-
-```json title="package.json" {7}
-{
-  "name": "my-app",
-  "version": "0.0.1",
-  "config": {
-    "forge": {
-      "packagerConfig": {
-        "osxSign": {
-          "identity": "Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)",
-          "hardened-runtime": true,
-          "entitlements": "entitlements.plist",
-          "entitlements-inherit": "entitlements.plist",
-          "signature-flags": "library"
-        },
-        "osxNotarize": {
-          "appleId": "felix@felix.fun",
-          "appleIdPassword": "my-apple-id-password"
-        }
-      }
-    }
-  }
-}
-```
-
-The `entitlements.plist` file referenced here needs the following macOS-specific entitlements
-to assure the Apple security mechanisms that your app is doing these things
-without meaning any harm:
-
-```xml title="entitlements.plist"
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-  <dict>
-    <key>com.apple.security.cs.allow-jit</key>
-    <true/>
-    <key>com.apple.security.cs.debugger</key>
-    <true/>
-  </dict>
-</plist>
-```
-
-Note that up until Electron 12, the `com.apple.security.cs.allow-unsigned-executable-memory` entitlement was required
-as well. However, it should not be used anymore if it can be avoided.
-
-To see all of this in action, check out Electron Fiddle's source code,
-[especially its `electron-forge` configuration
-file](https://github.com/electron/fiddle/blob/master/forge.config.js).
-
-If you plan to access the microphone or camera within your app using Electron's APIs, you'll also
-need to add the following entitlements:
-
-```xml title="entitlements.plist"
-<key>com.apple.security.device.audio-input</key>
-<true/>
-<key>com.apple.security.device.camera</key>
-<true/>
-```
-
-If these are not present in your app's entitlements when you invoke, for example:
-
-```js title="main.js"
-const { systemPreferences } = require('electron')
-const microphone = systemPreferences.askForMediaAccess('microphone')
-```
-
-Your app may crash. See the Resource Access section in [Hardened Runtime](https://developer.apple.com/documentation/security/hardened_runtime) for more information and entitlements you may need.
-
-### Using Electron Builder
-
-Electron Builder comes with a custom solution for signing your application. You
-can find [its documentation here](https://www.electron.build/code-signing).
+Detailed instructions on how to configure your application can be found in the
+[Signing macOS Apps](https://www.electronforge.io/guides/code-signing/code-signing-macos) guide in
+the Electron Forge docs.
 
 ### Using Electron Packager
 
-If you're not using an integrated build pipeline like Forge or Builder, you
-are likely using [`electron-packager`], which includes [`electron-osx-sign`] and
-[`electron-notarize`].
+If you're not using an integrated build pipeline like Forge, you
+are likely using [`electron-packager`], which includes [`@electron/osx-sign`] and
+[`@electron/notarize`].
 
 If you're using Packager's API, you can pass [in configuration that both signs
 and notarizes your application](https://electron.github.io/electron-packager/main/interfaces/electronpackager.options.html).
@@ -144,13 +72,7 @@ const packager = require('electron-packager')
 
 packager({
   dir: '/path/to/my/app',
-  osxSign: {
-    identity: 'Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)',
-    'hardened-runtime': true,
-    entitlements: 'entitlements.plist',
-    'entitlements-inherit': 'entitlements.plist',
-    'signature-flags': 'library'
-  },
+  osxSign: {},
   osxNotarize: {
     appleId: 'felix@felix.fun',
     appleIdPassword: 'my-apple-id-password'
@@ -158,26 +80,6 @@ packager({
 })
 ```
 
-The `entitlements.plist` file referenced here needs the following macOS-specific entitlements
-to assure the Apple security mechanisms that your app is doing these things
-without meaning any harm:
-
-```xml title="entitlements.plist"
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-  <dict>
-    <key>com.apple.security.cs.allow-jit</key>
-    <true/>
-    <key>com.apple.security.cs.debugger</key>
-    <true/>
-  </dict>
-</plist>
-```
-
-Up until Electron 12, the `com.apple.security.cs.allow-unsigned-executable-memory` entitlement was required
-as well. However, it should not be used anymore if it can be avoided.
-
 ### Signing Mac App Store applications
 
 See the [Mac App Store Guide].
@@ -204,36 +106,7 @@ commit it to your source code.
 
 ### Using Electron Forge
 
-Once you have a code signing certificate file (`.pfx`), you can sign
-[Squirrel.Windows][maker-squirrel] and [MSI][maker-msi] installers in Electron Forge
-with the `certificateFile` and `certificatePassword` fields in their respective
-configuration objects.
-
-For example, if you keep your Forge config in your `package.json` file and are
-creating a Squirrel.Windows installer:
-
-```json {9-15} title='package.json'
-{
-  "name": "my-app",
-  "version": "0.0.1",
-  //...
-  "config": {
-    "forge": {
-      "packagerConfig": {},
-      "makers": [
-        {
-          "name": "@electron-forge/maker-squirrel",
-          "config": {
-            "certificateFile": "./cert.pfx",
-            "certificatePassword": "this-is-a-secret"
-          }
-        }
-      ]
-    }
-  }
-  //...
-}
-```
+Electron Forge is the recommended way to sign your `Squirrel.Windows` and `WiX MSI` installers. Detailed instructions on how to configure your application can be found in the [Electron Forge Code Signing Tutorial](https://www.electronforge.io/guides/code-signing/code-signing-macos).
 
 ### Using electron-winstaller (Squirrel.Windows)
 
@@ -316,15 +189,14 @@ can find [its documentation here](https://www.electron.build/code-signing).
 See the [Windows Store Guide].
 
 [apple developer program]: https://developer.apple.com/programs/
-[`electron-builder`]: https://github.com/electron-userland/electron-builder
-[`electron-forge`]: https://github.com/electron-userland/electron-forge
-[`electron-osx-sign`]: https://github.com/electron-userland/electron-osx-sign
+[`electron-forge`]: https://github.com/electron/forge
+[`@electron/osx-sign`]: https://github.com/electron/osx-sign
 [`electron-packager`]: https://github.com/electron/electron-packager
-[`electron-notarize`]: https://github.com/electron/electron-notarize
+[`@electron/notarize`]: https://github.com/electron/notarize
 [`electron-winstaller`]: https://github.com/electron/windows-installer
-[`electron-wix-msi`]: https://github.com/felixrieseberg/electron-wix-msi
+[`electron-wix-msi`]: https://github.com/electron-userland/electron-wix-msi
 [xcode]: https://developer.apple.com/xcode
-[signing certificates]: https://github.com/electron/electron-osx-sign/wiki/1.-Getting-Started#certificates
+[signing certificates]: https://developer.apple.com/support/certificates/
 [mac app store guide]: ./mac-app-store-submission-guide.md
 [windows store guide]: ./windows-store-guide.md
 [maker-squirrel]: https://www.electronforge.io/config/makers/squirrel.windows

docs/tutorial/devices.md

@@ -16,6 +16,10 @@ with bluetooth devices. In order to use this API in Electron, developers will
 need to handle the [`select-bluetooth-device` event on the webContents](../api/web-contents.md#event-select-bluetooth-device)
 associated with the device request.
 
+Additionally, [`ses.setBluetoothPairingHandler(handler)`](../api/session.md#sessetbluetoothpairinghandlerhandler-windows-linux)
+can be used to handle pairing to bluetooth devices on Windows or Linux when
+additional validation such as a pin is needed.
+
 ### Example
 
 This example demonstrates an Electron application that automatically selects
@@ -111,3 +115,41 @@ when the `Test Web Serial` button is clicked.
 ```javascript fiddle='docs/fiddles/features/web-serial'
 
 ```
+
+## WebUSB API
+
+The [WebUSB API](https://web.dev/usb/) can be used to access USB devices.
+Electron provides several APIs for working with the WebUSB API:
+
+* The [`select-usb-device` event on the Session](../api/session.md#event-select-usb-device)
+  can be used to select a USB device when a call to
+  `navigator.usb.requestDevice` is made.  Additionally the [`usb-device-added`](../api/session.md#event-usb-device-added)
+  and [`usb-device-removed`](../api/session.md#event-usb-device-removed) events
+  on the Session can be used to handle devices being plugged in or unplugged
+  when handling the `select-usb-device` event.
+  **Note:** These two events only fire until the callback from `select-usb-device`
+  is called.  They are not intended to be used as a generic usb device listener.
+* The [`usb-device-revoked' event on the Session](../api/session.md#event-usb-device-revoked) can
+  be used to respond when [device.forget()](https://developer.chrome.com/articles/usb/#revoke-access)
+  is called on a USB device.
+* [`ses.setDevicePermissionHandler(handler)`](../api/session.md#sessetdevicepermissionhandlerhandler)
+  can be used to provide default permissioning to devices without first calling
+  for permission to devices via `navigator.usb.requestDevice`.  Additionally,
+  the default behavior of Electron is to store granted device permission through
+  the lifetime of the corresponding WebContents.  If longer term storage is
+  needed, a developer can store granted device permissions (eg when handling
+  the `select-usb-device` event) and then read from that storage with
+  `setDevicePermissionHandler`.
+* [`ses.setPermissionCheckHandler(handler)`](../api/session.md#sessetpermissioncheckhandlerhandler)
+  can be used to disable USB access for specific origins.
+
+### Example
+
+This example demonstrates an Electron application that automatically selects
+USB devices (if they are attached) through [`ses.setDevicePermissionHandler(handler)`](../api/session.md#sessetdevicepermissionhandlerhandler)
+and through [`select-usb-device` event on the Session](../api/session.md#event-select-usb-device)
+when the `Test WebUSB` button is clicked.
+
+```javascript fiddle='docs/fiddles/features/web-usb'
+
+```

docs/tutorial/distribution-overview.md

@@ -11,7 +11,7 @@ you can deliver it to your users.
 ## Packaging
 
 To distribute your app with Electron, you need to package all your resources and assets
-into an executable and rebrand it. To do this, you can either use specialized tooling
+into an executable and rebrand it. To do this, you can either use specialized tooling like Electron Forge
 or do it manually. See the [Application Packaging][application-packaging] tutorial
 for more information.
 

docs/tutorial/electron-timelines.md

@@ -7,28 +7,30 @@ check out our [Electron Versioning](./electron-versioning.md) doc.
 
 ## Timeline
 
-| Electron | Alpha | Beta | Stable | Chrome | Node | Supported |
-| ------- | ----- | ------- | ------ | ------ | ---- | ---- |
-| 2.0.0 | -- | 2018-Feb-21 | 2018-May-01 | M61 | v8.9 | 🚫 |
-| 3.0.0 | -- | 2018-Jun-21 | 2018-Sep-18 | M66 | v10.2 | 🚫 |
-| 4.0.0 | -- | 2018-Oct-11 | 2018-Dec-20 | M69 | v10.11 | 🚫 |
-| 5.0.0 | -- | 2019-Jan-22 | 2019-Apr-24 | M73 | v12.0 | 🚫 |
-| 6.0.0 | -- | 2019-May-01 | 2019-Jul-30 | M76 | v12.4 | 🚫 |
-| 7.0.0 | -- | 2019-Aug-01 | 2019-Oct-22 | M78 | v12.8 | 🚫 |
-| 8.0.0 | -- | 2019-Oct-24 | 2020-Feb-04 | M80 | v12.13 | 🚫 |
-| 9.0.0 | -- | 2020-Feb-06 | 2020-May-19 | M83 | v12.14 | 🚫 |
-| 10.0.0 | -- | 2020-May-21 | 2020-Aug-25 | M85 | v12.16 | 🚫 |
-| 11.0.0 | -- | 2020-Aug-27 | 2020-Nov-17 | M87 | v12.18 | 🚫 |
-| 12.0.0 | -- | 2020-Nov-19 | 2021-Mar-02 | M89 | v14.16 | 🚫 |
-| 13.0.0 | -- | 2021-Mar-04 | 2021-May-25 | M91 | v14.16 | 🚫 |
-| 14.0.0 | -- | 2021-May-27 | 2021-Aug-31 | M93 | v14.17 | 🚫 |
-| 15.0.0 | 2021-Jul-20 | 2021-Sep-01 | 2021-Sep-21 | M94 | v16.5 | 🚫 |
-| 16.0.0 | 2021-Sep-23 | 2021-Oct-20 | 2021-Nov-16 | M96 | v16.9 | 🚫 |
-| 17.0.0 | 2021-Nov-18 | 2022-Jan-06 | 2022-Feb-01 | M98 | v16.13 | 🚫 |
-| 18.0.0 | 2022-Feb-03 | 2022-Mar-03 | 2022-Mar-29 | M100 | v16.13 | ✅ |
-| 19.0.0 | 2022-Mar-31 | 2022-Apr-26 | 2022-May-24 | M102 | v16.14 | ✅ |
-| 20.0.0 | 2022-May-26 | 2022-Jun-21 | 2022-Aug-02 | M104 | v16.15 | ✅ |
-| 21.0.0 | 2022-Aug-04 | 2022-Aug-30 | 2022-Sep-27 | M106 | TBD | ✅ |
+| Electron | Alpha | Beta | Stable | EOL | Chrome | Node | Supported |
+| ------- | ----- | ------- | ------ | ------ | ---- | ---- | ---- |
+| 23.0.0 | 2022-Dec-01 | 2023-Jan-10 | 2023-Feb-07 | TBD | M110 | TBD | ✅ |
+| 22.0.0 | 2022-Sep-29 | 2022-Oct-25 | 2022-Nov-29 | TBD | M108 | v16.17 | ✅ |
+| 21.0.0 | 2022-Aug-04 | 2022-Aug-30 | 2022-Sep-27 | TBD | M106 | v16.16 | ✅ |
+| 20.0.0 | 2022-May-26 | 2022-Jun-21 | 2022-Aug-02 | TBD | M104 | v16.15 | ✅ |
+| 19.0.0 | 2022-Mar-31 | 2022-Apr-26 | 2022-May-24 | 2022-Nov-29 | M102 | v16.14 | 🚫 |
+| 18.0.0 | 2022-Feb-03 | 2022-Mar-03 | 2022-Mar-29 | 2022-Sep-27 | M100 | v16.13 | 🚫 |
+| 17.0.0 | 2021-Nov-18 | 2022-Jan-06 | 2022-Feb-01 | 2022-Aug-02 | M98 | v16.13 | 🚫 |
+| 16.0.0 | 2021-Sep-23 | 2021-Oct-20 | 2021-Nov-16 | 2022-May-24 | M96 | v16.9 | 🚫 |
+| 15.0.0 | 2021-Jul-20 | 2021-Sep-01 | 2021-Sep-21 | 2022-May-24 | M94 | v16.5 | 🚫 |
+| 14.0.0 | -- | 2021-May-27 | 2021-Aug-31 | 2022-Mar-29 | M93 | v14.17 | 🚫 |
+| 13.0.0 | -- | 2021-Mar-04 | 2021-May-25 | 2022-Feb-01 | M91 | v14.16 | 🚫 |
+| 12.0.0 | -- | 2020-Nov-19 | 2021-Mar-02 | 2021-Nov-16 | M89 | v14.16 | 🚫 |
+| 11.0.0 | -- | 2020-Aug-27 | 2020-Nov-17 | 2021-Aug-31 | M87 | v12.18 | 🚫 |
+| 10.0.0 | -- | 2020-May-21 | 2020-Aug-25 | 2021-May-25 | M85 | v12.16 | 🚫 |
+| 9.0.0 | -- | 2020-Feb-06 | 2020-May-19 | 2021-Mar-02 | M83 | v12.14 | 🚫 |
+| 8.0.0 | -- | 2019-Oct-24 | 2020-Feb-04 | 2020-Nov-17 | M80 | v12.13 | 🚫 |
+| 7.0.0 | -- | 2019-Aug-01 | 2019-Oct-22 | 2020-Aug-25 | M78 | v12.8 | 🚫 |
+| 6.0.0 | -- | 2019-Apr-25 | 2019-Jul-30 | 2020-May-19 | M76 | v12.14.0 | 🚫 |
+| 5.0.0 | -- | 2019-Jan-22 | 2019-Apr-23 | 2020-Feb-04 | M73 | v12.0 | 🚫 |
+| 4.0.0 | -- | 2018-Oct-11 | 2018-Dec-20 | 2019-Oct-22 | M69 | v10.11 | 🚫 |
+| 3.0.0 | -- | 2018-Jun-21 | 2018-Sep-18 | 2019-Jul-30 | M66 | v10.2 | 🚫 |
+| 2.0.0 | -- | 2018-Feb-21 | 2018-May-01 | 2019-Apr-23 | M61 | v8.9 | 🚫 |
 
 **Notes:**
 

docs/tutorial/forge-overview.md

@@ -0,0 +1,36 @@
+# Distributing Apps With Electron Forge
+
+Electron Forge is a tool for packaging and publishing Electron applications.
+It unifies Electron's build tooling ecosystem into
+a single extensible interface so that anyone can jump right into making Electron apps.
+
+## Getting started
+
+The [Electron Forge docs] contain detailed information on taking your application
+from source code to your end users' machines.
+This includes:
+
+* Packaging your application [(package)]
+* Generating executables and installers for each OS [(make)], and,
+* Publishing these files to online platforms to download [(publish)].
+
+For beginners, we recommend following through Electron's [tutorial] to develop, build,
+package and publish your first Electron app. If you have already developed an app on your machine
+and want to start on packaging and distribution, start from [step 5] of the tutorial.
+
+## Getting help
+
+* If you need help with developing your app, our [community Discord server][discord] is a great place
+to get advice from other Electron app developers.
+* If you suspect you're running into a bug with Forge, please check the [GitHub issue tracker]
+to see if any existing issues match your problem. If not, feel free to fill out our bug report
+template and submit a new issue.
+
+[Electron Forge Docs]: https://www.electronforge.io/
+[step 5]: ./tutorial-5-packaging.md
+[(package)]: https://www.electronforge.io/cli#package
+[(make)]: https://www.electronforge.io/cli#make
+[(publish)]: https://www.electronforge.io/cli#publish
+[GitHub issue tracker]: https://github.com/electron-userland/electron-forge/issues
+[discord]: https://discord.gg/APGC3k5yaH
+[tutorial]: https://www.electronjs.org/docs/latest/tutorial/tutorial-prerequisites

docs/tutorial/fuses.md

@@ -8,6 +8,59 @@ For a subset of Electron functionality it makes sense to disable certain feature
 
 Fuses are the solution to this problem, at a high level they are "magic bits" in the Electron binary that can be flipped when packaging your Electron app to enable / disable certain features / restrictions.  Because they are flipped at package time before you code sign your app the OS becomes responsible for ensuring those bits aren't flipped back via OS level code signing validation (Gatekeeper / App Locker).
 
+## Current Fuses
+
+### `runAsNode`
+
+**Default:** Enabled
+**@electron/fuses:** `FuseV1Options.RunAsNode`
+
+The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not.  Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environment variable to function.
+
+### `cookieEncryption`
+
+**Default:** Disabled
+**@electron/fuses:** `FuseV1Options.EnableCookieEncryption`
+
+The cookieEncryption fuse toggles whether the cookie store on disk is encrypted using OS level cryptography keys.  By default the sqlite database that Chromium uses to store cookies stores the values in plaintext.  If you wish to ensure your apps cookies are encrypted in the same way Chrome does then you should enable this fuse.  Please note it is a one-way transition, if you enable this fuse existing unencrypted cookies will be encrypted-on-write but if you then disable the fuse again your cookie store will effectively be corrupt and useless.  Most apps can safely enable this fuse.
+
+### `nodeOptions`
+
+**Default:** Enabled
+**@electron/fuses:** `FuseV1Options.EnableNodeOptionsEnvironmentVariable`
+
+The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions) environment variable is respected or not.  This environment variable can be used to pass all kinds of custom options to the Node.js runtime and isn't typically used by apps in production.  Most apps can safely disable this fuse.
+
+### `nodeCliInspect`
+
+**Default:** Enabled
+**@electron/fuses:** `FuseV1Options.EnableNodeCliInspectArguments`
+
+The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected or not.  When disabled it also ensures that `SIGUSR1` signal does not initialize the main process inspector.  Most apps can safely disable this fuse.
+
+### `embeddedAsarIntegrityValidation`
+
+**Default:** Disabled
+**@electron/fuses:** `FuseV1Options.EnableEmbeddedAsarIntegrityValidation`
+
+The embeddedAsarIntegrityValidation fuse toggles an experimental feature on macOS that validates the content of the `app.asar` file when it is loaded.  This feature is designed to have a minimal performance impact but may marginally slow down file reads from inside the `app.asar` archive.
+
+For more information on how to use asar integrity validation please read the [Asar Integrity](asar-integrity.md) documentation.
+
+### `onlyLoadAppFromAsar`
+
+**Default:** Disabled
+**@electron/fuses:** `FuseV1Options.OnlyLoadAppFromAsar`
+
+The onlyLoadAppFromAsar fuse changes the search system that Electron uses to locate your app code.  By default Electron will search in the following order `app.asar` -> `app` -> `default_app.asar`.  When this fuse is enabled the search order becomes a single entry `app.asar` thus ensuring that when combined with the `embeddedAsarIntegrityValidation` fuse it is impossible to load non-validated code.
+
+### `loadBrowserProcessSpecificV8Snapshot`
+
+**Default:** Disabled
+**@electron/fuses:** `FuseV1Options.LoadBrowserProcessSpecificV8Snapshot`
+
+The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process.  By default Electron's processes will all use the same V8 snapshot file.  When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
+
 ## How do I flip the fuses?
 
 ### The easy way
@@ -20,11 +73,18 @@ require('@electron/fuses').flipFuses(
   require('electron'),
   // Fuses to flip
   {
-    runAsNode: false
+    version: FuseVersion.V1,
+    [FuseV1Options.RunAsNode]: false
   }
 )
 ```
 
+You can validate the fuses have been flipped or check the fuse status of an arbitrary Electron app using the fuses CLI.
+
+```bash
+ npx @electron/fuses read --app /Applications/Foo.app
+```
+
 ### The hard way
 
 #### Quick Glossary

docs/tutorial/introduction.md

@@ -47,7 +47,7 @@ are the different categories and what you can expect on each one:
 - **Examples**: Quick references to add features to your Electron app.
 - **Development**: Miscellaneous development guides.
 - **Distribution**: Learn how to distribute your app to end users.
-- **Testing and debugging**: How to debug JavaScript, write tests, and other tools used
+- **Testing And Debugging**: How to debug JavaScript, write tests, and other tools used
   to create quality Electron applications.
 - **References**: Useful links to better understand how the Electron project works
   and is organized.

docs/tutorial/mac-app-store-submission-guide.md

@@ -11,7 +11,7 @@ This guide provides information on:
 To sign Electron apps, the following tools must be installed first:
 
 * Xcode 11 or above.
-* The [electron-osx-sign][electron-osx-sign] npm module.
+* The [@electron/osx-sign] npm module.
 
 You also have to register an Apple Developer account and join the
 [Apple Developer Program][developer-program].
@@ -103,7 +103,7 @@ Apps submitted to the Mac App Store must run under Apple's
 the App Sandbox. The standard darwin build of Electron will fail to launch
 when run under App Sandbox.
 
-When signing the app with `electron-osx-sign`, it will automatically add the
+When signing the app with `@electron/osx-sign`, it will automatically add the
 necessary entitlements to your app's entitlements, but if you are using custom
 entitlements, you must ensure App Sandbox capacity is added:
 
@@ -120,7 +120,7 @@ entitlements, you must ensure App Sandbox capacity is added:
 
 #### Extra steps without `electron-osx-sign`
 
-If you are signing your app without using `electron-osx-sign`, you must ensure
+If you are signing your app without using `@electron/osx-sign`, you must ensure
 the app bundle's entitlements have at least following keys:
 
 ```xml
@@ -170,22 +170,22 @@ your Apple Developer account's Team ID as its value:
 </plist>
 ```
 
-When using `electron-osx-sign` the `ElectronTeamID` key will be added
+When using `@electron/osx-sign` the `ElectronTeamID` key will be added
 automatically by extracting the Team ID from the certificate's name. You may
-need to manually add this key if `electron-osx-sign` could not find the correct
+need to manually add this key if `@electron/osx-sign` could not find the correct
 Team ID.
 
 ### Sign apps for development
 
 To sign an app that can run on your development machine, you must sign it with
 the "Apple Development" certificate and pass the provisioning profile to
-`electron-osx-sign`.
+`@electron/osx-sign`.
 
 ```bash
 electron-osx-sign YourApp.app --identity='Apple Development' --provisioning-profile=/path/to/yourapp.provisionprofile
 ```
 
-If you are signing without `electron-osx-sign`, you must place the provisioning
+If you are signing without `@electron/osx-sign`, you must place the provisioning
 profile to `YourApp.app/Contents/embedded.provisionprofile`.
 
 The signed app can only run on the machines that registered by the provisioning
@@ -213,7 +213,7 @@ use App Sandbox.
 electron-osx-sign YourApp.app --identity='Developer ID Application' --no-gatekeeper-assess
 ```
 
-By passing `--no-gatekeeper-assess`, the `electron-osx-sign` will skip the macOS
+By passing `--no-gatekeeper-assess`, `@electron/osx-sign` will skip the macOS
 GateKeeper check as your app usually has not been notarized yet by this step.
 
 <!-- TODO(zcbenz): Add a chapter about App Notarization -->
@@ -232,7 +232,7 @@ how to meet the Mac App Store requirements.
 
 ### Upload
 
-The Application Loader should be used to upload the signed app to iTunes
+[Apple Transporter][apple-transporter] should be used to upload the signed app to App Store
 Connect for processing, making sure you have [created a record][create-record]
 before uploading.
 
@@ -341,11 +341,12 @@ Electron uses following cryptographic algorithms:
 * RIPEMD - [ISO/IEC 10118-3](https://webstore.ansi.org/RecordDetail.aspx?sku=ISO%2FIEC%2010118-3:2004)
 
 [developer-program]: https://developer.apple.com/support/compare-memberships/
-[electron-osx-sign]: https://github.com/electron/electron-osx-sign
+[@electron/osx-sign]: https://github.com/electron/electron-osx-sign
 [app-sandboxing]: https://developer.apple.com/app-sandboxing/
 [app-notarization]: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution
 [submitting-your-app]: https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDistributionGuide/SubmittingYourApp/SubmittingYourApp.html
-[create-record]: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/CreatingiTunesConnectRecord.html
+[create-record]: https://help.apple.com/app-store-connect/#/dev2cd126805
+[apple-transporter]: https://help.apple.com/itc/transporteruserguide/en.lproj/static.html
 [submit-for-review]: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/SubmittingTheApp.html
 [export-compliance]: https://help.apple.com/app-store-connect/#/devc3f64248f
 [user-selected]: https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html#//apple_ref/doc/uid/TP40011195-CH4-SW6

docs/tutorial/message-ports.md

@@ -101,7 +101,7 @@ app.whenReady().then(async () => {
     }
   })
 
-  const secondaryWindow = BrowserWindow({
+  const secondaryWindow = new BrowserWindow({
     show: false,
     webPreferences: {
       contextIsolation: false,
@@ -144,7 +144,7 @@ to use `contextIsolation` and set up specific contextBridge calls for each of yo
 expected messages, but for the simplicity of this example we don't. You can find an
 example of context isolation further down this page at [Communicating directly between the main process and the main world of a context-isolated page](#communicating-directly-between-the-main-process-and-the-main-world-of-a-context-isolated-page)
 
-That means window.messagePort is globally available and you can call
+That means window.electronMessagePort is globally available and you can call
 `postMessage` on it from anywhere in your app to send a message to the other
 renderer.
 
@@ -180,19 +180,16 @@ app.whenReady().then(async () => {
 
   // We can't use ipcMain.handle() here, because the reply needs to transfer a
   // MessagePort.
-  ipcMain.on('request-worker-channel', (event) => {
-    // For security reasons, let's make sure only the frames we expect can
-    // access the worker.
-    if (event.senderFrame === mainWindow.webContents.mainFrame) {
-      // Create a new channel ...
-      const { port1, port2 } = new MessageChannelMain()
-      // ... send one end to the worker ...
-      worker.webContents.postMessage('new-client', null, [port1])
-      // ... and the other end to the main window.
-      event.senderFrame.postMessage('provide-worker-channel', null, [port2])
-      // Now the main window and the worker can communicate with each other
-      // without going through the main process!
-    }
+  // Listen for message sent from the top-level frame
+  mainWindow.webContents.mainFrame.on('request-worker-channel', (event) => {
+    // Create a new channel ...
+    const { port1, port2 } = new MessageChannelMain()
+    // ... send one end to the worker ...
+    worker.webContents.postMessage('new-client', null, [port1])
+    // ... and the other end to the main window.
+    event.senderFrame.postMessage('provide-worker-channel', null, [port2])
+    // Now the main window and the worker can communicate with each other
+    // without going through the main process!
   })
 })
 ```
@@ -272,7 +269,7 @@ const makeStreamingRequest = (element, callback) => {
 }
 
 makeStreamingRequest(42, (data) => {
-  console.log('got response data:', event.data)
+  console.log('got response data:', data)
 })
 // We will see "got response data: 42" 10 times.
 ```

docs/tutorial/multithreading.md

@@ -20,6 +20,8 @@ const win = new BrowserWindow({
 The `nodeIntegrationInWorker` can be used independent of `nodeIntegration`, but
 `sandbox` must not be set to `true`.
 
+**Note:** This option is not available in [`SharedWorker`s](https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker) or [`Service Worker`s](https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker) owing to incompatibilities in sandboxing policies.
+
 ## Available APIs
 
 All built-in modules of Node.js are supported in Web Workers, and `asar`

docs/tutorial/native-file-drag-drop.md

@@ -22,7 +22,6 @@ In `preload.js` use the [`contextBridge`] to inject a method `window.electron.st
 
 ```js
 const { contextBridge, ipcRenderer } = require('electron')
-const path = require('path')
 
 contextBridge.exposeInMainWorld('electron', {
   startDrag: (fileName) => {

docs/tutorial/notifications.md

@@ -79,11 +79,6 @@ Start Menu. This can be overkill during development, so adding
 trick. Navigate to the file in Explorer, right-click and 'Pin to Start Menu'.
 You will then need to add the line `app.setAppUserModelId(process.execPath)` to
 your main process to see notifications.
-* On Windows 8.1 and Windows 8, a shortcut to your app with an [Application User
-Model ID][app-user-model-id] must be installed to the Start screen. Note,
-however, that it does not need to be pinned to the Start screen.
-* On Windows 7, notifications work via a custom implementation which visually
-resembles the native one on newer systems.
 
 Electron attempts to automate the work around the Application User Model ID. When
 Electron is used together with the installation and update framework Squirrel,
@@ -92,12 +87,6 @@ Electron will detect that Squirrel was used and will automatically call
 `app.setAppUserModelId()` with the correct value. During development, you may have
 to call [`app.setAppUserModelId()`][set-app-user-model-id] yourself.
 
-Furthermore, in Windows 8, the maximum length for the notification body is 250
-characters, with the Windows team recommending that notifications should be kept
-to 200 characters. That said, that limitation has been removed in Windows 10, with
-the Windows team asking developers to be reasonable. Attempting to send gigantic
-amounts of text to the API (thousands of characters) might result in instability.
-
 #### Advanced Notifications
 
 Later versions of Windows allow for advanced notifications, with custom templates,

docs/tutorial/performance.md

@@ -419,6 +419,18 @@ environment that needs to handle both Node.js and browser environments.
 As of writing this article, the popular choices include [Webpack][webpack],
 [Parcel][parcel], and [rollup.js][rollup].
 
+### 8. Call `Menu.setApplicationMenu(null)` when you do not need a default menu
+
+Electron will set a default menu on startup with some standard entries. But there are reasons your application might want to change that and it will benefit startup performance.
+
+#### Why?
+
+If you build your own menu or use a frameless window without native menu, you should tell Electron early enough to not setup the default menu.
+
+#### How?
+
+Call `Menu.setApplicationMenu(null)` before `app.on("ready")`. This will prevent Electron from setting a default menu. See also https://github.com/electron/electron/issues/35512 for a related discussion.
+
 [security]: ./security.md
 [chrome-devtools-tutorial]: https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
 [worker-threads]: https://nodejs.org/api/worker_threads.html

docs/tutorial/process-model.md

@@ -214,8 +214,25 @@ This feature is incredibly useful for two main purposes:
   URL, you can add custom properties onto the renderer's `window` global that can
   be used for desktop-only logic on the web client's side.
 
+## The utility process
+
+Each Electron app can spawn multiple child processes from the main process using
+the [UtilityProcess][] API. The utility process runs in a Node.js environment,
+meaning it has the ability to `require` modules and use all of Node.js APIs.
+The utility process can be used to host for example: untrusted services,
+CPU intensive tasks or crash prone components which would have previously
+been hosted in the main process or process spawned with Node.js [`child_process.fork`][] API.
+The primary difference between the utility process and process spawned by Node.js
+child_process module is that the utility process can establish a communication
+channel with a renderer process using [`MessagePort`][]s. An Electron app can
+always prefer the [UtilityProcess][] API over Node.js [`child_process.fork`][] API when
+there is need to fork a child process from the main process.
+
 [window-mdn]: https://developer.mozilla.org/en-US/docs/Web/API/Window
+[`MessagePort`]: https://developer.mozilla.org/en-US/docs/Web/API/MessagePort
+[`child_process.fork`]: https://nodejs.org/dist/latest-v16.x/docs/api/child_process.html#child_processforkmodulepath-args-options
 [context-isolation]: ./context-isolation.md
 [context-bridge]: ../api/context-bridge.md
 [ipcrenderer]: ../api/ipc-renderer.md
+[UtilityProcess]: ../api/utility-process.md
 [tutorial]: ./tutorial-1-prerequisites.md

docs/tutorial/sandbox.md

@@ -12,28 +12,10 @@ the GPU service and the network service.
 
 See Chromium's [Sandbox design document][sandbox] for more information.
 
-## Electron's sandboxing policies
-
-Electron comes with a mixed sandbox environment, meaning sandboxed processes can run
-alongside privileged ones. By default, renderer processes are not sandboxed, but
-utility processes are. Note that as in Chromium, the main (browser) process is
-privileged and cannot be sandboxed.
-
-Historically, this mixed sandbox approach was established because having Node.js available
-in the renderer is an extremely powerful tool for app developers. Unfortunately, this
-feature is also an equally massive security vulnerability.
-
-Theoretically, unsandboxed renderers are not a problem for desktop applications that
-only display trusted code, but they make Electron less secure than Chromium for
-displaying untrusted web content. However, even purportedly trusted code may be
-dangerous — there are countless attack vectors that malicious actors can use, from
-cross-site scripting to content injection to man-in-the-middle attacks on remotely loaded
-websites, just to name a few. For this reason, we recommend enabling renderer sandboxing
-for the vast majority of cases under an abundance of caution.
-
-<!--TODO: update this guide when #28466 is either solved or closed -->
-Note that there is an active discussion in the issue tracker to enable renderer sandboxing
-by default. See [#28466][issue-28466]) for details.
+Starting from Electron 20, the sandbox is enabled for renderer processes without any
+further configuration. If you want to disable the sandbox for a process, see the
+[Disabling the sandbox for a single process](#disabling-the-sandbox-for-a-single-process)
+section.
 
 ## Sandbox behaviour in Electron
 
@@ -46,12 +28,17 @@ When renderer processes in Electron are sandboxed, they behave in the same way a
 regular Chrome renderer would. A sandboxed renderer won't have a Node.js
 environment initialized.
 
-<!-- TODO(erickzhao): when we have a solid guide for IPC, link it here -->
 Therefore, when the sandbox is enabled, renderer processes can only perform privileged
 tasks (such as interacting with the filesystem, making changes to the system, or spawning
 subprocesses) by delegating these tasks to the main process via inter-process
 communication (IPC).
 
+:::note
+
+For more info on inter-process communication, check out our [IPC guide](./ipc.md).
+
+:::
+
 ### Preload scripts
 
 In order to allow renderer processes to communicate with the main process, preload
@@ -66,7 +53,7 @@ but can only import a subset of Electron and Node's built-in modules:
 
 In addition, the preload script also polyfills certain Node.js primitives as globals:
 
-* [`Buffer`](https://nodejs.org/api/Buffer.html)
+* [`Buffer`](https://nodejs.org/api/buffer.html)
 * [`process`](../api/process.md)
 * [`clearImmediate`](https://nodejs.org/api/timers.html#timers_clearimmediate_immediate)
 * [`setImmediate`](https://nodejs.org/api/timers.html#timers_setimmediate_callback_args)
@@ -83,13 +70,17 @@ privileged APIs to untrusted code running in the renderer process unless
 
 ## Configuring the sandbox
 
-### Enabling the sandbox for a single process
+For most apps, sandboxing is the best choice. In certain use cases that are incompatible with
+the sandbox (for instance, when using native node modules in the renderer),
+it is possible to disable the sandbox for specific processes. This comes with security
+risks, especially if any untrusted code or content is present in the unsandboxed process.
 
-In Electron, renderer sandboxing can be enabled on a per-process basis with
-the `sandbox: true` preference in the [`BrowserWindow`][browser-window] constructor.
+### Disabling the sandbox for a single process
 
-```js
-// main.js
+In Electron, renderer sandboxing can be disabled on a per-process basis with
+the `sandbox: false` preference in the [`BrowserWindow`][browser-window] constructor.
+
+```js title='main.js'
 app.whenReady().then(() => {
   const win = new BrowserWindow({
     webPreferences: {
@@ -100,17 +91,30 @@ app.whenReady().then(() => {
 })
 ```
 
+Sandboxing is also disabled whenever Node.js integration is enabled in the renderer.
+This can be done through the BrowserWindow constructor with the `nodeIntegration: true` flag.
+
+```js title='main.js'
+app.whenReady().then(() => {
+  const win = new BrowserWindow({
+    webPreferences: {
+      nodeIntegration: true
+    }
+  })
+  win.loadURL('https://google.com')
+})
+```
+
 ### Enabling the sandbox globally
 
 If you want to force sandboxing for all renderers, you can also use the
 [`app.enableSandbox`][enable-sandbox] API. Note that this API has to be called before the
 app's `ready` event.
 
-```js
-// main.js
+```js title='main.js'
 app.enableSandbox()
 app.whenReady().then(() => {
-  // no need to pass `sandbox: true` since `app.enableSandbox()` was called.
+  // any sandbox:false calls are overridden since `app.enableSandbox()` was called.
   const win = new BrowserWindow()
   win.loadURL('https://google.com')
 })
@@ -139,16 +143,16 @@ issues:
    have, to inherit everything we can from Chromium, and to respond quickly to
    security issues, but Electron cannot be as secure as Chromium without the
    resources that Chromium is able to dedicate.
-2. Some security features in Chrome (such as Safe Browsing and Certificate
+1. Some security features in Chrome (such as Safe Browsing and Certificate
    Transparency) require a centralized authority and dedicated servers, both of
    which run counter to the goals of the Electron project. As such, we disable
    those features in Electron, at the cost of the associated security they
    would otherwise bring.
-3. There is only one Chromium, whereas there are many thousands of apps built
+1. There is only one Chromium, whereas there are many thousands of apps built
    on Electron, all of which behave slightly differently. Accounting for those
    differences can yield a huge possibility space, and make it challenging to
    ensure the security of the platform in unusual use cases.
-4. We can't push security updates to users directly, so we rely on app vendors
+1. We can't push security updates to users directly, so we rely on app vendors
    to upgrade the version of Electron underlying their app in order for
    security updates to reach users.
 

docs/tutorial/security.md

@@ -113,6 +113,7 @@ You should at least follow these steps to improve the security of your applicati
 14. [Disable or limit creation of new windows](#14-disable-or-limit-creation-of-new-windows)
 15. [Do not use `shell.openExternal` with untrusted content](#15-do-not-use-shellopenexternal-with-untrusted-content)
 16. [Use a current version of Electron](#16-use-a-current-version-of-electron)
+17. [Validate the `sender` of all IPC messages](#17-validate-the-sender-of-all-ipc-messages)
 
 To automate the detection of misconfigurations and insecure patterns, it is
 possible to use
@@ -130,10 +131,8 @@ like `HTTP`. Similarly, we recommend the use of `WSS` over `WS`, `FTPS` over
 
 #### Why?
 
-`HTTPS` has three main benefits:
+`HTTPS` has two main benefits:
 
-1. It authenticates the remote server, ensuring your app connects to the correct
-   host instead of an impersonator.
 1. It ensures data integrity, asserting that the data was not modified while in
    transit between your application and the host.
 1. It encrypts the traffic between your user and the destination host, making it
@@ -256,7 +255,7 @@ the sandbox in all renderers. Loading, reading or processing any untrusted
 content in an unsandboxed process, including the main process, is not advised.
 
 :::info
-For more information on what `contextIsolation` is and how to enable it please
+For more information on what Process Sandboxing is and how to enable it please
 see our dedicated [Process Sandboxing](sandbox.md) document.
 :::info
 

docs/tutorial/snapcraft.md

@@ -237,8 +237,6 @@ apps:
     desktop: usr/share/applications/desktop.desktop
 ```
 
-[snapcraft.io]: https://snapcraft.io/
-[snapcraft-store]: https://snapcraft.io/store/
 [snapcraft-syntax]: https://docs.snapcraft.io/build-snaps/syntax
 [electron-packager]: https://github.com/electron/electron-packager
 [electron-forge]: https://github.com/electron-userland/electron-forge

docs/tutorial/testing-widevine-cdm.md

@@ -1,95 +0,0 @@
-# Testing Widevine CDM
-
-In Electron you can use the Widevine CDM library shipped with Chrome browser.
-
-Widevine Content Decryption Modules (CDMs) are how streaming services protect
-content using HTML5 video to web browsers without relying on an NPAPI plugin
-like Flash or Silverlight. Widevine support is an alternative solution for
-streaming services that currently rely on Silverlight for playback of
-DRM-protected video content. It will allow websites to show DRM-protected video
-content in Firefox without the use of NPAPI plugins. The Widevine CDM runs in an
-open-source CDM sandbox providing better user security than NPAPI plugins.
-
-#### Note on VMP
-
-As of [`Electron v1.8.0 (Chrome v59)`](https://electronjs.org/releases#1.8.1),
-the below steps are may only be some of the necessary steps to enable Widevine;
-any app on or after that version intending to use the Widevine CDM may need to
-be signed using a license obtained from [Widevine](https://www.widevine.com/)
-itself.
-
-Per [Widevine](https://www.widevine.com/):
-
-> Chrome 59 (and later) includes support for Verified Media Path (VMP). VMP
-> provides a method to verify the authenticity of a device platform. For browser
-> deployments, this will provide an additional signal to determine if a
-> browser-based implementation is reliable and secure.
->
-> The proxy integration guide has been updated with information about VMP and
-> how to issue licenses.
->
-> Widevine recommends our browser-based integrations (vendors and browser-based
-> applications) add support for VMP.
-
-To enable video playback with this new restriction,
-[castLabs](https://castlabs.com/open-source/downstream/) has created a
-[fork](https://github.com/castlabs/electron-releases) that has implemented the
-necessary changes to enable Widevine to be played in an Electron application if
-one has obtained the necessary licenses from widevine.
-
-## Getting the library
-
-Open `chrome://components/` in Chrome browser, find `Widevine Content Decryption Module`
-and make sure it is up to date, then you can find the library files from the
-application directory.
-
-### On Windows
-
-The library file `widevinecdm.dll` will be under
-`Program Files(x86)/Google/Chrome/Application/CHROME_VERSION/WidevineCdm/_platform_specific/win_(x86|x64)/`
-directory.
-
-### On macOS
-
-The library file `libwidevinecdm.dylib` will be under
-`/Applications/Google Chrome.app/Contents/Versions/CHROME_VERSION/Google Chrome Framework.framework/Versions/A/Libraries/WidevineCdm/_platform_specific/mac_(x86|x64)/`
-directory.
-
-**Note:** Make sure that chrome version used by Electron is greater than or
-equal to the `min_chrome_version` value of Chrome's widevine cdm component.
-The value can be found in `manifest.json` under `WidevineCdm` directory.
-
-## Using the library
-
-After getting the library files, you should pass the path to the file
-with `--widevine-cdm-path` command line switch, and the library's version
-with `--widevine-cdm-version` switch. The command line switches have to be
-passed before the `ready` event of `app` module gets emitted.
-
-Example code:
-
-```javascript
-const { app, BrowserWindow } = require('electron')
-
-// You have to pass the directory that contains widevine library here, it is
-// * `libwidevinecdm.dylib` on macOS,
-// * `widevinecdm.dll` on Windows.
-app.commandLine.appendSwitch('widevine-cdm-path', '/path/to/widevine_library')
-// The version of plugin can be got from `chrome://components` page in Chrome.
-app.commandLine.appendSwitch('widevine-cdm-version', '1.4.8.866')
-
-let win = null
-app.whenReady().then(() => {
-  win = new BrowserWindow()
-  win.show()
-})
-```
-
-## Verifying Widevine CDM support
-
-To verify whether widevine works, you can use following ways:
-
-* Open https://shaka-player-demo.appspot.com/ and load a manifest that uses
-`Widevine`.
-* Open http://www.dash-player.com/demo/drm-test-area/, check whether the page
-says `bitdash uses Widevine in your browser`, then play the video.