refactor: use compile-time cli arg sets. (#38768)

* refactor: use compile-time cli arg sets.

We're currently building these on the heap with `std::set<std::string>`
but this can be a very small compile-time container instead.

Marking as 'refactor' rather than 'perf' since this isn't called often,
but moving from heap to compile-time is good and using this container
makes the code more readable.

Co-authored-by: Charles Kerr <charles@charleskerr.com>

* chore: restore missing comments

Co-authored-by: Charles Kerr <charles@charleskerr.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

BUILD.gn

@@ -772,6 +772,8 @@ source_set("electron_lib") {
     sources += [
       "shell/browser/electron_pdf_web_contents_helper_client.cc",
       "shell/browser/electron_pdf_web_contents_helper_client.h",
+      "shell/browser/extensions/api/pdf_viewer_private/pdf_viewer_private_api.cc",
+      "shell/browser/extensions/api/pdf_viewer_private/pdf_viewer_private_api.h",
     ]
   }
 

DEPS

@@ -2,13 +2,17 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '114.0.5735.16',
+    '114.0.5735.106',
   'node_version':
     'v18.15.0',
   'nan_version':
     '16fa32231e2ccd89d2804b3f765319128b20c4ac',
   'squirrel.mac_version':
     '0e5d146ba13101a1302d59ea6e6e0b3cace4ae38',
+  'reactiveobjc_version':
+    '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
+  'mantle_version':
+    '78d3966b3c331292ea29ec38661b25df0a245948',
 
   'pyyaml_version': '3.12',
 
@@ -17,6 +21,8 @@ vars = {
   'nodejs_git': 'https://github.com/nodejs',
   'yaml_git': 'https://github.com/yaml',
   'squirrel_git': 'https://github.com/Squirrel',
+  'reactiveobjc_git': 'https://github.com/ReactiveCocoa',
+  'mantle_git': 'https://github.com/Mantle',
 
   # KEEP IN SYNC WITH utils.js FILE
   'yarn_version': '1.15.2',
@@ -87,11 +93,11 @@ deps = {
     'condition': 'process_deps',
   },
   'src/third_party/squirrel.mac/vendor/ReactiveObjC': {
-    'url': 'https://github.com/ReactiveCocoa/ReactiveObjC.git@74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
+    'url': Var("reactiveobjc_git") + '/ReactiveObjC.git@' + Var("reactiveobjc_version"),
     'condition': 'process_deps'
   },
   'src/third_party/squirrel.mac/vendor/Mantle': {
-    'url': 'https://github.com/Mantle/Mantle.git@78d3966b3c331292ea29ec38661b25df0a245948',
+    'url':  Var("mantle_git") + '/Mantle.git@' + Var("mantle_version"),
     'condition': 'process_deps',
   }
 }

appveyor-woa.yml

@@ -66,11 +66,13 @@ for:
     build_script:
       - ps: |
           node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
           if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+            Write-warning "Skipping build for doc only change"
+            Exit-AppveyorBuild
+          } else {
+            $global:LASTEXITCODE = 0
           }
-          $global:LASTEXITCODE = 0
       - cd ..
       - ps: Write-Host "Building $env:GN_CONFIG build"
       - git config --global core.longpaths true
@@ -220,11 +222,13 @@ for:
     build_script:
       - ps: |
           node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
           if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+            Write-warning "Skipping build for doc only change"
+            Exit-AppveyorBuild
+          } else {
+            $global:LASTEXITCODE = 0
           }
-          $global:LASTEXITCODE = 0
       - cd ..
       - mkdir out\Default
       - cd ..

appveyor.yml

@@ -64,11 +64,13 @@ for:
     build_script:
       - ps: |
           node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
           if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+            Write-warning "Skipping build for doc only change"
+            Exit-AppveyorBuild
+          } else {
+            $global:LASTEXITCODE = 0
           }
-          $global:LASTEXITCODE = 0
       - cd ..
       - ps: Write-Host "Building $env:GN_CONFIG build"
       - git config --global core.longpaths true
@@ -216,11 +218,13 @@ for:
     build_script:
       - ps: |
           node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER --prBranch=$env:APPVEYOR_REPO_BRANCH
+          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
           if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"; Exit-AppveyorBuild
+            Write-warning "Skipping build for doc only change"
+            Exit-AppveyorBuild
+          } else {
+            $global:LASTEXITCODE = 0
           }
-          $global:LASTEXITCODE = 0
       - cd ..
       - mkdir out\Default
       - cd ..

build/args/all.gn

@@ -52,3 +52,6 @@ use_perfetto_client_library = false
 
 # Ref: https://chromium-review.googlesource.com/c/chromium/src/+/4402277
 enable_check_raw_ptr_fields = false
+
+# Disables the builtins PGO for V8
+v8_builtins_profiling_log_file = ""

docs/api/accelerator.md

@@ -55,7 +55,7 @@ The `Super` (or `Meta`) key is mapped to the `Windows` key on Windows and Linux
 * `0` to `9`
 * `A` to `Z`
 * `F1` to `F24`
-* Punctuation like `~`, `!`, `@`, `#`, `$`, etc.
+* Various Punctuation: `)`, `!`, `@`, `#`, `$`, `%`, `^`, `&`, `*`, `(`, `:`, `;`, `:`, `+`, `=`, `<`, `,`, `_`, `-`, `>`, `.`, `?`, `/`, `~`, `` ` ``, `{`, `]`, `[`, `|`, `\`, `}`, `"`
 * `Plus`
 * `Space`
 * `Tab`

docs/api/app.md

@@ -7,7 +7,7 @@ Process: [Main](../glossary.md#main-process)
 The following example shows how to quit the application when the last window is
 closed:
 
-```javascript
+```js
 const { app } = require('electron')
 app.on('window-all-closed', () => {
   app.quit()
@@ -296,7 +296,7 @@ Emitted when failed to verify the `certificate` for `url`, to trust the
 certificate you should prevent the default behavior with
 `event.preventDefault()` and call `callback(true)`.
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
@@ -328,7 +328,7 @@ and `callback` can be called with an entry filtered from the list. Using
 `event.preventDefault()` prevents the application from using the first
 certificate from the store.
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.on('select-client-certificate', (event, webContents, url, list, callback) => {
@@ -361,7 +361,7 @@ The default behavior is to cancel all authentications. To override this you
 should prevent the default behavior with `event.preventDefault()` and call
 `callback(username, password)` with the credentials.
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.on('login', (event, webContents, details, authInfo, callback) => {
@@ -481,7 +481,7 @@ Returns:
 
 Emitted when Electron has created a new `session`.
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.on('session-created', (session) => {
@@ -566,7 +566,7 @@ started after current instance exited.
 An example of restarting current instance immediately and adding a new command
 line argument to the new instance:
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.relaunch({ args: process.argv.slice(1).concat(['--relaunch']) })
@@ -951,7 +951,7 @@ List, nor will it be displayed.
 
 Here's a very simple example of creating a custom Jump List:
 
-```javascript
+```js
 const { app } = require('electron')
 
 app.setJumpList([
@@ -971,7 +971,7 @@ app.setJumpList([
         title: 'Tool A',
         program: process.execPath,
         args: '--run-tool-a',
-        icon: process.execPath,
+        iconPath: process.execPath,
         iconIndex: 0,
         description: 'Runs Tool A'
       },
@@ -980,7 +980,7 @@ app.setJumpList([
         title: 'Tool B',
         program: process.execPath,
         args: '--run-tool-b',
-        icon: process.execPath,
+        iconPath: process.execPath,
         iconIndex: 0,
         description: 'Runs Tool B'
       }
@@ -1034,8 +1034,8 @@ use this method to ensure single instance.
 An example of activating the window of primary instance when a second instance
 starts:
 
-```javascript
-const { app } = require('electron')
+```js
+const { app, BrowserWindow } = require('electron')
 let myWindow = null
 
 const additionalData = { myKey: 'myValue' }
@@ -1055,9 +1055,9 @@ if (!gotTheLock) {
     }
   })
 
-  // Create myWindow, load the rest of the app, etc...
   app.whenReady().then(() => {
-    myWindow = createWindow()
+    myWindow = new BrowserWindow({})
+    myWindow.loadURL('https://electronjs.org')
   })
 }
 ```
@@ -1180,11 +1180,15 @@ case the user's DNS configuration does not include a provider that supports
 DoH.
 
 ```js
-app.configureHostResolver({
-  secureDnsMode: 'secure',
-  secureDnsServers: [
-    'https://cloudflare-dns.com/dns-query'
-  ]
+const { app } = require('electron')
+
+app.whenReady().then(() => {
+  app.configureHostResolver({
+    secureDnsMode: 'secure',
+    secureDnsServers: [
+      'https://cloudflare-dns.com/dns-query'
+    ]
+  })
 })
 ```
 
@@ -1336,7 +1340,10 @@ To work with Electron's `autoUpdater` on Windows, which uses [Squirrel][Squirrel
 you'll want to set the launch path to Update.exe, and pass arguments that specify your
 application name. For example:
 
-``` javascript
+``` js
+const { app } = require('electron')
+const path = require('path')
+
 const appFolder = path.dirname(process.execPath)
 const updateExe = path.resolve(appFolder, '..', 'Update.exe')
 const exeName = path.basename(process.execPath)
@@ -1405,11 +1412,22 @@ Show the platform's native emoji picker.
 Returns `Function` - This function **must** be called once you have finished accessing the security scoped file. If you do not remember to stop accessing the bookmark, [kernel resources will be leaked](https://developer.apple.com/reference/foundation/nsurl/1417051-startaccessingsecurityscopedreso?language=objc) and your app will lose its ability to reach outside the sandbox completely, until your app is restarted.
 
 ```js
-// Start accessing the file.
-const stopAccessingSecurityScopedResource = app.startAccessingSecurityScopedResource(data)
-// You can now access the file outside of the sandbox 🎉
+const { app, dialog } = require('electron')
+const fs = require('fs')
 
-// Remember to stop accessing the file once you've finished with it.
+let filepath
+let bookmark
+
+dialog.showOpenDialog(null, { securityScopedBookmarks: true }).then(({ filePaths, bookmarks }) => {
+  filepath = filePaths[0]
+  bookmark = bookmarks[0]
+  fs.readFileSync(filepath)
+})
+
+// ... restart app ...
+
+const stopAccessingSecurityScopedResource = app.startAccessingSecurityScopedResource(bookmark)
+fs.readFileSync(filepath)
 stopAccessingSecurityScopedResource()
 ```
 
@@ -1450,6 +1468,8 @@ By default, if an app of the same name as the one being moved exists in the Appl
 For example:
 
 ```js
+const { app, dialog } = require('electron')
+
 app.moveToApplicationsFolder({
   conflictHandler: (conflictType) => {
     if (conflictType === 'exists') {

docs/api/browser-window.md

@@ -104,6 +104,7 @@ window, you have to set both `parent` and `modal` options:
 ```javascript
 const { BrowserWindow } = require('electron')
 
+const top = new BrowserWindow()
 const child = new BrowserWindow({ parent: top, modal: true, show: false })
 child.loadURL('https://github.com')
 child.once('ready-to-show', () => {
@@ -262,6 +263,9 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
     `tooltip`, `content`, `under-window`, or `under-page`. Please note that
     `appearance-based`, `light`, `dark`, `medium-light`, and `ultra-dark` are
     deprecated and have been removed in macOS Catalina (10.15).
+  * `backgroundMaterial` string (optional) _Windows_ - Set the window's
+    system-drawn background material, including behind the non-client area.
+    Can be `auto`, `none`, `mica`, `acrylic` or `tabbed`. See [win.setBackgroundMaterial](#winsetbackgroundmaterialmaterial-windows) for more information.
   * `zoomToPageWidth` boolean (optional) _macOS_ - Controls the behavior on
     macOS when option-clicking the green stoplight button on the toolbar or by
     clicking the Window > Zoom menu item. If `true`, the window will grow to
@@ -884,7 +888,7 @@ On Linux the setter is a no-op, although the getter returns `true`.
 
 A `boolean` property that determines whether the window is excluded from the application’s Windows menu. `false` by default.
 
-```js
+```js @ts-expect-error=[11]
 const win = new BrowserWindow({ height: 600, width: 600 })
 
 const template = [
@@ -1487,6 +1491,9 @@ Node's [`url.format`](https://nodejs.org/api/url.html#url_url_format_urlobject)
 method:
 
 ```javascript
+const { BrowserWindow } = require('electron')
+const win = new BrowserWindow()
+
 const url = require('url').format({
   protocol: 'file',
   slashes: true,
@@ -1500,6 +1507,9 @@ You can load a URL using a `POST` request with URL-encoded data by doing
 the following:
 
 ```javascript
+const { BrowserWindow } = require('electron')
+const win = new BrowserWindow()
+
 win.loadURL('http://localhost:8000/post', {
   postData: [{
     type: 'rawData',
@@ -1844,6 +1854,21 @@ will remove the vibrancy effect on the window.
 Note that `appearance-based`, `light`, `dark`, `medium-light`, and `ultra-dark` have been
 deprecated and will be removed in an upcoming version of macOS.
 
+#### `win.setBackgroundMaterial(material)` _Windows_
+
+* `material` string
+  * `auto` - Let the Desktop Window Manager (DWM) automatically decide the system-drawn backdrop material for this window. This is the default.
+  * `none` - Don't draw any system backdrop.
+  * `mica` - Draw the backdrop material effect corresponding to a long-lived window.
+  * `acrylic` - Draw the backdrop material effect corresponding to a transient window.
+  * `tabbed` - Draw the backdrop material effect corresponding to a window with a tabbed title bar.
+
+This method sets the browser window's system-drawn background material, including behind the non-client area.
+
+See the [Windows documentation](https://learn.microsoft.com/en-us/windows/win32/api/dwmapi/ne-dwmapi-dwm_systembackdrop_type) for more details.
+
+**Note:** This method is only supported on Windows 11 22H2 and up.
+
 #### `win.setWindowButtonPosition(position)` _macOS_
 
 * `position` [Point](structures/point.md) | null

docs/api/client-request.md

@@ -104,7 +104,7 @@ The `callback` function is expected to be called back with user credentials:
 * `username` string
 * `password` string
 
-```javascript
+```javascript @ts-type={request:Electron.ClientRequest}
 request.on('login', (authInfo, callback) => {
   callback('username', 'password')
 })
@@ -113,7 +113,7 @@ request.on('login', (authInfo, callback) => {
 Providing empty credentials will cancel the request and report an authentication
 error on the response object:
 
-```javascript
+```javascript @ts-type={request:Electron.ClientRequest}
 request.on('response', (response) => {
   console.log(`STATUS: ${response.statusCode}`)
   response.on('error', (error) => {

docs/api/clipboard.md

@@ -148,10 +148,7 @@ clipboard.
 ```js
 const { clipboard } = require('electron')
 
-clipboard.writeBookmark({
-  text: 'https://electronjs.org',
-  bookmark: 'Electron Homepage'
-})
+clipboard.writeBookmark('Electron Homepage', 'https://electronjs.org')
 ```
 
 ### `clipboard.readFindText()` _macOS_

docs/api/context-bridge.md

@@ -18,7 +18,7 @@ contextBridge.exposeInMainWorld(
 )
 ```
 
-```javascript
+```javascript @ts-nocheck
 // Renderer (Main World)
 
 window.electron.doThing()
@@ -104,7 +104,7 @@ contextBridge.exposeInIsolatedWorld(
 )
 ```
 
-```javascript
+```javascript @ts-nocheck
 // Renderer (In isolated world id1004)
 
 window.electron.doThing()

docs/api/desktop-capturer.md

@@ -10,7 +10,9 @@ title is `Electron`:
 
 ```javascript
 // In the main process.
-const { desktopCapturer } = require('electron')
+const { BrowserWindow, desktopCapturer } = require('electron')
+
+const mainWindow = new BrowserWindow()
 
 desktopCapturer.getSources({ types: ['window', 'screen'] }).then(async sources => {
   for (const source of sources) {
@@ -22,7 +24,7 @@ desktopCapturer.getSources({ types: ['window', 'screen'] }).then(async sources =
 })
 ```
 
-```javascript
+```javascript @ts-nocheck
 // In the preload script.
 const { ipcRenderer } = require('electron')
 

docs/api/dialog.md

@@ -72,7 +72,7 @@ and a directory selector, so if you set `properties` to
 `['openFile', 'openDirectory']` on these platforms, a directory selector will be
 shown.
 
-```js
+```js @ts-type={mainWindow:Electron.BrowserWindow}
 dialog.showOpenDialogSync(mainWindow, {
   properties: ['openFile', 'openDirectory']
 })
@@ -139,7 +139,7 @@ and a directory selector, so if you set `properties` to
 `['openFile', 'openDirectory']` on these platforms, a directory selector will be
 shown.
 
-```js
+```js @ts-type={mainWindow:Electron.BrowserWindow}
 dialog.showOpenDialog(mainWindow, {
   properties: ['openFile', 'openDirectory']
 }).then(result => {
@@ -223,10 +223,10 @@ expanding and collapsing the dialog.
 * `browserWindow` [BrowserWindow](browser-window.md) (optional)
 * `options` Object
   * `message` string - Content of the message box.
-  * `type` string (optional) - Can be `"none"`, `"info"`, `"error"`, `"question"` or
-  `"warning"`. On Windows, `"question"` displays the same icon as `"info"`, unless
-  you set an icon using the `"icon"` option. On macOS, both `"warning"` and
-  `"error"` display the same warning icon.
+  * `type` string (optional) - Can be `none`, `info`, `error`, `question` or
+  `warning`. On Windows, `question` displays the same icon as `info`, unless
+  you set an icon using the `icon` option. On macOS, both `warning` and
+  `error` display the same warning icon.
   * `buttons` string[] (optional) - Array of texts for buttons. On Windows, an empty array
     will result in one button labeled "OK".
   * `defaultId` Integer (optional) - Index of the button in the buttons array which will
@@ -266,10 +266,10 @@ If `browserWindow` is not shown dialog will not be attached to it. In such case
 * `browserWindow` [BrowserWindow](browser-window.md) (optional)
 * `options` Object
   * `message` string - Content of the message box.
-  * `type` string (optional) - Can be `"none"`, `"info"`, `"error"`, `"question"` or
-  `"warning"`. On Windows, `"question"` displays the same icon as `"info"`, unless
-  you set an icon using the `"icon"` option. On macOS, both `"warning"` and
-  `"error"` display the same warning icon.
+  * `type` string (optional) - Can be `none`, `info`, `error`, `question` or
+  `warning`. On Windows, `question` displays the same icon as `info`, unless
+  you set an icon using the `icon` option. On macOS, both `warning` and
+  `error` display the same warning icon.
   * `buttons` string[] (optional) - Array of texts for buttons. On Windows, an empty array
     will result in one button labeled "OK".
   * `defaultId` Integer (optional) - Index of the button in the buttons array which will

docs/api/incoming-message.md

@@ -89,7 +89,7 @@ tuples. So, the even-numbered offsets are key values, and the odd-numbered
 offsets are the associated values. Header names are not lowercased, and
 duplicates are not merged.
 
-```javascript
+```javascript @ts-type={response:Electron.IncomingMessage}
 // Prints something like:
 //
 // [ 'user-agent',
@@ -100,5 +100,5 @@ duplicates are not merged.
 //   '127.0.0.1:8000',
 //   'ACCEPT',
 //   '*/*' ]
-console.log(request.rawHeaders)
+console.log(response.rawHeaders)
 ```

docs/api/ipc-main.md

@@ -83,14 +83,14 @@ If `listener` returns a Promise, the eventual result of the promise will be
 returned as a reply to the remote caller. Otherwise, the return value of the
 listener will be used as the value of the reply.
 
-```js title='Main Process'
+```js title='Main Process' @ts-type={somePromise:(...args:unknown[])=>Promise<unknown>}
 ipcMain.handle('my-invokable-ipc', async (event, ...args) => {
   const result = await somePromise(...args)
   return result
 })
 ```
 
-```js title='Renderer Process'
+```js title='Renderer Process' @ts-type={arg1:unknown} @ts-type={arg2:unknown}
 async () => {
   const result = await ipcRenderer.invoke('my-invokable-ipc', arg1, arg2)
   // ...

docs/api/ipc-renderer.md

@@ -101,7 +101,7 @@ The main process should listen for `channel` with
 
 For example:
 
-```javascript
+```javascript @ts-type={someArgument:unknown} @ts-type={doSomeWork:(arg:unknown)=>Promise<unknown>}
 // Renderer process
 ipcRenderer.invoke('some-name', someArgument).then((result) => {
   // ...

docs/api/menu.md

@@ -147,7 +147,7 @@ can have a submenu.
 
 An example of creating the application menu with the simple template API:
 
-```javascript
+```javascript @ts-expect-error=[107]
 const { app, Menu } = require('electron')
 
 const isMac = process.platform === 'darwin'
@@ -267,7 +267,7 @@ menu on behalf of the renderer.
 
 Below is an example of showing a menu when the user right clicks the page:
 
-```js
+```js @ts-expect-error=[21]
 // renderer
 window.addEventListener('contextmenu', (e) => {
   e.preventDefault()
@@ -289,7 +289,7 @@ ipcMain.on('show-context-menu', (event) => {
     { label: 'Menu Item 2', type: 'checkbox', checked: true }
   ]
   const menu = Menu.buildFromTemplate(template)
-  menu.popup(BrowserWindow.fromWebContents(event.sender))
+  menu.popup({ window: BrowserWindow.fromWebContents(event.sender) })
 })
 ```
 

docs/api/message-channel-main.md

@@ -17,7 +17,8 @@ Example:
 
 ```js
 // Main process
-const { MessageChannelMain } = require('electron')
+const { BrowserWindow, MessageChannelMain } = require('electron')
+const w = new BrowserWindow()
 const { port1, port2 } = new MessageChannelMain()
 w.webContents.postMessage('port', null, [port2])
 port1.postMessage({ some: 'message' })
@@ -26,9 +27,9 @@ port1.postMessage({ some: 'message' })
 const { ipcRenderer } = require('electron')
 ipcRenderer.on('port', (e) => {
   // e.ports is a list of ports sent along with this message
-  e.ports[0].on('message', (messageEvent) => {
+  e.ports[0].onmessage = (messageEvent) => {
     console.log(messageEvent.data)
-  })
+  }
 })
 ```
 

docs/api/net-log.md

@@ -5,7 +5,7 @@
 Process: [Main](../glossary.md#main-process)
 
 ```javascript
-const { netLog } = require('electron')
+const { app, netLog } = require('electron')
 
 app.whenReady().then(async () => {
   await netLog.startLogging('/path/to/net-log')

docs/api/protocol.md

@@ -32,7 +32,7 @@ To have your custom protocol work in combination with a custom session, you need
 to register it to that session explicitly.
 
 ```javascript
-const { session, app, protocol } = require('electron')
+const { app, BrowserWindow, net, protocol, session } = require('electron')
 const path = require('path')
 const url = require('url')
 
@@ -41,11 +41,11 @@ app.whenReady().then(() => {
   const ses = session.fromPartition(partition)
 
   ses.protocol.handle('atom', (request) => {
-    const path = request.url.slice('atom://'.length)
-    return net.fetch(url.pathToFileURL(path.join(__dirname, path)))
+    const filePath = request.url.slice('atom://'.length)
+    return net.fetch(url.pathToFileURL(path.join(__dirname, filePath)).toString())
   })
 
-  mainWindow = new BrowserWindow({ webPreferences: { partition } })
+  const mainWindow = new BrowserWindow({ webPreferences: { partition } })
 })
 ```
 
@@ -121,9 +121,9 @@ Either a `Response` or a `Promise<Response>` can be returned.
 Example:
 
 ```js
-import { app, protocol } from 'electron'
-import { join } from 'path'
-import { pathToFileURL } from 'url'
+const { app, net, protocol } = require('electron')
+const { join } = require('path')
+const { pathToFileURL } = require('url')
 
 protocol.registerSchemesAsPrivileged([
   {
@@ -131,7 +131,7 @@ protocol.registerSchemesAsPrivileged([
     privileges: {
       standard: true,
       secure: true,
-      supportsFetchAPI: true
+      supportFetchAPI: true
     }
   }
 ])
@@ -147,7 +147,7 @@ app.whenReady().then(() => {
       }
       // NB, this does not check for paths that escape the bundle, e.g.
       // app://bundle/../../secret_file.txt
-      return net.fetch(pathToFileURL(join(__dirname, pathname)))
+      return net.fetch(pathToFileURL(join(__dirname, pathname)).toString())
     } else if (host === 'api') {
       return net.fetch('https://api.my-server.com/' + pathname, {
         method: req.method,

docs/api/session.md

@@ -98,7 +98,7 @@ Emitted when Electron is about to download `item` in `webContents`.
 Calling `event.preventDefault()` will cancel the download and `item` will not be
 available from next tick of the process.
 
-```javascript
+```javascript @ts-expect-error=[4]
 const { session } = require('electron')
 session.defaultSession.on('will-download', (event, item, webContents) => {
   event.preventDefault()
@@ -214,7 +214,7 @@ cancel the request.  Additionally, permissioning on `navigator.hid` can
 be further managed by using [`ses.setPermissionCheckHandler(handler)`](#sessetpermissioncheckhandlerhandler)
 and [`ses.setDevicePermissionHandler(handler)`](#sessetdevicepermissionhandlerhandler).
 
-```javascript
+```javascript @ts-type={fetchGrantedDevices:()=>(Array<Electron.DevicePermissionHandlerHandlerDetails['device']>)}
 const { app, BrowserWindow } = require('electron')
 
 let win = null
@@ -253,7 +253,7 @@ app.whenReady().then(() => {
   win.webContents.session.on('select-hid-device', (event, details, callback) => {
     event.preventDefault()
     const selectedDevice = details.deviceList.find((device) => {
-      return device.vendorId === '9025' && device.productId === '67'
+      return device.vendorId === 9025 && device.productId === 67
     })
     callback(selectedDevice?.deviceId)
   })
@@ -320,7 +320,7 @@ cancel the request.  Additionally, permissioning on `navigator.serial` can
 be managed by using [ses.setPermissionCheckHandler(handler)](#sessetpermissioncheckhandlerhandler)
 with the `serial` permission.
 
-```javascript
+```javascript @ts-type={fetchGrantedDevices:()=>(Array<Electron.DevicePermissionHandlerHandlerDetails['device']>)}
 const { app, BrowserWindow } = require('electron')
 
 let win = null
@@ -463,7 +463,7 @@ cancel the request.  Additionally, permissioning on `navigator.usb` can
 be further managed by using [`ses.setPermissionCheckHandler(handler)`](#sessetpermissioncheckhandlerhandler)
 and [`ses.setDevicePermissionHandler(handler)`](#sessetdevicepermissionhandlerhandler).
 
-```javascript
+```javascript @ts-type={fetchGrantedDevices:()=>(Array<Electron.DevicePermissionHandlerHandlerDetails['device']>)} @ts-type={updateGrantedDevices:(devices:Array<Electron.DevicePermissionHandlerHandlerDetails['device']>)=>void}
 const { app, BrowserWindow } = require('electron')
 
 let win = null
@@ -502,7 +502,7 @@ app.whenReady().then(() => {
   win.webContents.session.on('select-usb-device', (event, details, callback) => {
     event.preventDefault()
     const selectedDevice = details.deviceList.find((device) => {
-      return device.vendorId === '9025' && device.productId === '67'
+      return device.vendorId === 9025 && device.productId === 67
     })
     if (selectedDevice) {
       // Optionally, add this to the persisted devices (updateGrantedDevices needs to be implemented by developer to persist permissions)
@@ -755,15 +755,17 @@ Sets download saving directory. By default, the download directory will be the
 Emulates network with the given configuration for the `session`.
 
 ```javascript
+const win = new BrowserWindow()
+
 // To emulate a GPRS connection with 50kbps throughput and 500 ms latency.
-window.webContents.session.enableNetworkEmulation({
+win.webContents.session.enableNetworkEmulation({
   latency: 500,
   downloadThroughput: 6400,
   uploadThroughput: 6400
 })
 
 // To emulate a network outage.
-window.webContents.session.enableNetworkEmulation({ offline: true })
+win.webContents.session.enableNetworkEmulation({ offline: true })
 ```
 
 #### `ses.preconnect(options)`
@@ -1036,7 +1038,7 @@ Additionally, the default behavior of Electron is to store granted device permis
 If longer term storage is needed, a developer can store granted device
 permissions (eg when handling the `select-hid-device` event) and then read from that storage with `setDevicePermissionHandler`.
 
-```javascript
+```javascript @ts-type={fetchGrantedDevices:()=>(Array<Electron.DevicePermissionHandlerHandlerDetails['device']>)}
 const { app, BrowserWindow } = require('electron')
 
 let win = null
@@ -1084,9 +1086,58 @@ app.whenReady().then(() => {
   win.webContents.session.on('select-hid-device', (event, details, callback) => {
     event.preventDefault()
     const selectedDevice = details.deviceList.find((device) => {
-      return device.vendorId === '9025' && device.productId === '67'
+      return device.vendorId === 9025 && device.productId === 67
+    })
+    callback(selectedDevice?.deviceId)
+  })
+})
+```
+
+#### `ses.setUSBProtectedClassesHandler(handler)`
+
+* `handler` Function\<string[]> | null
+  * `details` Object
+    * `protectedClasses` string[] - The current list of protected USB classes. Possible class values are:
+      * `audio`
+      * `audio-video`
+      * `hid`
+      * `mass-storage`
+      * `smart-card`
+      * `video`
+      * `wireless`
+
+Sets the handler which can be used to override which [USB classes are protected](https://wicg.github.io/webusb/#usbinterface-interface).
+The return value for the handler is a string array of USB classes which should be considered protected (eg not available in the renderer).  Valid values for the array are:
+
+* `audio`
+* `audio-video`
+* `hid`
+* `mass-storage`
+* `smart-card`
+* `video`
+* `wireless`
+
+Returning an empty string array from the handler will allow all USB classes; returning the passed in array will maintain the default list of protected USB classes (this is also the default behavior if a handler is not defined).
+To clear the handler, call `setUSBProtectedClassesHandler(null)`.
+
+```javascript
+const { app, BrowserWindow } = require('electron')
+
+let win = null
+
+app.whenReady().then(() => {
+  win = new BrowserWindow()
+
+  win.webContents.session.setUSBProtectedClassesHandler((details) => {
+    // Allow all classes:
+    // return []
+    // Keep the current set of protected classes:
+    // return details.protectedClasses
+    // Selectively remove classes:
+    return details.protectedClasses.filter((usbClass) => {
+      // Exclude classes except for audio classes
+      return usbClass.indexOf('audio') === -1
     })
-    callback(selectedPort?.deviceId)
   })
 })
 ```
@@ -1125,32 +1176,32 @@ macOS does not require a handler because macOS handles the pairing
 automatically.  To clear the handler, call `setBluetoothPairingHandler(null)`.
 
 ```javascript
-
-const { app, BrowserWindow, ipcMain, session } = require('electron')
-
-let bluetoothPinCallback = null
+const { app, BrowserWindow, session } = require('electron')
+const path = require('path')
 
 function createWindow () {
+  let bluetoothPinCallback = null
+
   const mainWindow = new BrowserWindow({
     webPreferences: {
       preload: path.join(__dirname, 'preload.js')
     }
   })
+
+  mainWindow.webContents.session.setBluetoothPairingHandler((details, callback) => {
+    bluetoothPinCallback = callback
+    // Send a IPC message to the renderer to prompt the user to confirm the pairing.
+    // Note that this will require logic in the renderer to handle this message and
+    // display a prompt to the user.
+    mainWindow.webContents.send('bluetooth-pairing-request', details)
+  })
+
+  // Listen for an IPC message from the renderer to get the response for the Bluetooth pairing.
+  mainWindow.webContents.ipc.on('bluetooth-pairing-response', (event, response) => {
+    bluetoothPinCallback(response)
+  })
 }
 
-// Listen for an IPC message from the renderer to get the response for the Bluetooth pairing.
-ipcMain.on('bluetooth-pairing-response', (event, response) => {
-  bluetoothPinCallback(response)
-})
-
-mainWindow.webContents.session.setBluetoothPairingHandler((details, callback) => {
-  bluetoothPinCallback = callback
-  // Send a IPC message to the renderer to prompt the user to confirm the pairing.
-  // Note that this will require logic in the renderer to handle this message and
-  // display a prompt to the user.
-  mainWindow.webContents.send('bluetooth-pairing-request', details)
-})
-
 app.whenReady().then(() => {
   createWindow()
 })

docs/api/structures/serial-port.md

@@ -2,9 +2,9 @@
 
 * `portId` string - Unique identifier for the port.
 * `portName` string - Name of the port.
-* `displayName` string - A string suitable for display to the user for describing this device.
-* `vendorId` string - Optional USB vendor ID.
-* `productId` string - Optional USB product ID.
-* `serialNumber` string - The USB device serial number.
-* `usbDriverName` string (optional) - Represents a single serial port on macOS can be enumerated by multiple drivers.
-* `deviceInstanceId` string (optional) - A stable identifier on Windows that can be used for device permissions.
+* `displayName` string (optional) - A string suitable for display to the user for describing this device.
+* `vendorId` string (optional) - The USB vendor ID.
+* `productId` string (optional) - The USB product ID.
+* `serialNumber` string (optional) - The USB device serial number.
+* `usbDriverName` string (optional) _macOS_ - Represents a single serial port on macOS can be enumerated by multiple drivers.
+* `deviceInstanceId` string (optional) _Windows_ - A stable identifier on Windows that can be used for device permissions.

docs/api/touch-bar.md

@@ -87,12 +87,12 @@ const { TouchBarLabel, TouchBarButton, TouchBarSpacer } = TouchBar
 let spinning = false
 
 // Reel labels
-const reel1 = new TouchBarLabel()
-const reel2 = new TouchBarLabel()
-const reel3 = new TouchBarLabel()
+const reel1 = new TouchBarLabel({ label: '' })
+const reel2 = new TouchBarLabel({ label: '' })
+const reel3 = new TouchBarLabel({ label: '' })
 
 // Spin result label
-const result = new TouchBarLabel()
+const result = new TouchBarLabel({ label: '' })
 
 // Spin button
 const spin = new TouchBarButton({

docs/api/web-contents.md

@@ -98,7 +98,7 @@ async function lookupTargetId (browserWindow) {
   await wc.debugger.attach('1.3')
   const { targetInfo } = await wc.debugger.sendCommand('Target.getTargetInfo')
   const { targetId } = targetInfo
-  const targetWebContents = await webContents.fromDevToolsTargetId(targetId)
+  const targetWebContents = await wc.fromDevToolsTargetId(targetId)
 }
 ```
 
@@ -601,6 +601,7 @@ window.
 
 Returns:
 
+* `event` Event
 * `url` string - URL of the link that was clicked or selected.
 
 Emitted when a link is clicked in DevTools or 'Open in new tab' is selected for a link in its context menu.
@@ -1019,9 +1020,9 @@ e.g. the `http://` or `file://`. If the load should bypass http cache then
 use the `pragma` header to achieve it.
 
 ```javascript
-const { webContents } = require('electron')
+const win = new BrowserWindow()
 const options = { extraHeaders: 'pragma: no-cache\n' }
-webContents.loadURL('https://github.com', options)
+win.webContents.loadURL('https://github.com', options)
 ```
 
 #### `contents.loadFile(filePath[, options])`
@@ -1051,6 +1052,7 @@ an app structure like this:
 Would require code like this
 
 ```js
+const win = new BrowserWindow()
 win.loadFile('src/index.html')
 ```
 
@@ -1187,7 +1189,9 @@ when this process is unstable or unusable, for instance in order to recover
 from the `unresponsive` event.
 
 ```js
-contents.on('unresponsive', async () => {
+const win = new BrowserWindow()
+
+win.webContents.on('unresponsive', async () => {
   const { response } = await dialog.showMessageBox({
     message: 'App X has become unresponsive',
     title: 'Do you want to try forcefully reloading the app?',
@@ -1195,8 +1199,8 @@ contents.on('unresponsive', async () => {
     cancelId: 1
   })
   if (response === 0) {
-    contents.forcefullyCrashRenderer()
-    contents.reload()
+    win.webContents.forcefullyCrashRenderer()
+    win.webContents.reload()
   }
 })
 ```
@@ -1223,8 +1227,9 @@ Injects CSS into the current web page and returns a unique key for the inserted
 stylesheet.
 
 ```js
-contents.on('did-finish-load', () => {
-  contents.insertCSS('html, body { background-color: #f00; }')
+const win = new BrowserWindow()
+win.webContents.on('did-finish-load', () => {
+  win.webContents.insertCSS('html, body { background-color: #f00; }')
 })
 ```
 
@@ -1238,9 +1243,11 @@ Removes the inserted CSS from the current web page. The stylesheet is identified
 by its key, which is returned from `contents.insertCSS(css)`.
 
 ```js
-contents.on('did-finish-load', async () => {
-  const key = await contents.insertCSS('html, body { background-color: #f00; }')
-  contents.removeInsertedCSS(key)
+const win = new BrowserWindow()
+
+win.webContents.on('did-finish-load', async () => {
+  const key = await win.webContents.insertCSS('html, body { background-color: #f00; }')
+  win.webContents.removeInsertedCSS(key)
 })
 ```
 
@@ -1261,7 +1268,9 @@ this limitation.
 Code execution will be suspended until web page stop loading.
 
 ```js
-contents.executeJavaScript('fetch("https://jsonplaceholder.typicode.com/users/1").then(resp => resp.json())', true)
+const win = new BrowserWindow()
+
+win.webContents.executeJavaScript('fetch("https://jsonplaceholder.typicode.com/users/1").then(resp => resp.json())', true)
   .then((result) => {
     console.log(result) // Will be the JSON object from the fetch call
   })
@@ -1372,7 +1381,8 @@ Sets the maximum and minimum pinch-to-zoom level.
 > **NOTE**: Visual zoom is disabled by default in Electron. To re-enable it, call:
 >
 > ```js
-> contents.setVisualZoomLevelLimits(1, 3)
+> const win = new BrowserWindow()
+> win.webContents.setVisualZoomLevelLimits(1, 3)
 > ```
 
 #### `contents.undo()`
@@ -1391,6 +1401,10 @@ Executes the editing command `cut` in web page.
 
 Executes the editing command `copy` in web page.
 
+#### `contents.centerSelection()`
+
+Centers the current text selection in web page.
+
 #### `contents.copyImageAt(x, y)`
 
 * `x` Integer
@@ -1418,6 +1432,46 @@ Executes the editing command `selectAll` in web page.
 
 Executes the editing command `unselect` in web page.
 
+#### `contents.scrollToTop()`
+
+Scrolls to the top of the current `webContents`.
+
+#### `contents.scrollToBottom()`
+
+Scrolls to the bottom of the current `webContents`.
+
+#### `contents.adjustSelection(options)`
+
+* `options` Object
+  * `start` Number (optional) - Amount to shift the start index of the current selection.
+  * `end` Number (optional) - Amount to shift the end index of the current selection.
+
+Adjusts the current text selection starting and ending points in the focused frame by the given amounts. A negative amount moves the selection towards the beginning of the document, and a positive amount moves the selection towards the end of the document.
+
+Example:
+
+```js
+const win = new BrowserWindow()
+
+// Adjusts the beginning of the selection 1 letter forward,
+// and the end of the selection 5 letters forward.
+win.webContents.adjustSelection({ start: 1, end: 5 })
+
+// Adjusts the beginning of the selection 2 letters forward,
+// and the end of the selection 3 letters backward.
+win.webContents.adjustSelection({ start: 2, end: -3 })
+```
+
+For a call of `win.webContents.adjustSelection({ start: 1, end: 5 })`
+
+Before:
+
+<img width="487" alt="Image Before Text Selection Adjustment" src="../images/web-contents-text-selection-before.png"/>
+
+After:
+
+<img width="487" alt="Image After Text Selection Adjustment" src="../images/web-contents-text-selection-after.png"/>
+
 #### `contents.replace(text)`
 
 * `text` string
@@ -1463,12 +1517,12 @@ can be obtained by subscribing to [`found-in-page`](web-contents.md#event-found-
 Stops any `findInPage` request for the `webContents` with the provided `action`.
 
 ```javascript
-const { webContents } = require('electron')
-webContents.on('found-in-page', (event, result) => {
-  if (result.finalUpdate) webContents.stopFindInPage('clearSelection')
+const win = new BrowserWindow()
+win.webContents.on('found-in-page', (event, result) => {
+  if (result.finalUpdate) win.webContents.stopFindInPage('clearSelection')
 })
 
-const requestId = webContents.findInPage('api')
+const requestId = win.webContents.findInPage('api')
 console.log(requestId)
 ```
 
@@ -1548,6 +1602,7 @@ Use `page-break-before: always;` CSS style to force to print to a new page.
 Example usage:
 
 ```js
+const win = new BrowserWindow()
 const options = {
   silent: true,
   deviceName: 'My-Printer',
@@ -1844,8 +1899,9 @@ For example:
 
 ```js
 // Main process
+const win = new BrowserWindow()
 const { port1, port2 } = new MessageChannelMain()
-webContents.postMessage('port', { message: 'hello' }, [port1])
+win.webContents.postMessage('port', { message: 'hello' }, [port1])
 
 // Renderer process
 ipcRenderer.on('port', (e, msg) => {

docs/api/web-frame-main.md

@@ -128,8 +128,9 @@ For example:
 
 ```js
 // Main process
+const win = new BrowserWindow()
 const { port1, port2 } = new MessageChannelMain()
-webContents.mainFrame.postMessage('port', { message: 'hello' }, [port1])
+win.webContents.mainFrame.postMessage('port', { message: 'hello' }, [port1])
 
 // Renderer process
 ipcRenderer.on('port', (e, msg) => {

docs/api/web-frame.md

@@ -96,13 +96,12 @@ with an array of misspelt words when complete.
 
 An example of using [node-spellchecker][spellchecker] as provider:
 
-```javascript
+```javascript @ts-expect-error=[2,6]
 const { webFrame } = require('electron')
 const spellChecker = require('spellchecker')
 webFrame.setSpellCheckProvider('en-US', {
   spellCheck (words, callback) {
     setTimeout(() => {
-      const spellchecker = require('spellchecker')
       const misspelled = words.filter(x => spellchecker.isMisspelled(x))
       callback(misspelled)
     }, 0)

docs/api/webview-tag.md

@@ -184,6 +184,8 @@ page is loaded, use the `setUserAgent` method to change the user agent.
 A `boolean`. When this attribute is present the guest page will have web security disabled.
 Web security is enabled by default.
 
+This value can only be modified before the first navigation.
+
 ### `partition`
 
 ```html
@@ -253,7 +255,7 @@ The `webview` tag has the following methods:
 
 **Example**
 
-```javascript
+```javascript @ts-expect-error=[3]
 const webview = document.querySelector('webview')
 webview.addEventListener('dom-ready', () => {
   webview.openDevTools()
@@ -463,6 +465,10 @@ Executes editing command `cut` in page.
 
 Executes editing command `copy` in page.
 
+#### `<webview>.centerSelection()`
+
+Centers the current text selection in page.
+
 ### `<webview>.paste()`
 
 Executes editing command `paste` in page.
@@ -483,6 +489,25 @@ Executes editing command `selectAll` in page.
 
 Executes editing command `unselect` in page.
 
+#### `<webview>.scrollToTop()`
+
+Scrolls to the top of the current `<webview>`.
+
+#### `<webview>.scrollToBottom()`
+
+Scrolls to the bottom of the current `<webview>`.
+
+#### `<webview>.adjustSelection(options)`
+
+* `options` Object
+  * `start` Number (optional) - Amount to shift the start index of the current selection.
+  * `end` Number (optional) - Amount to shift the end index of the current selection.
+
+Adjusts the current text selection starting and ending points in the focused frame by the given amounts. A negative amount moves the selection towards the beginning of the document, and a positive amount moves the selection towards the end of the document.
+
+See [`webContents.adjustSelection`](web-contents.md#contentsadjustselectionoptions) for
+examples.
+
 ### `<webview>.replace(text)`
 
 * `text` string
@@ -774,7 +799,7 @@ Fired when the guest window logs a console message.
 The following example code forwards all log messages to the embedder's console
 without regard for log level or other properties.
 
-```javascript
+```javascript @ts-expect-error=[3]
 const webview = document.querySelector('webview')
 webview.addEventListener('console-message', (e) => {
   console.log('Guest page logged a message:', e.message)
@@ -795,7 +820,7 @@ Returns:
 Fired when a result is available for
 [`webview.findInPage`](#webviewfindinpagetext-options) request.
 
-```javascript
+```javascript @ts-expect-error=[3,6]
 const webview = document.querySelector('webview')
 webview.addEventListener('found-in-page', (e) => {
   webview.stopFindInPage('keepSelection')
@@ -920,7 +945,7 @@ Fired when the guest page attempts to close itself.
 The following example code navigates the `webview` to `about:blank` when the
 guest attempts to close itself.
 
-```javascript
+```javascript @ts-expect-error=[3]
 const webview = document.querySelector('webview')
 webview.addEventListener('close', () => {
   webview.src = 'about:blank'
@@ -940,7 +965,7 @@ Fired when the guest page has sent an asynchronous message to embedder page.
 With `sendToHost` method and `ipc-message` event you can communicate
 between guest page and embedder page:
 
-```javascript
+```javascript @ts-expect-error=[4,7]
 // In embedder page.
 const webview = document.querySelector('webview')
 webview.addEventListener('ipc-message', (event) => {

docs/breaking-changes.md

@@ -278,6 +278,39 @@ webContents.setWindowOpenHandler((details) => {
 })
 ```
 
+### Removed: `<webview>` `new-window` event
+
+The `new-window` event of `<webview>` has been removed. There is no direct replacement.
+
+```js
+// Removed in Electron 22
+webview.addEventListener('new-window', (event) => {})
+```
+
+```javascript fiddle='docs/fiddles/ipc/webview-new-window'
+// Replace with
+
+// main.js
+mainWindow.webContents.on('did-attach-webview', (event, wc) => {
+  wc.setWindowOpenHandler((details) => {
+    mainWindow.webContents.send('webview-new-window', wc.id, details)
+    return { action: 'deny' }
+  })
+})
+
+// preload.js
+const { ipcRenderer } = require('electron')
+ipcRenderer.on('webview-new-window', (e, webContentsId, details) => {
+  console.log('webview-new-window', webContentsId, details)
+  document.getElementById('webview').dispatchEvent(new Event('new-window'))
+})
+
+// renderer.js
+document.getElementById('webview').addEventListener('new-window', () => {
+  console.log('got new-window event')
+})
+```
+
 ### Deprecated: BrowserWindow `scroll-touch-*` events
 
 The `scroll-touch-begin`, `scroll-touch-end` and `scroll-touch-edge` events on

docs/development/azure-vm-setup.md

@@ -1,62 +0,0 @@
-# Updating an Appveyor Azure Image
-
-Electron CI on Windows uses AppVeyor, which in turn uses Azure VM images to run.  Occasionally, these VM images need to be updated due to changes in Chromium requirements.  In order to update you will need [PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell?view=powershell-7.3&viewFallbackFrom=powershell-6) and the [Azure PowerShell module](https://learn.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-9.5.0&viewFallbackFrom=azps-1.8.0).
-
-Occasionally we need to update these images owing to changes in Chromium or other miscellaneous build requirement changes.
-
-Example Use Case:
-    * We need `VS15.9` and we have `VS15.7` installed; this would require us to update an Azure image.
-
-1. Identify the image you wish to modify.
-    * In [appveyor.yml](https://github.com/electron/electron/blob/main/appveyor.yml), the image is identified by the property _image_.
-        * The names used correspond to the _"images"_ defined for a build cloud, eg the [libcc-20 cloud](https://windows-ci.electronjs.org/build-clouds/8).
-    * Find the image you wish to modify in the build cloud and make note of the **VHD Blob Path** for that image, which is the value for that corresponding key.
-        * You will need this URI path to copy into a new image.
-    * You will also need the storage account name which is labeled in AppVeyor as the **Disk Storage Account Name**
-
-2. Get the Azure storage account key
-    * Log into Azure using credentials stored in LastPass (under Azure Enterprise) and then find the storage account corresponding to the name found in AppVeyor.
-        * Example, for `appveyorlibccbuilds` **Disk Storage Account Name** you'd look for `appveyorlibccbuilds` in the list of storage accounts @ Home < Storage Accounts
-            * Click into it and look for `Access Keys`, and then you can use any of the keys present in the list.
-
-3. Get the full virtual machine image URI from Azure
-    * Navigate to Home < Storage Accounts < `$ACCT_NAME` < Blobs < Images
-        * In the following list, look for the VHD path name you got from Appveyor and then click on it.
-            * Copy the whole URL from the top of the subsequent window.
-
-4. Copy the image using the [Copy Master Image PowerShell script](https://github.com/appveyor/ci/blob/master/scripts/enterprise/copy-master-image-azure.ps1).
-    * It is essential to copy the VM because if you spin up a VM against an image that image cannot at the same time be used by AppVeyor.
-    * Use the storage account name, key, and URI obtained from Azure to run this script.
-        * See Step 3 for URI & when prompted, press enter to use same storage account as destination.
-        * Use default destination container name `(images)`
-        * Also, when naming the copy, use a name that indicates what the new image will contain (if that has changed) and date stamp.
-            * Ex. `libcc-20core-vs2017-15.9-2019-04-15.vhd`
-    * Go into Azure and get the URI for the newly created image as described in a previous step
-
-5. Spin up a new VM using the [Create Master VM from VHD PowerShell](https://github.com/appveyor/ci/blob/master/scripts/enterprise/create_master_vm_from_vhd.ps1).
-    * From PowerShell, execute `ps1` file with `./create_master_vm_from_vhd.ps1`
-    * You will need the credential information available in the AppVeyor build cloud definition.
-        * This includes:
-            * Client ID
-            * Client Secret
-            * Tenant ID
-            * Subscription ID
-            * Resource Group
-            * Virtual Network
-    * You will also need to specify
-        * Master VM name - just a unique name to identify the temporary VM
-        * Master VM size - use `Standard_F32s_v2`
-        * Master VHD URI - use URI obtained @ end of previous step
-        * Location use `East US`
-
-6. Log back into Azure and find the VM you just created in Home < Virtual Machines < `$YOUR_NEW_VM`
-    * You can download a RDP (Remote Desktop) file to access the VM.
-
-7. Using Microsoft Remote Desktop, click `Connect` to connect to the VM.
-    * Credentials for logging into the VM are found in LastPass under the `AppVeyor Enterprise master VM` credentials.
-
-8. Modify the VM as required.
-
-9. Shut down the VM and then delete it in Azure.
-
-10. Add the new image to the Appveyor Cloud settings or modify an existing image to point to the new VHD.

docs/fiddles/features/web-usb/main.js

@@ -51,6 +51,13 @@ function createWindow () {
     }
   })
 
+  mainWindow.webContents.session.setUSBProtectedClassesHandler((details) => {
+    return details.protectedClasses.filter((usbClass) => {
+      // Exclude classes except for audio classes
+      return usbClass.indexOf('audio') === -1
+    })
+  })
+
   mainWindow.loadFile('index.html')
 }
 

docs/fiddles/ipc/webview-new-window/child.html

@@ -0,0 +1,3 @@
+<body>
+  <a href="child.html" target="_blank">new window</a>
+</body>

docs/fiddles/ipc/webview-new-window/index.html

@@ -0,0 +1,4 @@
+<body>
+  <webview id=webview src="child.html" allowpopups></webview>
+  <script src="renderer.js"></script>
+</body>

docs/fiddles/ipc/webview-new-window/main.js

@@ -0,0 +1,51 @@
+// Modules to control application life and create native browser window
+const { app, BrowserWindow } = require('electron')
+const path = require('path')
+
+function createWindow () {
+  // Create the browser window.
+  const mainWindow = new BrowserWindow({
+    width: 800,
+    height: 600,
+    webPreferences: {
+      preload: path.join(__dirname, 'preload.js'),
+      webviewTag: true
+    }
+  })
+
+  mainWindow.webContents.on('did-attach-webview', (event, wc) => {
+    wc.setWindowOpenHandler((details) => {
+      mainWindow.webContents.send('webview-new-window', wc.id, details)
+      return { action: 'deny' }
+    })
+  })
+
+  // and load the index.html of the app.
+  mainWindow.loadFile('index.html')
+
+  // Open the DevTools.
+  // mainWindow.webContents.openDevTools()
+}
+
+// This method will be called when Electron has finished
+// initialization and is ready to create browser windows.
+// Some APIs can only be used after this event occurs.
+app.whenReady().then(() => {
+  createWindow()
+
+  app.on('activate', function () {
+    // On macOS it's common to re-create a window in the app when the
+    // dock icon is clicked and there are no other windows open.
+    if (BrowserWindow.getAllWindows().length === 0) createWindow()
+  })
+})
+
+// Quit when all windows are closed, except on macOS. There, it's common
+// for applications and their menu bar to stay active until the user quits
+// explicitly with Cmd + Q.
+app.on('window-all-closed', function () {
+  if (process.platform !== 'darwin') app.quit()
+})
+
+// In this file you can include the rest of your app's specific main process
+// code. You can also put them in separate files and require them here.

docs/fiddles/ipc/webview-new-window/preload.js

@@ -0,0 +1,6 @@
+const { ipcRenderer } = require('electron')
+const webview = document.getElementById('webview')
+ipcRenderer.on('webview-new-window', (e, webContentsId, details) => {
+  console.log('webview-new-window', webContentsId, details)
+  webview.dispatchEvent(new Event('new-window'))
+})

docs/fiddles/ipc/webview-new-window/renderer.js

@@ -0,0 +1,4 @@
+const webview = document.getElementById('webview')
+webview.addEventListener('new-window', () => {
+  console.log('got new-window event')
+})

docs/tutorial/asar-archives.md

@@ -55,7 +55,7 @@ fs.readdirSync('/path/to/example.asar')
 
 Use a module from the archive:
 
-```javascript
+```javascript @ts-nocheck
 require('./path/to/example.asar/dir/module.js')
 ```
 

docs/tutorial/asar-integrity.md

@@ -40,7 +40,7 @@ Valid `algorithm` values are currently `SHA256` only.  The `hash` is a hash of t
 
 ASAR integrity checking is currently disabled by default and can be enabled by toggling a fuse. See [Electron Fuses](fuses.md) for more information on what Electron Fuses are and how they work.  When enabling this fuse you typically also want to enable the `onlyLoadAppFromAsar` fuse otherwise the validity checking can be bypassed via the Electron app code search path.
 
-```js
+```js @ts-nocheck
 require('@electron/fuses').flipFuses(
   // E.g. /a/b/Foo.app
   pathToPackagedApp,

docs/tutorial/automated-testing.md

@@ -90,7 +90,7 @@ Usage of `selenium-webdriver` with Electron is the same as with
 normal websites, except that you have to manually specify how to connect
 ChromeDriver and where to find the binary of your Electron app:
 
-```js title='test.js'
+```js title='test.js' @ts-expect-error=[1]
 const webdriver = require('selenium-webdriver')
 const driver = new webdriver.Builder()
   // The "9515" is the port opened by ChromeDriver.
@@ -155,7 +155,7 @@ Playwright launches your app in development mode through the `_electron.launch`
 To point this API to your Electron app, you can pass the path to your main process
 entry point (here, it is `main.js`).
 
-```js {5}
+```js {5} @ts-nocheck
 const { _electron: electron } = require('playwright')
 const { test } = require('@playwright/test')
 
@@ -169,7 +169,7 @@ test('launch app', async () => {
 After that, you will access to an instance of Playwright's `ElectronApp` class. This
 is a powerful class that has access to main process modules for example:
 
-```js {6-11}
+```js {6-11} @ts-nocheck
 const { _electron: electron } = require('playwright')
 const { test } = require('@playwright/test')
 
@@ -189,7 +189,7 @@ test('get isPackaged', async () => {
 It can also create individual [Page][playwright-page] objects from Electron BrowserWindow instances.
 For example, to grab the first BrowserWindow and save a screenshot:
 
-```js {6-7}
+```js {6-7} @ts-nocheck
 const { _electron: electron } = require('playwright')
 const { test } = require('@playwright/test')
 
@@ -205,7 +205,7 @@ test('save screenshot', async () => {
 Putting all this together using the PlayWright Test runner, let's create a `example.spec.js`
 test file with a single test and assertion:
 
-```js title='example.spec.js'
+```js title='example.spec.js' @ts-nocheck
 const { _electron: electron } = require('playwright')
 const { test, expect } = require('@playwright/test')
 
@@ -259,7 +259,7 @@ expose custom methods to your test suite.
 To create a custom driver, we'll use Node.js' [`child_process`](https://nodejs.org/api/child_process.html) API.
 The test suite will spawn the Electron process, then establish a simple messaging protocol:
 
-```js title='testDriver.js'
+```js title='testDriver.js' @ts-nocheck
 const childProcess = require('child_process')
 const electronPath = require('electron')
 
@@ -296,7 +296,7 @@ For convenience, you may want to wrap `appProcess` in a driver object that provi
 high-level functions. Here is an example of how you can do this. Let's start by creating
 a `TestDriver` class:
 
-```js title='testDriver.js'
+```js title='testDriver.js' @ts-nocheck
 class TestDriver {
   constructor ({ path, args, env }) {
     this.rpcCalls = []
@@ -378,7 +378,7 @@ framework of your choosing. The following example uses
 [`ava`](https://www.npmjs.com/package/ava), but other popular choices like Jest
 or Mocha would work as well:
 
-```js title='test.js'
+```js title='test.js' @ts-nocheck
 const test = require('ava')
 const electronPath = require('electron')
 const { TestDriver } = require('./testDriver')

docs/tutorial/code-signing.md

@@ -67,7 +67,7 @@ are likely using [`electron-packager`][], which includes [`@electron/osx-sign`][
 If you're using Packager's API, you can pass [in configuration that both signs
 and notarizes your application](https://electron.github.io/electron-packager/main/interfaces/electronpackager.options.html).
 
-```js
+```js @ts-nocheck
 const packager = require('electron-packager')
 
 packager({
@@ -116,7 +116,7 @@ Electron app. This is the tool used under the hood by Electron Forge's
 `electron-winstaller` directly, use the `certificateFile` and `certificatePassword` configuration
 options when creating your installer.
 
-```js {10-11}
+```js {10-11} @ts-nocheck
 const electronInstaller = require('electron-winstaller')
 // NB: Use this syntax within an async function, Node does not have support for
 //     top-level await as of Node 12.
@@ -146,7 +146,7 @@ If you're not using Electron Forge and want to use `electron-wix-msi` directly,
 `certificateFile` and `certificatePassword` configuration options
 or pass in parameters directly to [SignTool.exe][] with the `signWithParams` option.
 
-```js {12-13}
+```js {12-13} @ts-nocheck
 import { MSICreator } from 'electron-wix-msi'
 
 // Step 1: Instantiate the MSICreator

docs/tutorial/context-isolation.md

@@ -16,7 +16,7 @@ Context isolation has been enabled by default since Electron 12, and it is a rec
 
 Exposing APIs from your preload script to a loaded website in the renderer process is a common use-case. With context isolation disabled, your preload script would share a common global `window` object with the renderer. You could then attach arbitrary properties to a preload script:
 
-```javascript title='preload.js'
+```javascript title='preload.js' @ts-nocheck
 // preload with contextIsolation disabled
 window.myAPI = {
   doAThing: () => {}
@@ -25,7 +25,7 @@ window.myAPI = {
 
 The `doAThing()` function could then be used directly in the renderer process:
 
-```javascript title='renderer.js'
+```javascript title='renderer.js' @ts-nocheck
 // use the exposed API in the renderer
 window.myAPI.doAThing()
 ```
@@ -43,7 +43,7 @@ contextBridge.exposeInMainWorld('myAPI', {
 })
 ```
 
-```javascript title='renderer.js'
+```javascript title='renderer.js' @ts-nocheck
 // use the exposed API in the renderer
 window.myAPI.doAThing()
 ```
@@ -98,7 +98,7 @@ declare global {
 
 Doing so will ensure that the TypeScript compiler will know about the `electronAPI` property on your global `window` object when writing scripts in your renderer process:
 
-```typescript title='renderer.ts'
+```typescript title='renderer.ts' @ts-nocheck
 window.electronAPI.loadPreferences()
 ```
 

docs/tutorial/dark-mode.md

@@ -116,7 +116,7 @@ Now the renderer process can communicate with the main process securely and perf
 
 The `renderer.js` file is responsible for controlling the `<button>` functionality.
 
-```js title='renderer.js'
+```js title='renderer.js' @ts-expect-error=[2,7]
 document.getElementById('toggle-dark-mode').addEventListener('click', async () => {
   const isDarkMode = await window.darkMode.toggle()
   document.getElementById('theme-source').innerHTML = isDarkMode ? 'Dark' : 'Light'

docs/tutorial/devices.md

@@ -142,6 +142,8 @@ Electron provides several APIs for working with the WebUSB API:
   `setDevicePermissionHandler`.
 * [`ses.setPermissionCheckHandler(handler)`](../api/session.md#sessetpermissioncheckhandlerhandler)
   can be used to disable USB access for specific origins.
+* [`ses.setUSBProtectedClassesHandler](../api/session.md#sessetusbprotectedclasseshandlerhandler)
+  can be used to allow usage of [protected USB classes](https://wicg.github.io/webusb/#usbinterface-interface) that are not available by default.
 
 ### Example
 

docs/tutorial/fuses.md

@@ -67,7 +67,7 @@ The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is
 
 We've made a handy module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make flipping these fuses easy.  Check out the README of that module for more details on usage and potential error cases.
 
-```js
+```js @ts-nocheck
 require('@electron/fuses').flipFuses(
   // Path to electron
   require('electron'),

docs/tutorial/installation.md

@@ -66,7 +66,7 @@ You can use environment variables to override the base URL, the path at which to
 look for Electron binaries, and the binary filename. The URL used by `@electron/get`
 is composed as follows:
 
-```javascript
+```javascript @ts-nocheck
 url = ELECTRON_MIRROR + ELECTRON_CUSTOM_DIR + '/' + ELECTRON_CUSTOM_FILENAME
 ```
 

docs/tutorial/ipc.md

@@ -138,7 +138,7 @@ To make these elements interactive, we'll be adding a few lines of code in the i
 `renderer.js` file that leverages the `window.electronAPI` functionality exposed from the preload
 script:
 
-```javascript title='renderer.js (Renderer Process)'
+```javascript title='renderer.js (Renderer Process)' @ts-expect-error=[4,5]
 const setButton = document.getElementById('btn')
 const titleInput = document.getElementById('title')
 setButton.addEventListener('click', () => {
@@ -182,13 +182,13 @@ provided to the renderer process. Please refer to
 :::
 
 ```javascript {6-13,25} title='main.js (Main Process)'
-const { BrowserWindow, dialog, ipcMain } = require('electron')
+const { app, BrowserWindow, dialog, ipcMain } = require('electron')
 const path = require('path')
 
 // ...
 
 async function handleFileOpen () {
-  const { canceled, filePaths } = await dialog.showOpenDialog()
+  const { canceled, filePaths } = await dialog.showOpenDialog({})
   if (!canceled) {
     return filePaths[0]
   }
@@ -203,7 +203,7 @@ function createWindow () {
   mainWindow.loadFile('index.html')
 }
 
-app.whenReady(() => {
+app.whenReady().then(() => {
   ipcMain.handle('dialog:openFile', handleFileOpen)
   createWindow()
 })
@@ -263,7 +263,7 @@ The UI consists of a single `#btn` button element that will be used to trigger o
 a `#filePath` element that will be used to display the path of the selected file. Making these
 pieces work will take a few lines of code in the renderer process script:
 
-```javascript title='renderer.js (Renderer Process)'
+```javascript title='renderer.js (Renderer Process)' @ts-expect-error=[5]
 const btn = document.getElementById('btn')
 const filePathElement = document.getElementById('filePath')
 
@@ -412,7 +412,7 @@ function createWindow () {
 For the purposes of the tutorial, it's important to note that the `click` handler
 sends a message (either `1` or `-1`) to the renderer process through the `update-counter` channel.
 
-```javascript
+```javascript @ts-nocheck
 click: () => mainWindow.webContents.send('update-counter', -1)
 ```
 
@@ -486,7 +486,7 @@ To tie it all together, we'll create an interface in the loaded HTML file that c
 Finally, to make the values update in the HTML document, we'll add a few lines of DOM manipulation
 so that the value of the `#counter` element is updated whenever we fire an `update-counter` event.
 
-```javascript title='renderer.js (Renderer Process)'
+```javascript title='renderer.js (Renderer Process)' @ts-nocheck
 const counter = document.getElementById('counter')
 
 window.electronAPI.onUpdateCounter((_event, value) => {
@@ -509,7 +509,7 @@ We can demonstrate this with slight modifications to the code from the previous
 renderer process, use the `event` parameter to send a reply back to the main process through the
 `counter-value` channel.
 
-```javascript title='renderer.js (Renderer Process)'
+```javascript title='renderer.js (Renderer Process)' @ts-nocheck
 const counter = document.getElementById('counter')
 
 window.electronAPI.onUpdateCounter((event, value) => {

docs/tutorial/keyboard-shortcuts.md

@@ -56,7 +56,7 @@ Starting with a working application from the
 [Quick Start Guide](quick-start.md), update the `main.js` file with the
 following lines:
 
-```javascript fiddle='docs/fiddles/features/keyboard-shortcuts/global'
+```javascript fiddle='docs/fiddles/features/keyboard-shortcuts/global' @ts-type={createWindow:()=>void}
 const { app, globalShortcut } = require('electron')
 
 app.whenReady().then(() => {
@@ -131,7 +131,7 @@ If you don't want to do manual shortcut parsing, there are libraries that do
 advanced key detection, such as [mousetrap][]. Below are examples of usage of the
 `mousetrap` running in the Renderer process:
 
-```js
+```js @ts-nocheck
 Mousetrap.bind('4', () => { console.log('4') })
 Mousetrap.bind('?', () => { console.log('show shortcuts!') })
 Mousetrap.bind('esc', () => { console.log('escape') }, 'keyup')

docs/tutorial/launch-app-from-url-in-another-app.md

@@ -45,6 +45,8 @@ if (process.defaultApp) {
 We will now define the function in charge of creating our browser window and load our application's `index.html` file.
 
 ```javascript
+let mainWindow
+
 const createWindow = () => {
   // Create the browser window.
   mainWindow = new BrowserWindow({
@@ -65,7 +67,7 @@ This code will be different in Windows compared to MacOS and Linux. This is due
 
 #### Windows code:
 
-```javascript
+```javascript @ts-type={mainWindow:Electron.BrowserWindow} @ts-type={createWindow:()=>void}
 const gotTheLock = app.requestSingleInstanceLock()
 
 if (!gotTheLock) {
@@ -91,7 +93,7 @@ if (!gotTheLock) {
 
 #### MacOS and Linux code:
 
-```javascript
+```javascript @ts-type={createWindow:()=>void}
 // This method will be called when Electron has finished
 // initialization and is ready to create browser windows.
 // Some APIs can only be used after this event occurs.
@@ -166,7 +168,7 @@ If you're using Electron Packager's API, adding support for protocol handlers is
 Electron Forge is handled, except
 `protocols` is part of the Packager options passed to the `packager` function.
 
-```javascript
+```javascript @ts-nocheck
 const packager = require('electron-packager')
 
 packager({

docs/tutorial/message-ports.md

@@ -126,7 +126,7 @@ app.whenReady().then(async () => {
 Then, in your preload scripts you receive the port through IPC and set up the
 listeners.
 
-```js title='preloadMain.js and preloadSecondary.js (Preload scripts)'
+```js title='preloadMain.js and preloadSecondary.js (Preload scripts)' @ts-nocheck
 const { ipcRenderer } = require('electron')
 
 ipcRenderer.on('port', e => {
@@ -148,7 +148,7 @@ That means window.electronMessagePort is globally available and you can call
 `postMessage` on it from anywhere in your app to send a message to the other
 renderer.
 
-```js title='renderer.js (Renderer Process)'
+```js title='renderer.js (Renderer Process)' @ts-nocheck
 // elsewhere in your code to send a message to the other renderers message handler
 window.electronMessagePort.postmessage('ping')
 ```
@@ -181,7 +181,7 @@ app.whenReady().then(async () => {
   // We can't use ipcMain.handle() here, because the reply needs to transfer a
   // MessagePort.
   // Listen for message sent from the top-level frame
-  mainWindow.webContents.mainFrame.on('request-worker-channel', (event) => {
+  mainWindow.webContents.mainFrame.ipc.on('request-worker-channel', (event) => {
     // Create a new channel ...
     const { port1, port2 } = new MessageChannelMain()
     // ... send one end to the worker ...
@@ -245,7 +245,7 @@ Electron's built-in IPC methods only support two modes: fire-and-forget
 can implement a "response stream", where a single request responds with a
 stream of data.
 
-```js title='renderer.js (Renderer Process)'
+```js title='renderer.js (Renderer Process)' @ts-expect-error=[18]
 const makeStreamingRequest = (element, callback) => {
   // MessageChannels are lightweight--it's cheap to create a new one for each
   // request.

docs/tutorial/multithreading.md

@@ -42,7 +42,7 @@ safe.
 The only way to load a native module safely for now, is to make sure the app
 loads no native modules after the Web Workers get started.
 
-```javascript
+```javascript @ts-expect-error=[1]
 process.dlopen = () => {
   throw new Error('Load native module is not safe')
 }

docs/tutorial/native-file-drag-drop.md

@@ -22,6 +22,7 @@ In `preload.js` use the [`contextBridge`][] to inject a method `window.electron.
 
 ```js
 const { contextBridge, ipcRenderer } = require('electron')
+const path = require('path')
 
 contextBridge.exposeInMainWorld('electron', {
   startDrag: (fileName) => {
@@ -43,7 +44,7 @@ Add a draggable element to `index.html`, and reference your renderer script:
 
 In `renderer.js` set up the renderer process to handle drag events by calling the method you added via the [`contextBridge`][] above.
 
-```javascript
+```javascript @ts-expect-error=[3]
 document.getElementById('drag').ondragstart = (event) => {
   event.preventDefault()
   window.electron.startDrag('drag-and-drop.md')

docs/tutorial/performance.md

@@ -172,7 +172,7 @@ in the fictitious `.foo` format. In order to do that, it relies on the
 equally fictitious `foo-parser` module. In traditional Node.js development,
 you might write code that eagerly loads dependencies:
 
-```js title='parser.js'
+```js title='parser.js' @ts-expect-error=[2]
 const fs = require('fs')
 const fooParser = require('foo-parser')
 
@@ -195,7 +195,7 @@ In the above example, we're doing a lot of work that's being executed as soon
 as the file is loaded. Do we need to get parsed files right away? Could we
 do this work a little later, when `getParsedFiles()` is actually called?
 
-```js title='parser.js'
+```js title='parser.js' @ts-expect-error=[20]
 // "fs" is likely already being loaded, so the `require()` call is cheap
 const fs = require('fs')
 
@@ -204,7 +204,7 @@ class Parser {
     // Touch the disk as soon as `getFiles` is called, not sooner.
     // Also, ensure that we're not blocking other operations by using
     // the asynchronous version.
-    this.files = this.files || await fs.readdir('.')
+    this.files = this.files || await fs.promises.readdir('.')
 
     return this.files
   }

docs/tutorial/process-model.md

@@ -175,13 +175,13 @@ Although preload scripts share a `window` global with the renderer they're attac
 you cannot directly attach any variables from the preload script to `window` because of
 the [`contextIsolation`][context-isolation] default.
 
-```js title='preload.js'
+```js title='preload.js' @ts-nocheck
 window.myAPI = {
   desktop: true
 }
 ```
 
-```js title='renderer.js'
+```js title='renderer.js' @ts-nocheck
 console.log(window.myAPI)
 // => undefined
 ```
@@ -200,7 +200,7 @@ contextBridge.exposeInMainWorld('myAPI', {
 })
 ```
 
-```js title='renderer.js'
+```js title='renderer.js' @ts-nocheck
 console.log(window.myAPI)
 // => { desktop: true }
 ```

docs/tutorial/quick-start.md

@@ -182,7 +182,7 @@ In Electron, browser windows can only be created after the `app` module's
 [`app.whenReady()`][app-when-ready] API. Call `createWindow()` after `whenReady()`
 resolves its Promise.
 
-```js
+```js @ts-type={createWindow:()=>void}
 app.whenReady().then(() => {
   createWindow()
 })
@@ -239,7 +239,7 @@ from within your existing `whenReady()` callback.
 
 [activate]: ../api/app.md#event-activate-macos
 
-```js
+```js @ts-type={createWindow:()=>void}
 app.whenReady().then(() => {
   createWindow()
 
@@ -290,6 +290,7 @@ To attach this script to your renderer process, pass in the path to your preload
 to the `webPreferences.preload` option in your existing `BrowserWindow` constructor.
 
 ```js
+const { app, BrowserWindow } = require('electron')
 // include the Node.js 'path' module at the top of your file
 const path = require('path')
 

docs/tutorial/sandbox.md

@@ -46,7 +46,7 @@ scripts attached to sandboxed renderers will still have a polyfilled subset of N
 APIs available. A `require` function similar to Node's `require` module is exposed,
 but can only import a subset of Electron and Node's built-in modules:
 
-* `electron` (only renderer process modules)
+* `electron` (following renderer process modules: `contextBridge`, `crashReporter`, `ipcRenderer`, `nativeImage`, `webFrame`)
 * [`events`](https://nodejs.org/api/events.html)
 * [`timers`](https://nodejs.org/api/timers.html)
 * [`url`](https://nodejs.org/api/url.html)

docs/tutorial/security.md

@@ -141,7 +141,7 @@ like `HTTP`. Similarly, we recommend the use of `WSS` over `WS`, `FTPS` over
 
 #### How?
 
-```js title='main.js (Main Process)'
+```js title='main.js (Main Process)' @ts-type={browserWindow:Electron.BrowserWindow}
 // Bad
 browserWindow.loadURL('http://example.com')
 
@@ -278,7 +278,7 @@ security-conscious developers might want to assume the very opposite.
 
 ```js title='main.js (Main Process)'
 const { session } = require('electron')
-const URL = require('url').URL
+const { URL } = require('url')
 
 session
   .fromPartition('some-partition')
@@ -608,7 +608,8 @@ sometimes be fooled - a `startsWith('https://example.com')` test would let
 `https://example.com.attacker.com` through.
 
 ```js title='main.js (Main Process)'
-const URL = require('url').URL
+const { URL } = require('url')
+const { app } = require('electron')
 
 app.on('web-contents-created', (event, contents) => {
   contents.on('will-navigate', (event, navigationUrl) => {
@@ -647,8 +648,8 @@ receive, amongst other parameters, the `url` the window was requested to open
 and the options used to create it. We recommend that you register a handler to
 monitor the creation of windows, and deny any unexpected window creation.
 
-```js title='main.js (Main Process)'
-const { shell } = require('electron')
+```js title='main.js (Main Process)' @ts-type={isSafeForExternalOpen:(url:string)=>boolean}
+const { app, shell } = require('electron')
 
 app.on('web-contents-created', (event, contents) => {
   contents.setWindowOpenHandler(({ url }) => {
@@ -683,7 +684,7 @@ leveraged to execute arbitrary commands.
 
 #### How?
 
-```js title='main.js (Main Process)'
+```js title='main.js (Main Process)' @ts-type={USER_CONTROLLED_DATA_HERE:string}
 //  Bad
 const { shell } = require('electron')
 shell.openExternal(USER_CONTROLLED_DATA_HERE)
@@ -739,7 +740,7 @@ You should be validating the `sender` of **all** IPC messages by default.
 
 #### How?
 
-```js title='main.js (Main Process)'
+```js title='main.js (Main Process)' @ts-type={getSecrets:()=>unknown}
 // Bad
 ipcMain.handle('get-secrets', () => {
   return getSecrets()

docs/tutorial/snapcraft.md

@@ -72,7 +72,7 @@ npx electron-installer-snap --src=out/myappname-linux-x64
 If you have an existing build pipeline, you can use `electron-installer-snap`
 programmatically. For more information, see the [Snapcraft API docs][snapcraft-syntax].
 
-```js
+```js @ts-nocheck
 const snap = require('electron-installer-snap')
 
 snap(options)

docs/tutorial/spellchecker.md

@@ -20,12 +20,12 @@ On macOS as we use the native APIs there is no way to set the language that the
 
 For Windows and Linux there are a few Electron APIs you should use to set the languages for the spellchecker.
 
-```js
+```js @ts-type={myWindow:Electron.BrowserWindow}
 // Sets the spellchecker to check English US and French
-myWindow.session.setSpellCheckerLanguages(['en-US', 'fr'])
+myWindow.webContents.session.setSpellCheckerLanguages(['en-US', 'fr'])
 
 // An array of all available language codes
-const possibleLanguages = myWindow.session.availableSpellCheckerLanguages
+const possibleLanguages = myWindow.webContents.session.availableSpellCheckerLanguages
 ```
 
 By default the spellchecker will enable the language matching the current OS locale.
@@ -35,7 +35,7 @@ By default the spellchecker will enable the language matching the current OS loc
 All the required information to generate a context menu is provided in the [`context-menu`](../api/web-contents.md#event-context-menu) event on each `webContents` instance.  A small example
 of how to make a context menu with this information is provided below.
 
-```js
+```js @ts-type={myWindow:Electron.BrowserWindow}
 const { Menu, MenuItem } = require('electron')
 
 myWindow.webContents.on('context-menu', (event, params) => {
@@ -45,7 +45,7 @@ myWindow.webContents.on('context-menu', (event, params) => {
   for (const suggestion of params.dictionarySuggestions) {
     menu.append(new MenuItem({
       label: suggestion,
-      click: () => mainWindow.webContents.replaceMisspelling(suggestion)
+      click: () => myWindow.webContents.replaceMisspelling(suggestion)
     }))
   }
 
@@ -54,7 +54,7 @@ myWindow.webContents.on('context-menu', (event, params) => {
     menu.append(
       new MenuItem({
         label: 'Add to dictionary',
-        click: () => mainWindow.webContents.session.addWordToSpellCheckerDictionary(params.misspelledWord)
+        click: () => myWindow.webContents.session.addWordToSpellCheckerDictionary(params.misspelledWord)
       })
     )
   }
@@ -67,8 +67,8 @@ myWindow.webContents.on('context-menu', (event, params) => {
 
 Although the spellchecker itself does not send any typings, words or user input to Google services the hunspell dictionary files are downloaded from a Google CDN by default.  If you want to avoid this you can provide an alternative URL to download the dictionaries from.
 
-```js
-myWindow.session.setSpellCheckerDictionaryDownloadURL('https://example.com/dictionaries/')
+```js @ts-type={myWindow:Electron.BrowserWindow}
+myWindow.webContents.session.setSpellCheckerDictionaryDownloadURL('https://example.com/dictionaries/')
 ```
 
 Check out the docs for [`session.setSpellCheckerDictionaryDownloadURL`](../api/session.md#sessetspellcheckerdictionarydownloadurlurl) for more information on where to get the dictionary files from and how you need to host them.

docs/tutorial/tray.md

@@ -51,7 +51,7 @@ app.whenReady().then(() => {
 
 Great! Now we can start attaching a context menu to our Tray, like so:
 
-```js
+```js @ts-expect-error=[8]
 const contextMenu = Menu.buildFromTemplate([
   { label: 'Item1', type: 'radio' },
   { label: 'Item2', type: 'radio' },
@@ -68,7 +68,7 @@ To read more about constructing native menus, click
 
 Finally, let's give our tray a tooltip and a title.
 
-```js
+```js @ts-type={tray:Electron.Tray}
 tray.setToolTip('This is my application')
 tray.setTitle('This is my title')
 ```

docs/tutorial/tutorial-2-first-app.md

@@ -256,7 +256,7 @@ const createWindow = () => {
 
 ### Calling your function when the app is ready
 
-```js title='main.js (Lines 12-14)'
+```js title='main.js (Lines 12-14)' @ts-type={createWindow:()=>void}
 app.whenReady().then(() => {
   createWindow()
 })
@@ -336,7 +336,7 @@ Because windows cannot be created before the `ready` event, you should only list
 `activate` events after your app is initialized. Do this by only listening for activate
 events inside your existing `whenReady()` callback.
 
-```js
+```js @ts-type={createWindow:()=>void}
 app.whenReady().then(() => {
   createWindow()
 

docs/tutorial/tutorial-3-preload.md

@@ -118,7 +118,7 @@ information in the window. This variable can be accessed via `window.versions` o
 `versions`. Create a `renderer.js` script that uses the [`document.getElementById`][]
 DOM API to replace the displayed text for the HTML element with `info` as its `id` property.
 
-```js title="renderer.js"
+```js title="renderer.js" @ts-nocheck
 const information = document.getElementById('info')
 information.innerText = `This app is using Chrome (v${versions.chrome()}), Node.js (v${versions.node()}), and Electron (v${versions.electron()})`
 ```
@@ -225,7 +225,7 @@ app.whenReady().then(() => {
 Once you have the sender and receiver set up, you can now send messages from the renderer
 to the main process through the `'ping'` channel you just defined.
 
-```js title='renderer.js'
+```js title='renderer.js' @ts-expect-error=[2]
 const func = async () => {
   const response = await window.versions.ping()
   console.log(response) // prints out 'pong'

docs/tutorial/tutorial-6-publishing-updating.md

@@ -188,7 +188,7 @@ npm install update-electron-app
 
 Then, import the module and call it immediately in the main process.
 
-```js title='main.js'
+```js title='main.js' @ts-nocheck
 require('update-electron-app')()
 ```
 

docs/tutorial/updates.md

@@ -32,7 +32,7 @@ npm install update-electron-app
 
 Then, invoke the updater from your app's main process file:
 
-```js title="main.js"
+```js title="main.js" @ts-nocheck
 require('update-electron-app')()
 ```
 
@@ -113,7 +113,7 @@ Now that you've configured the basic update mechanism for your application, you
 need to ensure that the user will get notified when there's an update. This
 can be achieved using the [autoUpdater API events](../api/auto-updater.md#events):
 
-```javascript title="main.js"
+```javascript title="main.js" @ts-expect-error=[11]
 autoUpdater.on('update-downloaded', (event, releaseNotes, releaseName) => {
   const dialogOpts = {
     type: 'info',

docs/tutorial/window-customization.md

@@ -115,7 +115,7 @@ const win = new BrowserWindow({
 })
 ```
 
-On either platform `titleBarOverlay` can also be an object. On both macOS and Windows, the height of the overlay can be specified with the `height` property. On Windows, the color of the overlay and its symbols can be specified using the `color` and `symbolColor` properties respectively.
+On either platform `titleBarOverlay` can also be an object. On both macOS and Windows, the height of the overlay can be specified with the `height` property. On Windows, the color of the overlay and its symbols can be specified using the `color` and `symbolColor` properties respectively. `rgba()`, `hsla()`, and `#RRGGBBAA` color formats are supported to apply transparency.
 
 If a color option is not specified, the color will default to its system color for the window control buttons. Similarly, if the height option is not specified it will default to the default height:
 
@@ -136,10 +136,6 @@ const win = new BrowserWindow({
 > color and dimension values from a renderer using a set of readonly
 > [JavaScript APIs][overlay-javascript-apis] and [CSS Environment Variables][overlay-css-env-vars].
 
-### Limitations
-
-* Transparent colors are currently not supported. Progress updates for this feature can be found in PR [#33567](https://github.com/electron/electron/issues/33567).
-
 ## Create transparent windows
 
 By setting the `transparent` option to `true`, you can make a fully transparent window.
@@ -196,9 +192,9 @@ const win = new BrowserWindow({
   }
 })
 
-ipcMain.on('set-ignore-mouse-events', (event, ...args) => {
+ipcMain.on('set-ignore-mouse-events', (event, ignore, options) => {
   const win = BrowserWindow.fromWebContents(event.sender)
-  win.setIgnoreMouseEvents(...args)
+  win.setIgnoreMouseEvents(ignore, options)
 })
 ```
 

docs/tutorial/windows-taskbar.md

@@ -125,7 +125,7 @@ Starting with a working application from the
 following lines:
 
 ```javascript
-const { BrowserWindow } = require('electron')
+const { BrowserWindow, nativeImage } = require('electron')
 const path = require('path')
 
 const win = new BrowserWindow()
@@ -133,11 +133,11 @@ const win = new BrowserWindow()
 win.setThumbarButtons([
   {
     tooltip: 'button1',
-    icon: path.join(__dirname, 'button1.png'),
+    icon: nativeImage.createFromPath(path.join(__dirname, 'button1.png')),
     click () { console.log('button1 clicked') }
   }, {
     tooltip: 'button2',
-    icon: path.join(__dirname, 'button2.png'),
+    icon: nativeImage.createFromPath(path.join(__dirname, 'button2.png')),
     flags: ['enabled', 'dismissonclick'],
     click () { console.log('button2 clicked.') }
   }
@@ -189,11 +189,11 @@ Starting with a working application from the
 following lines:
 
 ```javascript
-const { BrowserWindow } = require('electron')
+const { BrowserWindow, nativeImage } = require('electron')
 
 const win = new BrowserWindow()
 
-win.setOverlayIcon('path/to/overlay.png', 'Description for overlay')
+win.setOverlayIcon(nativeImage.createFromPath('path/to/overlay.png'), 'Description for overlay')
 ```
 
 [msdn-icon-overlay]: https://learn.microsoft.com/en-us/windows/win32/shell/taskbar-extensions#icon-overlays

filenames.gni

@@ -695,8 +695,6 @@ filenames = {
     "shell/browser/extensions/api/management/electron_management_api_delegate.h",
     "shell/browser/extensions/api/resources_private/resources_private_api.cc",
     "shell/browser/extensions/api/resources_private/resources_private_api.h",
-    "shell/browser/extensions/api/pdf_viewer_private/pdf_viewer_private_api.cc",
-    "shell/browser/extensions/api/pdf_viewer_private/pdf_viewer_private_api.h",
     "shell/browser/extensions/api/runtime/electron_runtime_api_delegate.cc",
     "shell/browser/extensions/api/runtime/electron_runtime_api_delegate.h",
     "shell/browser/extensions/api/streams_private/streams_private_api.cc",

lib/browser/api/protocol.ts

@@ -60,6 +60,26 @@ function convertToRequestBody (uploadData: ProtocolRequest['uploadData']): Reque
   }) as RequestInit['body'];
 }
 
+// TODO(codebytere): Use Object.hasOwn() once we update to ECMAScript 2022.
+function validateResponse (res: Response) {
+  if (!res || typeof res !== 'object') return false;
+
+  if (res.type === 'error') return true;
+
+  const exists = (key: string) => Object.prototype.hasOwnProperty.call(res, key);
+
+  if (exists('status') && typeof res.status !== 'number') return false;
+  if (exists('statusText') && typeof res.statusText !== 'string') return false;
+  if (exists('headers') && typeof res.headers !== 'object') return false;
+
+  if (exists('body')) {
+    if (typeof res.body !== 'object') return false;
+    if (res.body !== null && !(res.body instanceof ReadableStream)) return false;
+  }
+
+  return true;
+}
+
 Protocol.prototype.handle = function (this: Electron.Protocol, scheme: string, handler: (req: Request) => Response | Promise<Response>) {
   const register = isBuiltInScheme(scheme) ? this.interceptProtocol : this.registerProtocol;
   const success = register.call(this, scheme, async (preq: ProtocolRequest, cb: any) => {
@@ -73,13 +93,14 @@ Protocol.prototype.handle = function (this: Electron.Protocol, scheme: string, h
         duplex: body instanceof ReadableStream ? 'half' : undefined
       } as any);
       const res = await handler(req);
-      if (!res || typeof res !== 'object') {
+      if (!validateResponse(res)) {
         return cb({ error: ERR_UNEXPECTED });
-      }
-      if (res.type === 'error') { cb({ error: ERR_FAILED }); } else {
+      } else if (res.type === 'error') {
+        cb({ error: ERR_FAILED });
+      } else {
         cb({
           data: res.body ? Readable.fromWeb(res.body as ReadableStream<ArrayBufferView>) : null,
-          headers: Object.fromEntries(res.headers),
+          headers: res.headers ? Object.fromEntries(res.headers) : {},
           statusCode: res.status,
           statusText: res.statusText,
           mimeType: (res as any).__original_resp?._responseHead?.mimeType

lib/browser/api/web-contents.ts

@@ -335,36 +335,44 @@ WebContents.prototype.printToPDF = async function (options) {
   }
 };
 
-WebContents.prototype.print = function (options: ElectronInternal.WebContentsPrintOptions = {}, callback) {
-  // TODO(codebytere): deduplicate argument sanitization by moving rest of
-  // print param logic into new file shared between printToPDF and print
+// TODO(codebytere): deduplicate argument sanitization by moving rest of
+// print param logic into new file shared between printToPDF and print
+WebContents.prototype.print = function (options: ElectronInternal.WebContentsPrintOptions, callback) {
   if (typeof options === 'object') {
-    // Optionally set size for PDF.
-    if (options.pageSize !== undefined) {
-      const pageSize = options.pageSize;
-      if (typeof pageSize === 'object') {
-        if (!pageSize.height || !pageSize.width) {
-          throw new Error('height and width properties are required for pageSize');
-        }
-
-        // Dimensions in Microns - 1 meter = 10^6 microns
-        const height = Math.ceil(pageSize.height);
-        const width = Math.ceil(pageSize.width);
-        if (!isValidCustomPageSize(width, height)) {
-          throw new Error('height and width properties must be minimum 352 microns.');
-        }
-
-        options.mediaSize = {
-          name: 'CUSTOM',
-          custom_display_name: 'Custom',
-          height_microns: height,
-          width_microns: width
-        };
-      } else if (PDFPageSizes[pageSize]) {
-        options.mediaSize = PDFPageSizes[pageSize];
-      } else {
-        throw new Error(`Unsupported pageSize: ${pageSize}`);
+    const pageSize = options.pageSize ?? 'A4';
+    if (typeof pageSize === 'object') {
+      if (!pageSize.height || !pageSize.width) {
+        throw new Error('height and width properties are required for pageSize');
       }
+
+      // Dimensions in Microns - 1 meter = 10^6 microns
+      const height = Math.ceil(pageSize.height);
+      const width = Math.ceil(pageSize.width);
+      if (!isValidCustomPageSize(width, height)) {
+        throw new Error('height and width properties must be minimum 352 microns.');
+      }
+
+      options.mediaSize = {
+        name: 'CUSTOM',
+        custom_display_name: 'Custom',
+        height_microns: height,
+        width_microns: width,
+        imageable_area_left_microns: 0,
+        imageable_area_bottom_microns: 0,
+        imageable_area_right_microns: width,
+        imageable_area_top_microns: height
+      };
+    } else if (typeof pageSize === 'string' && PDFPageSizes[pageSize]) {
+      const mediaSize = PDFPageSizes[pageSize];
+      options.mediaSize = {
+        ...mediaSize,
+        imageable_area_left_microns: 0,
+        imageable_area_bottom_microns: 0,
+        imageable_area_right_microns: mediaSize.width_microns,
+        imageable_area_top_microns: mediaSize.height_microns
+      };
+    } else {
+      throw new Error(`Unsupported pageSize: ${pageSize}`);
     }
   }
 

lib/common/web-view-methods.ts

@@ -31,11 +31,15 @@ export const syncMethods = new Set([
   'redo',
   'cut',
   'copy',
+  'centerSelection',
   'paste',
   'pasteAndMatchStyle',
   'delete',
   'selectAll',
   'unselect',
+  'scrollToTop',
+  'scrollToBottom',
+  'adjustSelection',
   'replace',
   'replaceMisspelling',
   'findInPage',

package.json

@@ -8,8 +8,8 @@
     "@electron/asar": "^3.2.1",
     "@electron/docs-parser": "^1.1.0",
     "@electron/fiddle-core": "^1.0.4",
-    "@electron/github-app-auth": "^1.5.0",
-    "@electron/lint-roller": "^1.2.1",
+    "@electron/github-app-auth": "^2.0.0",
+    "@electron/lint-roller": "^1.5.0",
     "@electron/typescript-definitions": "^8.14.0",
     "@octokit/rest": "^19.0.7",
     "@primer/octicons": "^10.0.0",
@@ -30,6 +30,7 @@
     "@types/stream-json": "^1.5.1",
     "@types/temp": "^0.8.34",
     "@types/uuid": "^3.4.6",
+    "@types/w3c-web-serial": "^1.0.3",
     "@types/webpack": "^5.28.0",
     "@types/webpack-env": "^1.17.0",
     "@typescript-eslint/eslint-plugin": "^4.4.1",
@@ -59,7 +60,6 @@
     "lint-staged": "^10.2.11",
     "minimist": "^1.2.6",
     "null-loader": "^4.0.0",
-    "patch-package": "^7.0.0",
     "pre-flight": "^1.1.0",
     "process": "^0.11.10",
     "remark-cli": "^10.0.0",
@@ -89,10 +89,11 @@
     "lint:objc": "node ./script/lint.js --objc",
     "lint:py": "node ./script/lint.js --py",
     "lint:gn": "node ./script/lint.js --gn",
-    "lint:docs": "remark docs -qf && npm run lint:js-in-markdown && npm run create-typescript-definitions && npm run lint:docs-fiddles && npm run lint:docs-relative-links && npm run lint:markdownlint",
+    "lint:docs": "remark docs -qf && npm run lint:js-in-markdown && npm run create-typescript-definitions && npm run lint:ts-check-js-in-markdown && npm run lint:docs-fiddles && npm run lint:docs-relative-links && npm run lint:markdownlint",
     "lint:docs-fiddles": "standard \"docs/fiddles/**/*.js\"",
     "lint:docs-relative-links": "electron-lint-markdown-links --root docs \"**/*.md\"",
     "lint:markdownlint": "electron-markdownlint \"*.md\" \"docs/**/*.md\"",
+    "lint:ts-check-js-in-markdown": "electron-lint-markdown-ts-check --root docs \"**/*.md\" --ignore \"breaking-changes.md\"",
     "lint:js-in-markdown": "electron-lint-markdown-standard --root docs \"**/*.md\"",
     "create-api-json": "node script/create-api-json.js",
     "create-typescript-definitions": "npm run create-api-json && electron-typescript-definitions --api=electron-api.json && node spec/ts-smoke/runner.js",
@@ -103,7 +104,7 @@
     "precommit": "lint-staged",
     "preinstall": "node -e 'process.exit(0)'",
     "prepack": "check-for-leaks",
-    "prepare": "husky install && patch-package --patch-dir patches_npm",
+    "prepare": "husky install",
     "repl": "node ./script/start.js --interactive",
     "start": "node ./script/start.js",
     "test": "node ./script/spec-runner.js",
@@ -150,7 +151,6 @@
     ]
   },
   "resolutions": {
-    "nan": "nodejs/nan#16fa32231e2ccd89d2804b3f765319128b20c4ac",
-    "@octokit/request": "6.2.3"
+    "nan": "nodejs/nan#16fa32231e2ccd89d2804b3f765319128b20c4ac"
   }
 }

patches/angle/.patches

@@ -0,0 +1 @@
+cherry-pick-d0ee0197ddff.patch

patches/angle/cherry-pick-d0ee0197ddff.patch

@@ -0,0 +1,208 @@
+From d0ee0197ddff25fe1a9876511c07542ac483702d Mon Sep 17 00:00:00 2001
+From: Shahbaz Youssefi <syoussefi@chromium.org>
+Date: Wed, 03 May 2023 13:41:36 -0400
+Subject: [PATCH] WebGL: Limit total size of private data
+
+... not just individual arrays.
+
+Bug: chromium:1431761
+Change-Id: I721e29aeceeaf12c3f6a67b668abffb8dfbc89b0
+Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4503753
+Reviewed-by: Kenneth Russell <kbr@chromium.org>
+Commit-Queue: Shahbaz Youssefi <syoussefi@chromium.org>
+---
+
+diff --git a/src/compiler/translator/ValidateTypeSizeLimitations.cpp b/src/compiler/translator/ValidateTypeSizeLimitations.cpp
+index 6097b6d..2a033ad 100644
+--- a/src/compiler/translator/ValidateTypeSizeLimitations.cpp
++++ b/src/compiler/translator/ValidateTypeSizeLimitations.cpp
+@@ -35,7 +35,9 @@
+ {
+   public:
+     ValidateTypeSizeLimitationsTraverser(TSymbolTable *symbolTable, TDiagnostics *diagnostics)
+-        : TIntermTraverser(true, false, false, symbolTable), mDiagnostics(diagnostics)
++        : TIntermTraverser(true, false, false, symbolTable),
++          mDiagnostics(diagnostics),
++          mTotalPrivateVariablesSize(0)
+     {
+         ASSERT(diagnostics);
+     }
+@@ -93,18 +95,33 @@
+             const bool isPrivate = variableType.getQualifier() == EvqTemporary ||
+                                    variableType.getQualifier() == EvqGlobal ||
+                                    variableType.getQualifier() == EvqConst;
+-            if (layoutEncoder.getCurrentOffset() > kMaxPrivateVariableSizeInBytes && isPrivate)
++            if (isPrivate)
+             {
+-                error(asSymbol->getLine(),
+-                      "Size of declared private variable exceeds implementation-defined limit",
+-                      asSymbol->getName());
+-                return false;
++                if (layoutEncoder.getCurrentOffset() > kMaxPrivateVariableSizeInBytes)
++                {
++                    error(asSymbol->getLine(),
++                          "Size of declared private variable exceeds implementation-defined limit",
++                          asSymbol->getName());
++                    return false;
++                }
++                mTotalPrivateVariablesSize += layoutEncoder.getCurrentOffset();
+             }
+         }
+ 
+         return true;
+     }
+ 
++    void validateTotalPrivateVariableSize()
++    {
++        if (mTotalPrivateVariablesSize > kMaxPrivateVariableSizeInBytes)
++        {
++            mDiagnostics->error(
++                TSourceLoc{},
++                "Total size of declared private variables exceeds implementation-defined limit",
++                "");
++        }
++    }
++
+   private:
+     void error(TSourceLoc loc, const char *reason, const ImmutableString &token)
+     {
+@@ -213,6 +230,8 @@
+ 
+     TDiagnostics *mDiagnostics;
+     std::vector<int> mLoopSymbolIds;
++
++    size_t mTotalPrivateVariablesSize;
+ };
+ 
+ }  // namespace
+@@ -223,6 +242,7 @@
+ {
+     ValidateTypeSizeLimitationsTraverser validate(symbolTable, diagnostics);
+     root->traverse(&validate);
++    validate.validateTotalPrivateVariableSize();
+     return diagnostics->numErrors() == 0;
+ }
+ 
+diff --git a/src/tests/gl_tests/WebGLCompatibilityTest.cpp b/src/tests/gl_tests/WebGLCompatibilityTest.cpp
+index e62c8fb..996bad1 100644
+--- a/src/tests/gl_tests/WebGLCompatibilityTest.cpp
++++ b/src/tests/gl_tests/WebGLCompatibilityTest.cpp
+@@ -5271,11 +5271,12 @@
+     // fairly small array.
+     constexpr char kVSArrayOK[] =
+         R"(varying vec4 color;
+-const int array_size = 1000;
++const int array_size = 500;
+ void main()
+ {
+     mat2 array[array_size];
+-    if (array[0][0][0] == 2.0)
++    mat2 array2[array_size];
++    if (array[0][0][0] + array2[0][0][0] == 2.0)
+         color = vec4(0.0, 1.0, 0.0, 1.0);
+     else
+         color = vec4(1.0, 0.0, 0.0, 1.0);
+@@ -5353,6 +5354,103 @@
+     EXPECT_EQ(0u, program);
+ }
+ 
++// Reject attempts to allocate too much private memory.
++// This is an implementation-defined limit - crbug.com/1431761.
++TEST_P(WebGLCompatibilityTest, ValidateTotalPrivateSize)
++{
++    constexpr char kTooLargeGlobalMemory1[] =
++        R"(precision mediump float;
++
++// 1 MB / 16 bytes per vec4 = 65536
++vec4 array[32768];
++vec4 array2[32769];
++
++void main()
++{
++    if (array[0].x + array[1].x == 0.)
++        gl_FragColor = vec4(0.0, 1.0, 0.0, 1.0);
++    else
++        gl_FragColor = vec4(1.0, 0.0, 0.0, 1.0);
++})";
++
++    constexpr char kTooLargeGlobalMemory2[] =
++        R"(precision mediump float;
++
++// 1 MB / 16 bytes per vec4 = 65536
++vec4 array[32767];
++vec4 array2[32767];
++vec4 x, y, z;
++
++void main()
++{
++    if (array[0].x + array[1].x == x.w + y.w + z.w)
++        gl_FragColor = vec4(0.0, 1.0, 0.0, 1.0);
++    else
++        gl_FragColor = vec4(1.0, 0.0, 0.0, 1.0);
++})";
++
++    constexpr char kTooLargeGlobalAndLocalMemory1[] =
++        R"(precision mediump float;
++
++// 1 MB / 16 bytes per vec4 = 65536
++vec4 array[32768];
++
++void main()
++{
++    vec4 array2[32769];
++    if (array[0].x + array[1].x == 2.0)
++        gl_FragColor = vec4(0.0, 1.0, 0.0, 1.0);
++    else
++        gl_FragColor = vec4(1.0, 0.0, 0.0, 1.0);
++})";
++
++    // Note: The call stack is not taken into account for the purposes of total memory calculation.
++    constexpr char kTooLargeGlobalAndLocalMemory2[] =
++        R"(precision mediump float;
++
++// 1 MB / 16 bytes per vec4 = 65536
++vec4 array[32768];
++
++float f()
++{
++    vec4 array2[16384];
++    return array2[0].x;
++}
++
++float g()
++{
++    vec4 array3[16383];
++    return array3[0].x;
++}
++
++float h()
++{
++    vec4 value;
++    float value2
++    return value.x + value2;
++}
++
++void main()
++{
++    if (array[0].x + f() + g() + h() == 2.0)
++        gl_FragColor = vec4(0.0, 1.0, 0.0, 1.0);
++    else
++        gl_FragColor = vec4(1.0, 0.0, 0.0, 1.0);
++})";
++
++    GLuint program = CompileProgram(essl1_shaders::vs::Simple(), kTooLargeGlobalMemory1);
++    EXPECT_EQ(0u, program);
++
++    program = CompileProgram(essl1_shaders::vs::Simple(), kTooLargeGlobalMemory2);
++    EXPECT_EQ(0u, program);
++
++    program = CompileProgram(essl1_shaders::vs::Simple(), kTooLargeGlobalAndLocalMemory1);
++    EXPECT_EQ(0u, program);
++
++    program = CompileProgram(essl1_shaders::vs::Simple(), kTooLargeGlobalAndLocalMemory2);
++    EXPECT_EQ(0u, program);
++}
++
+ // Linking should fail when corresponding vertex/fragment uniform blocks have different precision
+ // qualifiers.
+ TEST_P(WebGL2CompatibilityTest, UniformBlockPrecisionMismatch)

patches/boringssl/.patches

@@ -1,6 +1,3 @@
 expose_ripemd160.patch
-expose_aes-cfb.patch
-expose_des-ede3.patch
-fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch
-expose_blowfish_ciphers.patch
 revert_track_ssl_error_zero_return_explicitly.patch
+feat_expose_several_extra_cipher_functions.patch

patches/boringssl/expose_aes-cfb.patch

@@ -1,71 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jeremy Apthorp <nornagon@nornagon.net>
-Date: Fri, 18 Jan 2019 14:23:28 -0800
-Subject: expose aes-{128,256}-cfb
-
-This exposes AES-CFB ciphers through the EVP APIs. BoringSSL has
-implementations for these ciphers, but Node doesn't realise that because
-without this patch, they're not listed in the APIs that Node uses.
-
-This should be upstreamed. See e.g.
-https://boringssl-review.googlesource.com/c/boringssl/+/33984 for a
-similar patch that was merged upstream.
-
-diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
-index 62850ab6a216d401d023f81007fb59a33b4585f3..0c30b0329d32b94b22f342f95035e927797d0aaf 100644
---- a/crypto/cipher_extra/cipher_extra.c
-+++ b/crypto/cipher_extra/cipher_extra.c
-@@ -73,6 +73,7 @@ static const struct {
-   const EVP_CIPHER *(*func)(void);
- } kCiphers[] = {
-     {NID_aes_128_cbc, "aes-128-cbc", EVP_aes_128_cbc},
-+    {NID_aes_128_cfb128, "aes-128-cfb", EVP_aes_128_cfb128},
-     {NID_aes_128_ctr, "aes-128-ctr", EVP_aes_128_ctr},
-     {NID_aes_128_ecb, "aes-128-ecb", EVP_aes_128_ecb},
-     {NID_aes_128_gcm, "aes-128-gcm", EVP_aes_128_gcm},
-@@ -83,6 +84,7 @@ static const struct {
-     {NID_aes_192_gcm, "aes-192-gcm", EVP_aes_192_gcm},
-     {NID_aes_192_ofb128, "aes-192-ofb", EVP_aes_192_ofb},
-     {NID_aes_256_cbc, "aes-256-cbc", EVP_aes_256_cbc},
-+    {NID_aes_256_cfb128, "aes-256-cfb", EVP_aes_256_cfb128},
-     {NID_aes_256_ctr, "aes-256-ctr", EVP_aes_256_ctr},
-     {NID_aes_256_ecb, "aes-256-ecb", EVP_aes_256_ecb},
-     {NID_aes_256_gcm, "aes-256-gcm", EVP_aes_256_gcm},
-diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index 852b76bea69988e0b3ac76a17b603128f239dde0..d443f4dc2daea0b7aa86ae75d31d995fae667ba9 100644
---- a/decrepit/evp/evp_do_all.c
-+++ b/decrepit/evp/evp_do_all.c
-@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
-                                                const char *unused, void *arg),
-                               void *arg) {
-   callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
-+  callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
-   callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
-   callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
-+  callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
-   callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
-   callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
-   callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
-@@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
- 
-   // OpenSSL returns everything twice, the second time in lower case.
-   callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
-+  callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
-   callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
-   callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
-+  callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
-   callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
-   callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
-   callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
-diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
-index 310d7c237fd884ba715e3fa97ccf1393b6d04fbb..66e69d487fbb767438b7d0dfdf3770f54e3cf7b2 100644
---- a/include/openssl/cipher.h
-+++ b/include/openssl/cipher.h
-@@ -476,6 +476,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
- 
- // EVP_aes_128_cfb128 is only available in decrepit.
- OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
-+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
- 
- // EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is only available in
- // decrepit.

patches/boringssl/expose_blowfish_ciphers.patch

@@ -1,47 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jeremy Rose <nornagon@nornagon.net>
-Date: Wed, 5 Jan 2022 13:08:10 -0800
-Subject: expose blowfish ciphers
-
-This exposes the (decrepit) blowfish cipher family, bf-cbc, bf-cfb and
-bf-ecb through the EVP interface. This adds references to decrepit code
-from non-decrepit code, so upstream is unlikely to take the patch.
-
-diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
-index cfdb69e3c556fea11aa7c2d28d4b7da524df15c3..95bd172c99874610ec9157c52df4fe0232e78c7f 100644
---- a/crypto/cipher_extra/cipher_extra.c
-+++ b/crypto/cipher_extra/cipher_extra.c
-@@ -89,6 +89,9 @@ static const struct {
-     {NID_aes_256_ecb, "aes-256-ecb", EVP_aes_256_ecb},
-     {NID_aes_256_gcm, "aes-256-gcm", EVP_aes_256_gcm},
-     {NID_aes_256_ofb128, "aes-256-ofb", EVP_aes_256_ofb},
-+    {NID_bf_cbc, "bf-cbc", EVP_bf_cbc},
-+    {NID_bf_cfb64, "bf-cfb", EVP_bf_cfb},
-+    {NID_bf_ecb, "bf-ecb", EVP_bf_ecb},
-     {NID_des_cbc, "des-cbc", EVP_des_cbc},
-     {NID_des_ecb, "des-ecb", EVP_des_ecb},
-     {NID_des_ede_cbc, "des-ede-cbc", EVP_des_ede_cbc},
-diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index 5e71420b765019edea82a33884ace539cd91bda5..43fc792697519325725e9ce87801c5dc176c70a1 100644
---- a/decrepit/evp/evp_do_all.c
-+++ b/decrepit/evp/evp_do_all.c
-@@ -36,6 +36,9 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
-   callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg);
-   callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg);
-   callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg);
-+  callback(EVP_bf_cbc(), "BF-CBC", NULL, arg);
-+  callback(EVP_bf_cfb(), "BF-CFB", NULL, arg);
-+  callback(EVP_bf_ecb(), "BF-ECB", NULL, arg);
-   callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
-   callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
-   callback(EVP_des_ede(), "DES-EDE", NULL, arg);
-@@ -63,6 +66,9 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
-   callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg);
-   callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg);
-   callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg);
-+  callback(EVP_bf_cbc(), "bf-cbc", NULL, arg);
-+  callback(EVP_bf_cfb(), "bf-cfb", NULL, arg);
-+  callback(EVP_bf_ecb(), "bf-ecb", NULL, arg);
-   callback(EVP_des_cbc(), "des-cbc", NULL, arg);
-   callback(EVP_des_ecb(), "des-ecb", NULL, arg);
-   callback(EVP_des_ede(), "des-ede", NULL, arg);

patches/boringssl/expose_des-ede3.patch

@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jeremy Rose <nornagon@nornagon.net>
-Date: Wed, 24 Feb 2021 11:08:34 -0800
-Subject: expose des-ede3
-
-This should be upstreamed.
-
-diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
-index 0c30b0329d32b94b22f342f95035e927797d0aaf..d97f67fb03756169446edf6b41d3a33fe3ae8205 100644
---- a/crypto/cipher_extra/cipher_extra.c
-+++ b/crypto/cipher_extra/cipher_extra.c
-@@ -93,6 +93,7 @@ static const struct {
-     {NID_des_ecb, "des-ecb", EVP_des_ecb},
-     {NID_des_ede_cbc, "des-ede-cbc", EVP_des_ede_cbc},
-     {NID_des_ede_ecb, "des-ede", EVP_des_ede},
-+    {NID_des_ede3_ecb, "des-ede3", EVP_des_ede3},
-     {NID_des_ede3_cbc, "des-ede3-cbc", EVP_des_ede3_cbc},
-     {NID_rc2_cbc, "rc2-cbc", EVP_rc2_cbc},
-     {NID_rc4, "rc4", EVP_rc4},
-diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
-index d443f4dc2daea0b7aa86ae75d31d995fae667ba9..5e71420b765019edea82a33884ace539cd91bda5 100644
---- a/decrepit/evp/evp_do_all.c
-+++ b/decrepit/evp/evp_do_all.c
-@@ -39,6 +39,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
-   callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
-   callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
-   callback(EVP_des_ede(), "DES-EDE", NULL, arg);
-+  callback(EVP_des_ede3(), "DES-EDE3", NULL, arg);
-   callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg);
-   callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg);
-   callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg);
-@@ -65,6 +66,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
-   callback(EVP_des_cbc(), "des-cbc", NULL, arg);
-   callback(EVP_des_ecb(), "des-ecb", NULL, arg);
-   callback(EVP_des_ede(), "des-ede", NULL, arg);
-+  callback(EVP_des_ede3(), "des-ede3", NULL, arg);
-   callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg);
-   callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg);
-   callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);

patches/boringssl/feat_expose_several_extra_cipher_functions.patch

@@ -0,0 +1,131 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Wed, 31 May 2023 11:36:48 +0200
+Subject: feat: expose several extra cipher functions
+
+This patch exposes the following ciphers:
+
+AES_CFB Ciphers: aes-128-cfb, aes-256-cfb
+
+Implementations for these ciphers exist but aren't exposed, so they're
+unusable without this patch. We should upstream this as similar
+patches for implemented cipher functions have been accepted.
+
+Blowfish Ciphers: bf-cbc, bf-cfb, bf-ecb
+
+The addition of Blowfish ciphers adds references decrepit code
+from non-decrepit code, so upstream is unlikely to take the patch.
+
+DES Ciphers: des-ede3
+
+An implementation for this cipher exists but isn't exposed, so it's
+unusable without this patch. Akin to the AES_CFB exposures, we should
+upstream this as similar patches for implemented cipher functions have
+been accepted.
+
+RC2 Ciphers: rc2-40-cbc
+
+It's unclear whether this would be accepted upstream. We should try regardless.
+
+diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
+index 62850ab6a216d401d023f81007fb59a33b4585f3..95bd172c99874610ec9157c52df4fe0232e78c7f 100644
+--- a/crypto/cipher_extra/cipher_extra.c
++++ b/crypto/cipher_extra/cipher_extra.c
+@@ -73,6 +73,7 @@ static const struct {
+   const EVP_CIPHER *(*func)(void);
+ } kCiphers[] = {
+     {NID_aes_128_cbc, "aes-128-cbc", EVP_aes_128_cbc},
++    {NID_aes_128_cfb128, "aes-128-cfb", EVP_aes_128_cfb128},
+     {NID_aes_128_ctr, "aes-128-ctr", EVP_aes_128_ctr},
+     {NID_aes_128_ecb, "aes-128-ecb", EVP_aes_128_ecb},
+     {NID_aes_128_gcm, "aes-128-gcm", EVP_aes_128_gcm},
+@@ -83,17 +84,23 @@ static const struct {
+     {NID_aes_192_gcm, "aes-192-gcm", EVP_aes_192_gcm},
+     {NID_aes_192_ofb128, "aes-192-ofb", EVP_aes_192_ofb},
+     {NID_aes_256_cbc, "aes-256-cbc", EVP_aes_256_cbc},
++    {NID_aes_256_cfb128, "aes-256-cfb", EVP_aes_256_cfb128},
+     {NID_aes_256_ctr, "aes-256-ctr", EVP_aes_256_ctr},
+     {NID_aes_256_ecb, "aes-256-ecb", EVP_aes_256_ecb},
+     {NID_aes_256_gcm, "aes-256-gcm", EVP_aes_256_gcm},
+     {NID_aes_256_ofb128, "aes-256-ofb", EVP_aes_256_ofb},
++    {NID_bf_cbc, "bf-cbc", EVP_bf_cbc},
++    {NID_bf_cfb64, "bf-cfb", EVP_bf_cfb},
++    {NID_bf_ecb, "bf-ecb", EVP_bf_ecb},
+     {NID_des_cbc, "des-cbc", EVP_des_cbc},
+     {NID_des_ecb, "des-ecb", EVP_des_ecb},
+     {NID_des_ede_cbc, "des-ede-cbc", EVP_des_ede_cbc},
+     {NID_des_ede_ecb, "des-ede", EVP_des_ede},
++    {NID_des_ede3_ecb, "des-ede3", EVP_des_ede3},
+     {NID_des_ede3_cbc, "des-ede3-cbc", EVP_des_ede3_cbc},
+     {NID_rc2_cbc, "rc2-cbc", EVP_rc2_cbc},
+     {NID_rc4, "rc4", EVP_rc4},
++    {NID_rc2_40_cbc, "rc2-40-cbc", EVP_rc2_40_cbc}
+ };
+ 
+ const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
+diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
+index 852b76bea69988e0b3ac76a17b603128f239dde0..43fc792697519325725e9ce87801c5dc176c70a1 100644
+--- a/decrepit/evp/evp_do_all.c
++++ b/decrepit/evp/evp_do_all.c
+@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+                                                const char *unused, void *arg),
+                               void *arg) {
+   callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
++  callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
+   callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
+   callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
++  callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
+   callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
+   callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
+   callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
+@@ -34,9 +36,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+   callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg);
+   callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg);
+   callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg);
++  callback(EVP_bf_cbc(), "BF-CBC", NULL, arg);
++  callback(EVP_bf_cfb(), "BF-CFB", NULL, arg);
++  callback(EVP_bf_ecb(), "BF-ECB", NULL, arg);
+   callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
+   callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
+   callback(EVP_des_ede(), "DES-EDE", NULL, arg);
++  callback(EVP_des_ede3(), "DES-EDE3", NULL, arg);
+   callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg);
+   callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg);
+   callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg);
+@@ -44,8 +50,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+ 
+   // OpenSSL returns everything twice, the second time in lower case.
+   callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
++  callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
+   callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
+   callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
++  callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
+   callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
+   callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
+   callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
+@@ -58,9 +66,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+   callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg);
+   callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg);
+   callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg);
++  callback(EVP_bf_cbc(), "bf-cbc", NULL, arg);
++  callback(EVP_bf_cfb(), "bf-cfb", NULL, arg);
++  callback(EVP_bf_ecb(), "bf-ecb", NULL, arg);
+   callback(EVP_des_cbc(), "des-cbc", NULL, arg);
+   callback(EVP_des_ecb(), "des-ecb", NULL, arg);
+   callback(EVP_des_ede(), "des-ede", NULL, arg);
++  callback(EVP_des_ede3(), "des-ede3", NULL, arg);
+   callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg);
+   callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg);
+   callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);
+diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
+index 310d7c237fd884ba715e3fa97ccf1393b6d04fbb..66e69d487fbb767438b7d0dfdf3770f54e3cf7b2 100644
+--- a/include/openssl/cipher.h
++++ b/include/openssl/cipher.h
+@@ -476,6 +476,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
+ 
+ // EVP_aes_128_cfb128 is only available in decrepit.
+ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
++OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
+ 
+ // EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is only available in
+ // decrepit.

patches/boringssl/fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch

@@ -1,25 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <shelley.vohr@gmail.com>
-Date: Mon, 28 Jun 2021 10:41:09 +0200
-Subject: fix: sync EVP_get_cipherbynid and EVP_get_cipherbyname
-
-This commit syncs the results of EVP_get_cipherbynid and
-EVP_get_cipherbyname. Node.js logic assumes that calling EVP_get_cipherbynid
-on a NID returned from a call to `getCipherInfo` with the cipher name
-will return the same cipher information - this assumption holds in OpenSSL
-and should also hold in BoringSSL.
-
-This will be upstreamed.
-
-diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
-index d97f67fb03756169446edf6b41d3a33fe3ae8205..cfdb69e3c556fea11aa7c2d28d4b7da524df15c3 100644
---- a/crypto/cipher_extra/cipher_extra.c
-+++ b/crypto/cipher_extra/cipher_extra.c
-@@ -97,6 +97,7 @@ static const struct {
-     {NID_des_ede3_cbc, "des-ede3-cbc", EVP_des_ede3_cbc},
-     {NID_rc2_cbc, "rc2-cbc", EVP_rc2_cbc},
-     {NID_rc4, "rc4", EVP_rc4},
-+    {NID_rc2_40_cbc, "rc2-40-cbc", EVP_rc2_40_cbc}
- };
- 
- const EVP_CIPHER *EVP_get_cipherbynid(int nid) {

patches/chromium/build_do_not_depend_on_packed_resource_integrity.patch

@@ -33,10 +33,10 @@ index f9e148eb5b5a9a1da534f5db19227e327282eac0..d95ba090ae13b036b694724d95834e5a
            "//base",
            "//build:branding_buildflags",
 diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
-index 6780e7770a9fea5578f923f6e7d4ba9778d39f3e..fa413b9cbcd1290e219784d4c6e9f94125433634 100644
+index acf48b7ffd061192c202893ebd1ba09b4df00187..27f5760aadd3a6892175a007b0ed71950bca2983 100644
 --- a/chrome/browser/BUILD.gn
 +++ b/chrome/browser/BUILD.gn
-@@ -4591,7 +4591,7 @@ static_library("browser") {
+@@ -4595,7 +4595,7 @@ static_library("browser") {
  
      # On Windows, the hashes are embedded in //chrome:chrome_initial rather
      # than here in :chrome_dll.
@@ -46,10 +46,10 @@ index 6780e7770a9fea5578f923f6e7d4ba9778d39f3e..fa413b9cbcd1290e219784d4c6e9f941
        sources += [ "certificate_viewer_stub.cc" ]
      }
 diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
-index d082159704a95fe7c930f0e5c1d038beff34f58c..336de455835baad241262f88c3ca68f1a95f9f57 100644
+index d6515aedf07677dd10c85acecb17877b041abb7f..15197af41fff21200f70cb6b88448cf173785474 100644
 --- a/chrome/test/BUILD.gn
 +++ b/chrome/test/BUILD.gn
-@@ -6424,7 +6424,6 @@ test("unit_tests") {
+@@ -6423,7 +6423,6 @@ test("unit_tests") {
  
      deps += [
        "//chrome:other_version",
@@ -57,7 +57,7 @@ index d082159704a95fe7c930f0e5c1d038beff34f58c..336de455835baad241262f88c3ca68f1
        "//chrome//services/util_win:unit_tests",
        "//chrome/app:chrome_dll_resources",
        "//chrome/app:win_unit_tests",
-@@ -6450,6 +6449,10 @@ test("unit_tests") {
+@@ -6449,6 +6448,10 @@ test("unit_tests") {
        "//ui/resources",
      ]
  
@@ -68,7 +68,7 @@ index d082159704a95fe7c930f0e5c1d038beff34f58c..336de455835baad241262f88c3ca68f1
      ldflags = [
        "/DELAYLOAD:api-ms-win-core-winrt-error-l1-1-0.dll",
        "/DELAYLOAD:api-ms-win-core-winrt-l1-1-0.dll",
-@@ -7387,7 +7390,6 @@ test("unit_tests") {
+@@ -7389,7 +7392,6 @@ test("unit_tests") {
      }
  
      deps += [
@@ -76,7 +76,7 @@ index d082159704a95fe7c930f0e5c1d038beff34f58c..336de455835baad241262f88c3ca68f1
        "//chrome/browser/apps:icon_standardizer",
        "//chrome/browser/apps/app_service",
        "//chrome/browser/apps/app_service:test_support",
-@@ -7468,6 +7470,10 @@ test("unit_tests") {
+@@ -7470,6 +7472,10 @@ test("unit_tests") {
        "//ui/webui/resources/js/browser_command:mojo_bindings",
      ]
  

patches/chromium/build_only_use_the_mas_build_config_in_the_required_components.patch

@@ -6,7 +6,7 @@ Subject: build: only use the mas build config in the required components
 Before landing this patch should be split into the relevant MAS patches, or at least the patch this one partially reverts
 
 diff --git a/base/BUILD.gn b/base/BUILD.gn
-index 425cb0ab0af169222d29794310167557dbbc8da2..2cec28651ee9e0a70ddf5a785f2259abedbb7f52 100644
+index 8417fcda40d49733b5fa6cac56e6caf623efc237..ff3d085f931ae822b2fe8d0eb2c822f0e9ac0d95 100644
 --- a/base/BUILD.gn
 +++ b/base/BUILD.gn
 @@ -1032,6 +1032,7 @@ component("base") {
@@ -88,10 +88,10 @@ index ab9889dc4d631df1ddc61565eb0fe35c06e45b72..416b801add9b122a0c8d9747bf46f009
    libs = []
    frameworks = []
 diff --git a/content/common/BUILD.gn b/content/common/BUILD.gn
-index 90e39f11ef8d0755a1d9823a7783cd7124819e91..53994eaa27dbcf7b4ee9d60056db737cd2db6fd7 100644
+index a164080599beb28449c6bda91a0f7373c6434019..44750c770ff445cf1b38da27922caa94357baac0 100644
 --- a/content/common/BUILD.gn
 +++ b/content/common/BUILD.gn
-@@ -171,6 +171,7 @@ source_set("common") {
+@@ -170,6 +170,7 @@ source_set("common") {
      "//content:content_implementation",
      "//build/config:precompiled_headers",
    ]

patches/chromium/can_create_window.patch

@@ -9,10 +9,10 @@ potentially prevent a window from being created.
 TODO(loc): this patch is currently broken.
 
 diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
-index 3fed38a2433b4a65f57673037c7402b69aeed429..6b3b52e10c02373e0a87d05eec1d7a143e826864 100644
+index 5afe83c262bcd2cc9dd93d22807ef1cf2350e583..3ac38d7ed50be9ba1670bb2863475a192baacc3a 100644
 --- a/content/browser/renderer_host/render_frame_host_impl.cc
 +++ b/content/browser/renderer_host/render_frame_host_impl.cc
-@@ -7758,6 +7758,7 @@ void RenderFrameHostImpl::CreateNewWindow(
+@@ -7776,6 +7776,7 @@ void RenderFrameHostImpl::CreateNewWindow(
            last_committed_origin_, params->window_container_type,
            params->target_url, params->referrer.To<Referrer>(),
            params->frame_name, params->disposition, *params->features,
@@ -21,10 +21,10 @@ index 3fed38a2433b4a65f57673037c7402b69aeed429..6b3b52e10c02373e0a87d05eec1d7a14
            &no_javascript_access);
  
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index e4f917be1206411bada8e4677497a95668c64c95..afdf6c98157797bfbbabd381daa42ad22d7a63d0 100644
+index db08fe0124e425b039d76cb28653113af9e17d8e..941450ac84b3580f899dd7c286c3c276d2fba888 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -4161,6 +4161,12 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -4164,6 +4164,12 @@ FrameTree* WebContentsImpl::CreateNewWindow(
  
    auto* new_contents_impl = new_contents.get();
  
@@ -37,7 +37,7 @@ index e4f917be1206411bada8e4677497a95668c64c95..afdf6c98157797bfbbabd381daa42ad2
    // If the new frame has a name, make sure any SiteInstances that can find
    // this named frame have proxies for it.  Must be called after
    // SetSessionStorageNamespace, since this calls CreateRenderView, which uses
-@@ -4202,12 +4208,6 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -4205,12 +4211,6 @@ FrameTree* WebContentsImpl::CreateNewWindow(
      AddWebContentsDestructionObserver(new_contents_impl);
    }
  

patches/chromium/chore_provide_iswebcontentscreationoverridden_with_full_params.patch

@@ -218,10 +218,10 @@ index 4e32d708ecf4afd3913d86ec1602ef2dc9a60998..1dd2f50fba1387b5eeb554dd540957d7
    void AddNewContents(content::WebContents* source,
                        std::unique_ptr<content::WebContents> new_contents,
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index bbfe0f02522fdf13898b5b9183d1c9b5a47cfa30..4e32ad1cfa069d3446d8c88bb16c8af631db7a63 100644
+index 5c46e1429f1c2d6c19e112d9e13ca105d7067b04..031a8409bc13e6f65ca94811f860e07d14efc8e4 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -4068,8 +4068,7 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -4071,8 +4071,7 @@ FrameTree* WebContentsImpl::CreateNewWindow(
  
    if (delegate_ && delegate_->IsWebContentsCreationOverridden(
                         source_site_instance, params.window_container_type,

patches/chromium/fix_allow_guest_webcontents_to_enter_fullscreen.patch

@@ -6,10 +6,10 @@ Subject: fix: allow guest webcontents to enter fullscreen
 This can be upstreamed, a guest webcontents can't technically become the focused webContents. This DCHECK should allow all guest webContents to request fullscreen entrance.
 
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index a08ab949b596768bfff777d47130728ff9054837..be55f859e39fcaf45d0c3000432abb3110b981b3 100644
+index 57a4cd485f53c0b1f373b3563635d8b529755511..36dc0614de108db66f7fe7760017cd1cdc4499c6 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -3589,7 +3589,7 @@ void WebContentsImpl::EnterFullscreenMode(
+@@ -3592,7 +3592,7 @@ void WebContentsImpl::EnterFullscreenMode(
    OPTIONAL_TRACE_EVENT0("content", "WebContentsImpl::EnterFullscreenMode");
    DCHECK(CanEnterFullscreenMode(requesting_frame, options));
    DCHECK(requesting_frame->IsActive());

patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch

@@ -17,10 +17,10 @@ policy->CanCommitOriginAndUrl.
 Upstreamed at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
 
 diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
-index c7cc3b8472d432a3f6f4ffd75ecb20e9f2ddd8f6..d0f07ecdc9fae8d7c38a34ef071b79b97c080e5b 100644
+index a2530d474b6061583156ad4323959b8683d20e8e..40c2dd985007a4b4b408814391834eec6e3bc123 100644
 --- a/content/browser/renderer_host/navigation_request.cc
 +++ b/content/browser/renderer_host/navigation_request.cc
-@@ -7370,10 +7370,11 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
+@@ -7376,10 +7376,11 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
    if (IsForMhtmlSubframe())
      return origin_with_debug_info;
  
@@ -37,7 +37,7 @@ index c7cc3b8472d432a3f6f4ffd75ecb20e9f2ddd8f6..d0f07ecdc9fae8d7c38a34ef071b79b9
  }
  
 diff --git a/content/browser/renderer_host/render_frame_host_impl.h b/content/browser/renderer_host/render_frame_host_impl.h
-index f76cb6dcdd90d75f2cb64798efce245c65b3f839..c095093cf0e0883205703050ddd68ebc436f963a 100644
+index 0c61e60b8a113742936e899bfda9a517d0f83b0d..c1aee126ccfa1704b6086ed564fbb705f122746b 100644
 --- a/content/browser/renderer_host/render_frame_host_impl.h
 +++ b/content/browser/renderer_host/render_frame_host_impl.h
 @@ -2911,6 +2911,17 @@ class CONTENT_EXPORT RenderFrameHostImpl
@@ -58,7 +58,7 @@ index f76cb6dcdd90d75f2cb64798efce245c65b3f839..c095093cf0e0883205703050ddd68ebc
    // Sets a ResourceCache in the renderer. `this` must be active and there must
    // be no pending navigation. `remote` must have the same and process
    // isolation policy.
-@@ -3268,17 +3279,6 @@ class CONTENT_EXPORT RenderFrameHostImpl
+@@ -3274,17 +3285,6 @@ class CONTENT_EXPORT RenderFrameHostImpl
    // relevant.
    void ResetWaitingState();
  

patches/chromium/fix_expose_decrementcapturercount_in_web_contents_impl.patch

@@ -8,7 +8,7 @@ we invoke it in order to expose contents.decrementCapturerCount([stayHidden, sta
 to users. We should try to upstream this.
 
 diff --git a/content/browser/web_contents/web_contents_impl.h b/content/browser/web_contents/web_contents_impl.h
-index 69f9ffbf4826421491118a0b200d6c71e41f8950..c3b7f6fa146ac335b0d18a749a61600cf8241c8d 100644
+index 03107cd964576176fe57771057cf78415c59b829..03f748c1d846a964e990c802188167f0d3a4ad4f 100644
 --- a/content/browser/web_contents/web_contents_impl.h
 +++ b/content/browser/web_contents/web_contents_impl.h
 @@ -1860,7 +1860,7 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,
@@ -21,7 +21,7 @@ index 69f9ffbf4826421491118a0b200d6c71e41f8950..c3b7f6fa146ac335b0d18a749a61600c
    // Calculates the PageVisibilityState for |visibility|, taking the capturing
    // state into account.
 diff --git a/content/public/browser/web_contents.h b/content/public/browser/web_contents.h
-index 86cb0de1e87a444bdd8d00bc2a981a8abbb94234..33d3af13ec5c243828412671a198070d09ad895d 100644
+index 0bc1ed5c7f60996be36b6812184827775431514a..43ae4c099be46d1e11f757aa6e7379a5008b1cad 100644
 --- a/content/public/browser/web_contents.h
 +++ b/content/public/browser/web_contents.h
 @@ -702,6 +702,10 @@ class WebContents : public PageNavigator,

patches/chromium/fix_non-client_mouse_tracking_and_message_bubbling_on_windows.patch

@@ -13,10 +13,10 @@ messages in the legacy window handle layer.
 These conditions are regularly hit with WCO-enabled windows on Windows.
 
 diff --git a/content/browser/renderer_host/legacy_render_widget_host_win.cc b/content/browser/renderer_host/legacy_render_widget_host_win.cc
-index 89bcbe4a8d5e0f3e1fce7d87f4ac58abc68ef9a0..89a1b8131174f96af7304c0a6d3205f0954eed45 100644
+index c7bc52f1b54249e497a7f60e0bf7106d345b5ef6..bea43ee34da9869aec30dec4dc08ffd9d8af25a8 100644
 --- a/content/browser/renderer_host/legacy_render_widget_host_win.cc
 +++ b/content/browser/renderer_host/legacy_render_widget_host_win.cc
-@@ -316,12 +316,12 @@ LRESULT LegacyRenderWidgetHostHWND::OnMouseRange(UINT message,
+@@ -318,12 +318,12 @@ LRESULT LegacyRenderWidgetHostHWND::OnMouseRange(UINT message,
                                                   WPARAM w_param,
                                                   LPARAM l_param,
                                                   BOOL& handled) {
@@ -31,7 +31,7 @@ index 89bcbe4a8d5e0f3e1fce7d87f4ac58abc68ef9a0..89a1b8131174f96af7304c0a6d3205f0
        tme.hwndTrack = hwnd();
        tme.dwHoverTime = 0;
        TrackMouseEvent(&tme);
-@@ -352,7 +352,10 @@ LRESULT LegacyRenderWidgetHostHWND::OnMouseRange(UINT message,
+@@ -354,7 +354,10 @@ LRESULT LegacyRenderWidgetHostHWND::OnMouseRange(UINT message,
      // out of the picture.
      if (!handled &&
           (message >= WM_NCMOUSEMOVE && message <= WM_NCXBUTTONDBLCLK)) {

patches/chromium/fix_on-screen-keyboard_hides_on_input_blur_in_webview.patch

@@ -45,10 +45,10 @@ index 2ca4e42342ff6bf3f2ad104208944e36d572aa3c..7421cc779873b580d6f5a109d57ff744
    // RenderFrameMetadataProvider::Observer implementation.
    void OnRenderFrameMetadataChangedBeforeActivation(
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index be55f859e39fcaf45d0c3000432abb3110b981b3..66ac9d01f99a07a5686babca10f0fee9e5a93743 100644
+index 36dc0614de108db66f7fe7760017cd1cdc4499c6..67094d6c1a557f6b0c812eedd80b369bd41afdc3 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -8092,7 +8092,7 @@ void WebContentsImpl::OnFocusedElementChangedInFrame(
+@@ -8095,7 +8095,7 @@ void WebContentsImpl::OnFocusedElementChangedInFrame(
                          "WebContentsImpl::OnFocusedElementChangedInFrame",
                          "render_frame_host", frame);
    RenderWidgetHostViewBase* root_view =

patches/chromium/port_autofill_colors_to_the_color_pipeline.patch

@@ -31,10 +31,10 @@ index ce4e2f4e7914fd0ba6218bd992c41b013caef828..79d3418cec7bf1bd24be98768b2574c1
  
  #if BUILDFLAG(IS_CHROMEOS)
 diff --git a/ui/color/ui_color_mixer.cc b/ui/color/ui_color_mixer.cc
-index 5120d66f48ecb760080979f860219c182ab81782..35422cb82a42063918dda6ccaf2a7042722390dc 100644
+index 6b694d60a6c23f2fa21bdf0b9f43d330c1e79dd3..889428c41f74796d31e5c935ad9639f01d83d709 100644
 --- a/ui/color/ui_color_mixer.cc
 +++ b/ui/color/ui_color_mixer.cc
-@@ -218,6 +218,17 @@ void AddUiColorMixer(ColorProvider* provider,
+@@ -206,6 +206,17 @@ void AddUiColorMixer(ColorProvider* provider,
                                              : SkColorSetA(SK_ColorBLACK, 0x80)};
    mixer[kColorScrollbarTrack] = {dark_mode ? SkColorSetRGB(0x42, 0x42, 0x42)
                                             : SkColorSetRGB(0xF1, 0xF1, 0xF1)};
@@ -52,7 +52,7 @@ index 5120d66f48ecb760080979f860219c182ab81782..35422cb82a42063918dda6ccaf2a7042
    mixer[kColorSeparator] = {kColorMidground};
    mixer[kColorShadowBase] = {dark_mode ? SK_ColorBLACK : gfx::kGoogleGrey800};
    mixer[kColorShadowValueAmbientShadowElevationThree] =
-@@ -315,6 +326,7 @@ void AddUiColorMixer(ColorProvider* provider,
+@@ -303,6 +314,7 @@ void AddUiColorMixer(ColorProvider* provider,
    mixer[kColorTreeNodeForegroundSelectedFocused] = {kColorTreeNodeForeground};
    mixer[kColorTreeNodeForegroundSelectedUnfocused] = {
        kColorTreeNodeForegroundSelectedFocused};

patches/chromium/refactor_expose_cursor_changes_to_the_webcontentsobserver.patch

@@ -43,10 +43,10 @@ index 347b8d89a2ecaa6baa4779f650b8af49a6d6d118..07b6f899132ab4b94fb9474d441461c8
  
  void RenderWidgetHostImpl::ShowContextMenuAtPoint(
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index afdf6c98157797bfbbabd381daa42ad22d7a63d0..bbfe0f02522fdf13898b5b9183d1c9b5a47cfa30 100644
+index 941450ac84b3580f899dd7c286c3c276d2fba888..5c46e1429f1c2d6c19e112d9e13ca105d7067b04 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -4753,6 +4753,11 @@ TextInputManager* WebContentsImpl::GetTextInputManager() {
+@@ -4756,6 +4756,11 @@ TextInputManager* WebContentsImpl::GetTextInputManager() {
    return text_input_manager_.get();
  }
  
@@ -59,7 +59,7 @@ index afdf6c98157797bfbbabd381daa42ad22d7a63d0..bbfe0f02522fdf13898b5b9183d1c9b5
      RenderWidgetHostImpl* render_widget_host) {
    return render_widget_host == GetPrimaryMainFrame()->GetRenderWidgetHost();
 diff --git a/content/browser/web_contents/web_contents_impl.h b/content/browser/web_contents/web_contents_impl.h
-index ea889f23e73044b6812c7e514956bee89ebb9396..69f9ffbf4826421491118a0b200d6c71e41f8950 100644
+index 137062123e22e874909c0723eb85bb6fb89acabc..03107cd964576176fe57771057cf78415c59b829 100644
 --- a/content/browser/web_contents/web_contents_impl.h
 +++ b/content/browser/web_contents/web_contents_impl.h
 @@ -972,6 +972,7 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,

patches/chromium/web_contents.patch

@@ -9,10 +9,10 @@ is needed for OSR.
 Originally landed in https://github.com/electron/libchromiumcontent/pull/226.
 
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index 4e32ad1cfa069d3446d8c88bb16c8af631db7a63..a08ab949b596768bfff777d47130728ff9054837 100644
+index 031a8409bc13e6f65ca94811f860e07d14efc8e4..57a4cd485f53c0b1f373b3563635d8b529755511 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -3207,6 +3207,13 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params,
+@@ -3210,6 +3210,13 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params,
        params.main_frame_name, GetOpener(), primary_main_frame_policy,
        base::UnguessableToken::Create());
  
@@ -26,7 +26,7 @@ index 4e32ad1cfa069d3446d8c88bb16c8af631db7a63..a08ab949b596768bfff777d47130728f
    std::unique_ptr<WebContentsViewDelegate> delegate =
        GetContentClient()->browser()->GetWebContentsViewDelegate(this);
  
-@@ -3217,6 +3224,7 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params,
+@@ -3220,6 +3227,7 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params,
      view_ = CreateWebContentsView(this, std::move(delegate),
                                    &render_view_host_delegate_view_);
    }
@@ -35,7 +35,7 @@ index 4e32ad1cfa069d3446d8c88bb16c8af631db7a63..a08ab949b596768bfff777d47130728f
    CHECK(view_.get());
  
 diff --git a/content/public/browser/web_contents.h b/content/public/browser/web_contents.h
-index 8baf744895c941df36d770ad17fca925a1dfd45f..86cb0de1e87a444bdd8d00bc2a981a8abbb94234 100644
+index 0e569ca1377aa1d378574612c82885b1fd9eef73..0bc1ed5c7f60996be36b6812184827775431514a 100644
 --- a/content/public/browser/web_contents.h
 +++ b/content/public/browser/web_contents.h
 @@ -96,10 +96,13 @@ class BrowserContext;

patches/chromium/webview_fullscreen.patch

@@ -14,10 +14,10 @@ Note that we also need to manually update embedder's
 `api::WebContents::IsFullscreenForTabOrPending` value.
 
 diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
-index 6b3b52e10c02373e0a87d05eec1d7a143e826864..6af93d94eca3ac445c558053c2e7d789dce12351 100644
+index 3ac38d7ed50be9ba1670bb2863475a192baacc3a..820afdd8c73b6dbcf3aceba38af2cf0e202bd49a 100644
 --- a/content/browser/renderer_host/render_frame_host_impl.cc
 +++ b/content/browser/renderer_host/render_frame_host_impl.cc
-@@ -6979,6 +6979,17 @@ void RenderFrameHostImpl::EnterFullscreen(
+@@ -6997,6 +6997,17 @@ void RenderFrameHostImpl::EnterFullscreen(
      }
    }
  

patches/node/build_add_gn_build_files.patch

@@ -974,10 +974,10 @@ index 0000000000000000000000000000000000000000..bfbd4e656db1a6c73048443f96f1d576
 +}
 diff --git a/deps/uv/BUILD.gn b/deps/uv/BUILD.gn
 new file mode 100644
-index 0000000000000000000000000000000000000000..d6bed57461820ce08391fc424a1f842bd282fa75
+index 0000000000000000000000000000000000000000..e90becfab51beb090394db9d3c94d73e546b39ef
 --- /dev/null
 +++ b/deps/uv/BUILD.gn
-@@ -0,0 +1,196 @@
+@@ -0,0 +1,198 @@
 +config("libuv_config") {
 +  include_dirs = [ "include" ]
 +
@@ -1047,6 +1047,8 @@ index 0000000000000000000000000000000000000000..d6bed57461820ce08391fc424a1f842b
 +    "src/random.c",
 +    "src/strscpy.c",
 +    "src/strscpy.h",
++    "src/strtok.c",
++    "src/strtok.h",
 +    "src/threadpool.c",
 +    "src/timer.c",
 +    "src/uv-common.c",

patches/v8/.patches

@@ -8,4 +8,4 @@ fix_build_deprecated_attribute_for_older_msvc_versions.patch
 fix_disable_implies_dcheck_for_node_stream_array_buffers.patch
 force_cppheapcreateparams_to_be_noncopyable.patch
 chore_allow_customizing_microtask_policy_per_context.patch
-build_revert_builtins_pgo.patch
+fix_set_proper_instruction_start_for_builtin.patch

patches/v8/build_revert_builtins_pgo.patch

@@ -1,71 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Keeley Hammond <vertedinde@electronjs.org>
-Date: Tue, 9 May 2023 11:44:16 -0700
-Subject: build: revert "Reland "[builtins-pgo] Enable builtins PGO for Windows
- and gcc builds""
-
-This reverts commit be04b76419b55d47a696d2c9417baa0ab7d6462b.
-
-This commit causes build failures on release builds across platforms. This patch
-can be removed when 1) the issue is resolved with Chromium upstream or
-2) when Electron disables builtins PGO.
-
-diff --git a/BUILD.gn b/BUILD.gn
-index 2dc5737260d544460e00b037fe62d3ecf846d46d..7434814cc3ec451a33106a8aec9648427f7d3bbb 100644
---- a/BUILD.gn
-+++ b/BUILD.gn
-@@ -578,30 +578,20 @@ if (v8_builtins_profiling_log_file == "default") {
-   #   are accessed,
-   # * v8_enable_webassembly because it changes the set of opcodes which affects
-   #   graphs hashes,
-+  # * !is_clang because it might affect argument evaluation order, which
-+  #    makes node IDs not predictable for subgraphs like Op1(Op2(), Op3()) and
-+  #    as a result different graph hash.
-   if (v8_enable_builtins_optimization && !v8_enable_builtins_profiling &&
--      !is_debug && !dcheck_always_on && v8_enable_webassembly) {
--    # This is about function arguments evaluation order, which makes node IDs
--    # not predictable for subgraphs like Op1(Op2(), Op3()) and as a result
--    # different graph hashes.
--    # Clang uses left-to-right order everywhere except Windows, otherwise the
--    # order is right-to-left.
--    # TODO(crbug.com/v8/13647): Remove once this issue is fixed in CSA.
--    if (!is_clang || is_win) {
--      pgo_profile_suffix = "-rl"
--    } else {
--      pgo_profile_suffix = ""
--    }
-+      is_clang && !is_debug && !dcheck_always_on && v8_enable_webassembly) {
-     if ((v8_current_cpu == "x64" || v8_current_cpu == "arm64") &&
-         v8_enable_pointer_compression && v8_enable_external_code_space &&
-         v8_enable_sandbox) {
-       # Note, currently x64 profile can be applied to arm64 but not the other
-       # way round.
--      v8_builtins_profiling_log_file =
--          "tools/builtins-pgo/profiles/x64" + pgo_profile_suffix + ".profile"
-+      v8_builtins_profiling_log_file = "tools/builtins-pgo/profiles/x64.profile"
-     } else if (v8_current_cpu == "x86" || v8_current_cpu == "arm") {
-       # Note, x86 profile can be applied to arm but not the other way round.
--      v8_builtins_profiling_log_file =
--          "tools/builtins-pgo/profiles/x86" + pgo_profile_suffix + ".profile"
-+      v8_builtins_profiling_log_file = "tools/builtins-pgo/profiles/x86.profile"
-     }
-   }
- }
-@@ -2266,11 +2256,13 @@ template("run_mksnapshot") {
-       args += [
-         "--turbo-profiling-input",
-         rebase_path(v8_builtins_profiling_log_file, root_build_dir),
--
--        # Replace this with --warn-about-builtin-profile-data to see the full
--        # list of builtins with incompatible profiles.
--        "--abort-on-bad-builtin-profile-data",
-       ]
-+
-+      # Replace this with --warn-about-builtin-profile-data to see the full
-+      # list of builtins with incompatible profiles.
-+      # TODO(crbug.com/v8/13647): Do not fail for invalid profiles
-+      # args += [ "--abort-on-bad-builtin-profile-data" ]
-+      args += [ "--warn-about-builtin-profile-data" ]
-     }
- 
-     # This is needed to distinguish between generating code for the simulator

patches/v8/dcheck.patch

@@ -6,10 +6,10 @@ Subject: dcheck.patch
 https://github.com/auchenberg/volkswagen
 
 diff --git a/src/api/api.cc b/src/api/api.cc
-index 5132e4812e881c26d4f274a2c38a8ee21ede593d..d664893fca9e378853eaaae5b174679dadc75d91 100644
+index 94b44c14c36462b263bcdc7d6c7a585c81edb9fe..a30c50948ab634313f33d5eb96cef98fa671d121 100644
 --- a/src/api/api.cc
 +++ b/src/api/api.cc
-@@ -9896,7 +9896,7 @@ void Isolate::SetPromiseRejectCallback(PromiseRejectCallback callback) {
+@@ -9907,7 +9907,7 @@ void Isolate::SetPromiseRejectCallback(PromiseRejectCallback callback) {
  }
  
  void Isolate::PerformMicrotaskCheckpoint() {

patches/v8/fix_set_proper_instruction_start_for_builtin.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: mjhenkes <mjhenkes@gmail.com>
+Date: Mon, 22 May 2023 15:52:36 -0500
+Subject: Fix: Set proper instruction start for builtin
+
+Added in this CL: https://chromium-review.googlesource.com/c/v8/v8/+/4547712
+
+This patch makes the mksnapshot fix available sooner.
+
+This patch can be removed when v8 reaches version 11.6.21
+
+diff --git a/src/execution/isolate.cc b/src/execution/isolate.cc
+index e6514136101ecbe430693d423d1b92c683e6eb15..1dcc61de1ceae9754cb5e867a04a0721d6aefcb8 100644
+--- a/src/execution/isolate.cc
++++ b/src/execution/isolate.cc
+@@ -3872,14 +3872,16 @@ void FinalizeBuiltinCodeObjects(Isolate* isolate) {
+   DCHECK_NOT_NULL(isolate->embedded_blob_data());
+   DCHECK_NE(0, isolate->embedded_blob_data_size());
+ 
++  EmbeddedData d = EmbeddedData::FromBlob(isolate);
+   HandleScope scope(isolate);
+   static_assert(Builtins::kAllBuiltinsAreIsolateIndependent);
+   for (Builtin builtin = Builtins::kFirst; builtin <= Builtins::kLast;
+        ++builtin) {
+     Handle<Code> old_code = isolate->builtins()->code_handle(builtin);
+-    // Note we use `instruction_start` as given by the old code object (instead
+-    // of asking EmbeddedData) due to MaybeRemapEmbeddedBuiltinsIntoCodeRange.
+-    Address instruction_start = old_code->instruction_start();
++    // Note that `old_code.instruction_start` might point to `old_code`'s
++    // InstructionStream which might be GCed once we replace the old code
++    // with the new code.
++    Address instruction_start = d.InstructionStartOf(builtin);
+     Handle<Code> new_code = isolate->factory()->NewCodeObjectForEmbeddedBuiltin(
+         old_code, instruction_start);
+ 

patches_npm/@octokit+request+6.2.3.patch

@@ -1,26 +0,0 @@
-diff --git a/node_modules/@octokit/request/dist-node/index.js b/node_modules/@octokit/request/dist-node/index.js
-index 11ac3f4..c4d9331 100644
---- a/node_modules/@octokit/request/dist-node/index.js
-+++ b/node_modules/@octokit/request/dist-node/index.js
-@@ -29,7 +29,8 @@ function fetchWrapper(requestOptions) {
-     method: requestOptions.method,
-     body: requestOptions.body,
-     headers: requestOptions.headers,
--    redirect: requestOptions.redirect
-+    redirect: requestOptions.redirect,
-+    ...(requestOptions.body && { duplex: "half" }),
-   },
-   // `requestOptions.request.agent` type is incompatible
-   // see https://github.com/octokit/types.ts/pull/264
-diff --git a/node_modules/@octokit/request/dist-src/fetch-wrapper.js b/node_modules/@octokit/request/dist-src/fetch-wrapper.js
-index 223307a..15114d5 100644
---- a/node_modules/@octokit/request/dist-src/fetch-wrapper.js
-+++ b/node_modules/@octokit/request/dist-src/fetch-wrapper.js
-@@ -21,6 +21,7 @@ export default function fetchWrapper(requestOptions) {
-         body: requestOptions.body,
-         headers: requestOptions.headers,
-         redirect: requestOptions.redirect,
-+        ...(requestOptions.body && { duplex: "half" }),
-     }, 
-     // `requestOptions.request.agent` type is incompatible
-     // see https://github.com/octokit/types.ts/pull/264

script/doc-only-change.js

@@ -3,57 +3,40 @@ const { Octokit } = require('@octokit/rest');
 const octokit = new Octokit();
 
 async function checkIfDocOnlyChange () {
-  if (args.prNumber || args.prBranch || args.prURL) {
+  let { prNumber, prURL } = args;
+
+  if (prNumber || prURL) {
     try {
-      let pullRequestNumber = args.prNumber;
-      if (!pullRequestNumber || isNaN(pullRequestNumber)) {
+      // CircleCI doesn't provide the PR number except on forked PRs,
+      // so to cover all cases we just extract it from the PR URL.
+      if (!prNumber || isNaN(prNumber)) {
         if (args.prURL) {
-          // CircleCI doesn't provide the PR number for branch builds, but it does provide the PR URL
-          const pullRequestParts = args.prURL.split('/');
-          pullRequestNumber = pullRequestParts[pullRequestParts.length - 1];
-        } else if (args.prBranch) {
-          // AppVeyor doesn't provide a PR number for branch builds - figure it out from the branch
-          const prsForBranch = await octokit.pulls.list({
-            owner: 'electron',
-            repo: 'electron',
-            state: 'open',
-            head: `electron:${args.prBranch}`
-          });
-          if (prsForBranch.data.length === 1) {
-            pullRequestNumber = prsForBranch.data[0].number;
-          } else {
-            // If there are 0 PRs or more than one PR on a branch, just assume that this is more than a doc change
-            process.exit(1);
-          }
+          prNumber = prURL.split('/').pop();
         }
       }
+
       const filesChanged = await octokit.paginate(octokit.pulls.listFiles.endpoint.merge({
         owner: 'electron',
         repo: 'electron',
-        pull_number: pullRequestNumber,
+        pull_number: prNumber,
         per_page: 100
       }));
 
-      console.log('Changed Files:', filesChanged.map(fileInfo => fileInfo.filename));
+      console.log('Changed Files: ', filesChanged.map(fileInfo => fileInfo.filename));
 
-      const nonDocChange = filesChanged.find((fileInfo) => {
-        const fileDirs = fileInfo.filename.split('/');
-        if (fileDirs[0] !== 'docs') {
-          return true;
-        }
+      const nonDocChange = filesChanged.length === 0 || filesChanged.find(({ filename }) => {
+        const fileDirs = filename.split('/');
+        if (fileDirs[0] !== 'docs') return true;
       });
-      if (nonDocChange || filesChanged.length === 0) {
-        process.exit(1);
-      } else {
-        process.exit(0);
-      }
-    } catch (ex) {
-      console.error('Error getting list of files changed: ', ex);
+
+      process.exit(nonDocChange ? 1 : 0);
+    } catch (error) {
+      console.error('Error getting list of files changed: ', error);
       process.exit(-1);
     }
   } else {
     console.error(`Check if only the docs were changed for a commit.
-    Usage: doc-only-change.js --prNumber=PR_NUMBER || --prBranch=PR_BRANCH || --prURL=PR_URL`);
+    Usage: doc-only-change.js --prNumber=PR_NUMBER || --prURL=PR_URL`);
     process.exit(-1);
   }
 }

script/lint.js

@@ -27,6 +27,32 @@ const IGNORELIST = new Set([
 
 const IS_WINDOWS = process.platform === 'win32';
 
+const CPPLINT_FILTERS = [
+  // from presubmit_canned_checks.py OFF_BY_DEFAULT_LINT_FILTERS
+  '-build/include',
+  '-build/include_order',
+  '-build/namespaces',
+  '-readability/casting',
+  '-runtime/int',
+  '-whitespace/braces',
+  // from presubmit_canned_checks.py OFF_UNLESS_MANUALLY_ENABLED_LINT_FILTERS
+  '-build/c++11',
+  '-build/header_guard',
+  '-readability/todo',
+  '-runtime/references',
+  '-whitespace/braces',
+  '-whitespace/comma',
+  '-whitespace/end_of_line',
+  '-whitespace/forcolon',
+  '-whitespace/indent',
+  '-whitespace/line_length',
+  '-whitespace/newline',
+  '-whitespace/operators',
+  '-whitespace/parens',
+  '-whitespace/semicolon',
+  '-whitespace/tab'
+];
+
 function spawnAndCheckExitCode (cmd, args, opts) {
   opts = { stdio: 'inherit', ...opts };
   const { error, status, signal } = childProcess.spawnSync(cmd, args, opts);
@@ -75,7 +101,7 @@ const LINTERS = [{
     const clangFormatFlags = opts.fix ? ['--fix'] : [];
     for (const chunk of chunkFilenames(filenames)) {
       spawnAndCheckExitCode('python3', ['script/run-clang-format.py', ...clangFormatFlags, ...chunk]);
-      cpplint(chunk);
+      cpplint([`--filter=${CPPLINT_FILTERS.join(',')}`, ...chunk]);
     }
   }
 }, {
@@ -85,13 +111,7 @@ const LINTERS = [{
   run: (opts, filenames) => {
     const clangFormatFlags = opts.fix ? ['--fix'] : [];
     spawnAndCheckExitCode('python3', ['script/run-clang-format.py', '-r', ...clangFormatFlags, ...filenames]);
-    const filter = [
-      '-readability/braces',
-      '-readability/casting',
-      '-whitespace/braces',
-      '-whitespace/indent',
-      '-whitespace/parens'
-    ];
+    const filter = [...CPPLINT_FILTERS, '-readability/braces'];
     cpplint(['--extensions=mm,h', `--filter=${filter.join(',')}`, ...filenames]);
   }
 }, {