fix: missing badge text on Windows (#41628)

https://chromium-review.googlesource.com/c/chromium/src/+/5053607

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

.circleci/config/base.yml

@@ -337,46 +337,27 @@ step-setup-env-for-build: &step-setup-env-for-build
       # To find `gn` executable.
       echo 'export CHROMIUM_BUILDTOOLS_PATH="'"$PWD"'/src/buildtools"' >> $BASH_ENV
 
-step-setup-goma-for-build: &step-setup-goma-for-build
+step-setup-rbe-for-build: &step-setup-rbe-for-build
   run:
-    name: Setup Goma
+    name: Setup RBE
     command: |
       echo 'export NUMBER_OF_NINJA_PROCESSES=300' >> $BASH_ENV
       if [ "`uname`" == "Darwin" ]; then
+        echo 'export NUMBER_OF_NINJA_PROCESSES=200' >> $BASH_ENV
         echo 'ulimit -n 10000' >> $BASH_ENV
         echo 'sudo launchctl limit maxfiles 65536 200000' >> $BASH_ENV
       fi
-      if [ ! -z "$RAW_GOMA_AUTH" ]; then
-        echo $RAW_GOMA_AUTH > ~/.goma_oauth2_config
-      fi
       git clone https://github.com/electron/build-tools.git
       cd build-tools
-      npm install
+      npx yarn --ignore-engines
       mkdir third_party
-      node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
-      export GOMA_FALLBACK_ON_AUTH_FAILURE=true
-      third_party/goma/goma_ctl.py ensure_start
-      if [ ! -z "$RAW_GOMA_AUTH" ] && [ "`third_party/goma/goma_auth.py info`" != "Login as Fermi Planck" ]; then
-        echo "WARNING!!!!!! Goma authentication is incorrect; please update Goma auth token."
-        exit 1
-      fi
-      echo 'export GN_GOMA_FILE='`node -e "console.log(require('./src/utils/goma.js').gnFilePath)"` >> $BASH_ENV
-      echo 'export GOMA_DIR='`node -e "console.log(require('./src/utils/goma.js').dir)"` >> $BASH_ENV
-      echo 'export GOMA_FALLBACK_ON_AUTH_FAILURE=true' >> $BASH_ENV
-      cd ..
-      touch "${TMPDIR:=/tmp}"/.goma-ready
-    background: true
-
-step-wait-for-goma: &step-wait-for-goma
-  run:
-    name: Wait for Goma
-    command: |
-      until [ -f "${TMPDIR:=/tmp}"/.goma-ready ]
-      do
-          sleep 5
-      done
-      echo "Goma ready"
-    no_output_timeout: 5m
+      # Pull down credential helper and print status
+      node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
+      HELPER=$(node -p "require('./src/utils/reclient.js').helperPath({})")
+      $HELPER login
+      echo 'export RBE_service='`node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"` >> $BASH_ENV
+      echo 'export RBE_experimental_credentials_helper='`node -e "console.log(require('./src/utils/reclient.js').helperPath({}))"` >> $BASH_ENV
+      echo 'export RBE_experimental_credentials_helper_args="print"' >> $BASH_ENV
 
 step-restore-brew-cache: &step-restore-brew-cache
   restore_cache:
@@ -550,6 +531,13 @@ step-fix-sync: &step-fix-sync
         sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
         cipd ensure --root src/buildtools/mac -ensure-file gn_ensure_file
 
+        # Fix reclient (wrong binary)
+        echo 'infra/rbe/client/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/reclient:infra/rbe/client/${platform}'` > gn_ensure_file
+        # Remove extra output from calling gclient getdep which always calls update_depot_tools
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/reclient -ensure-file gn_ensure_file
+        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
+
         # Fix dsymutil (wrong binary)
         if  [ "$TARGET_ARCH" == "arm64" ]; then
           export DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
@@ -602,7 +590,7 @@ step-gn-gen-default: &step-gn-gen-default
     name: Default GN gen
     command: |
       cd src
-      gn gen out/Default --args="import(\"$GN_CONFIG\") import(\"$GN_GOMA_FILE\") $GN_EXTRA_ARGS $GN_BUILDFLAG_ARGS"
+      gn gen out/Default --args="import(\"$GN_CONFIG\") use_remoteexec=true $GN_EXTRA_ARGS $GN_BUILDFLAG_ARGS"
 
 step-gn-check: &step-gn-check
   run:
@@ -638,16 +626,16 @@ step-electron-chromedriver-build: &step-electron-chromedriver-build
     command: |
       cd src
       if [ "`uname`" != "Darwin" ] && ([ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]); then
-        gn gen out/chromedriver --args="import(\"$GN_CONFIG\") import(\"$GN_GOMA_FILE\") is_component_ffmpeg=false proprietary_codecs=false $GN_EXTRA_ARGS $GN_BUILDFLAG_ARGS"
+        gn gen out/chromedriver --args="import(\"$GN_CONFIG\") use_remoteexec=true is_component_ffmpeg=false proprietary_codecs=false $GN_EXTRA_ARGS $GN_BUILDFLAG_ARGS"
         export CHROMEDRIVER_DIR="out/chromedriver"
       else
         export CHROMEDRIVER_DIR="out/Default"
       fi
-      ninja -C $CHROMEDRIVER_DIR electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
+      autoninja -C $CHROMEDRIVER_DIR electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
       if [ "`uname`" == "Linux" ]; then
         electron/script/strip-binaries.py --target-cpu="$TARGET_ARCH" --file $PWD/$CHROMEDRIVER_DIR/chromedriver
       fi
-      ninja -C $CHROMEDRIVER_DIR electron:electron_chromedriver_zip
+      autoninja -C $CHROMEDRIVER_DIR electron:electron_chromedriver_zip
       if [ "`uname`" != "Darwin" ] && ([ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]); then
         cp out/chromedriver/chromedriver.zip out/Default
       fi
@@ -657,7 +645,7 @@ step-nodejs-headers-build: &step-nodejs-headers-build
     name: Build Node.js headers
     command: |
       cd src
-      ninja -C out/Default electron:node_headers
+      autoninja -C out/Default electron:node_headers
 
 step-electron-publish: &step-electron-publish
   run:
@@ -711,14 +699,14 @@ step-ffmpeg-gn-gen: &step-ffmpeg-gn-gen
     name: ffmpeg GN gen
     command: |
       cd src
-      gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") import(\"$GN_GOMA_FILE\") $GN_EXTRA_ARGS"
+      gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
 
 step-ffmpeg-build: &step-ffmpeg-build
   run:
     name: Non proprietary ffmpeg build
     command: |
       cd src
-      ninja -C out/ffmpeg electron:electron_ffmpeg_zip -j $NUMBER_OF_NINJA_PROCESSES
+      autoninja -C out/ffmpeg electron:electron_ffmpeg_zip -j $NUMBER_OF_NINJA_PROCESSES
 
 step-verify-mksnapshot: &step-verify-mksnapshot
   run:
@@ -750,26 +738,13 @@ step-setup-linux-for-headless-testing: &step-setup-linux-for-headless-testing
         sh -e /etc/init.d/xvfb start
       fi
 
-step-show-goma-stats: &step-show-goma-stats
-  run:
-    shell: /bin/bash
-    name: Check goma stats after build
-    command: |
-      set +e
-      set +o pipefail
-      python3 $GOMA_DIR/goma_ctl.py stat
-      python3 $GOMA_DIR/diagnose_goma_log.py
-      true
-    when: always
-    background: true
-
 step-mksnapshot-build: &step-mksnapshot-build
   run:
     name: mksnapshot build
     no_output_timeout: 30m
     command: |
       cd src
-      ninja -C out/Default electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
+      autoninja -C out/Default electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
       gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
       # Remove unused args from mksnapshot_args
       SEDOPTION="-i"
@@ -792,7 +767,7 @@ step-mksnapshot-build: &step-mksnapshot-build
         fi
       fi
       if [ "$SKIP_DIST_ZIP" != "1" ]; then
-        ninja -C out/Default electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
         (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
       fi
 
@@ -802,7 +777,7 @@ step-hunspell-build: &step-hunspell-build
     command: |
       cd src
       if [ "$SKIP_DIST_ZIP" != "1" ]; then
-        ninja -C out/Default electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
       fi
 
 step-maybe-generate-libcxx: &step-maybe-generate-libcxx
@@ -811,9 +786,9 @@ step-maybe-generate-libcxx: &step-maybe-generate-libcxx
     command: |
       cd src
       if [ "`uname`" == "Linux" ]; then
-        ninja -C out/Default electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
-        ninja -C out/Default electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
-        ninja -C out/Default electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
       fi
 
 step-maybe-generate-breakpad-symbols: &step-maybe-generate-breakpad-symbols
@@ -823,7 +798,7 @@ step-maybe-generate-breakpad-symbols: &step-maybe-generate-breakpad-symbols
     command: |
       if [ "$GENERATE_SYMBOLS" == "true" ]; then
         cd src
-        ninja -C out/Default electron:electron_symbols
+        autoninja -C out/Default electron:electron_symbols
       fi
 
 step-maybe-zip-symbols: &step-maybe-zip-symbols
@@ -832,8 +807,8 @@ step-maybe-zip-symbols: &step-maybe-zip-symbols
     command: |
       cd src
       export BUILD_PATH="$PWD/out/Default"
-      ninja -C out/Default electron:licenses
-      ninja -C out/Default electron:electron_version_file
+      autoninja -C out/Default electron:licenses
+      autoninja -C out/Default electron:electron_version_file
       electron/script/zip-symbols.py -b $BUILD_PATH
 
 step-maybe-zip-symbols-and-clean: &step-maybe-zip-symbols-and-clean
@@ -842,8 +817,8 @@ step-maybe-zip-symbols-and-clean: &step-maybe-zip-symbols-and-clean
     command: |
       cd src
       export BUILD_PATH="$PWD/out/Default"
-      ninja -C out/Default electron:licenses
-      ninja -C out/Default electron:electron_version_file
+      autoninja -C out/Default electron:licenses
+      autoninja -C out/Default electron:electron_version_file
       DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
 
 step-maybe-cross-arch-snapshot: &step-maybe-cross-arch-snapshot
@@ -1190,11 +1165,10 @@ commands:
       could-be-aks:
         type: boolean
     steps:
-      - *step-setup-goma-for-build
+      - *step-setup-rbe-for-build
       - checkout-from-cache:
           could-be-aks: << parameters.could-be-aks >>
       - *step-setup-env-for-build
-      - *step-wait-for-goma
       - *step-gn-gen-default
       - *step-gn-check
   build_and_save_artifacts:
@@ -1213,9 +1187,7 @@ commands:
           build-type: << parameters.build-type >>
       - *step-maybe-electron-dist-strip
       - step-electron-dist-build:
-          additional-targets: shell_browser_ui_unittests electron:node_headers third_party/electron_node:overlapped-checker electron:hunspell_dictionaries_zip
-
-      - *step-show-goma-stats
+          additional-targets: electron:node_headers third_party/electron_node:overlapped-checker electron:hunspell_dictionaries_zip
 
       # mksnapshot
       - *step-mksnapshot-build
@@ -1345,7 +1317,7 @@ commands:
           command: |
             cd src
             if [ "$SKIP_DIST_ZIP" != "1" ]; then
-              ninja -C out/Default electron:electron_dist_zip << parameters.additional-targets >> -j $NUMBER_OF_NINJA_PROCESSES
+              autoninja -C out/Default electron:electron_dist_zip << parameters.additional-targets >> -j $NUMBER_OF_NINJA_PROCESSES
               if [ "$CHECK_DIST_MANIFEST" == "1" ]; then
                 if [ "`uname`" == "Darwin" ]; then
                   target_os=mac
@@ -1446,7 +1418,7 @@ commands:
       - when:
           condition: << parameters.build >>
           steps:
-            - *step-setup-goma-for-build
+            - *step-setup-rbe-for-build
       - when:
           condition: << parameters.checkout-and-assume-cache >>
           steps:
@@ -1565,7 +1537,6 @@ commands:
           steps:
             - *step-depot-tools-add-to-path
             - *step-setup-env-for-build
-            - *step-wait-for-goma
             - *step-get-more-space-on-mac
             - *step-fix-sync
             - *step-delete-git-directories
@@ -1751,14 +1722,12 @@ commands:
       - *step-fix-sync
       - *step-setup-env-for-build
       - *step-fix-known-hosts-linux
-      - *step-setup-goma-for-build
-      - *step-wait-for-goma
+      - *step-setup-rbe-for-build
       - *step-gn-gen-default
 
       # Electron app
       - ninja_build_electron:
           build-type: << parameters.build-type >>
-      - *step-show-goma-stats
       - *step-maybe-generate-breakpad-symbols
       - *step-maybe-electron-dist-strip
       - step-electron-dist-build
@@ -2165,7 +2134,7 @@ jobs:
       <<: *env-ninja-status
       <<: *env-macos-build
       <<: *env-apple-silicon
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac --custom-var=host_cpu=arm64'
     steps:
       - electron-build:
           persist: true

.github/workflows/branch-created.yml

@@ -8,7 +8,7 @@ permissions: {}
 jobs:
   release-branch-created:
     name: Release Branch Created
-    if: ${{ github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') }}
+    if: ${{ github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller') }}
     permissions:
       contents: read
       pull-requests: write
@@ -72,21 +72,44 @@ jobs:
         with:
           script: |
             const major = ${{ steps.check-major-version.outputs.MAJOR }}
+            const nextMajor = major + 1
+            const prevMajor = major - 1
 
+            core.setOutput("major", major)
+            core.setOutput("next-major", nextMajor)
+            core.setOutput("prev-major", prevMajor)
+            core.setOutput("prev-prev-major", prevMajor - 1)
             core.setOutput("template-view", JSON.stringify({
                 major,
-                "next-major": major + 1,
-                "prev-major": major - 1,
+                "next-major": nextMajor,
+                "prev-major": prevMajor,
             }))
-            core.setOutput("title", `${major}-x-y`)
       - name: Create Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/copy-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        id: create-release-board
         with:
           drafts: true
           project-number: 64
           # TODO - Set to public once GitHub fixes their GraphQL bug
           # public: true
+          link-to-repository: electron/electron
           template-view: ${{ steps.generate-project-metadata.outputs.template-view }}
-          title: ${{ steps.generate-project-metadata.outputs.title}}
+          title: ${{ steps.generate-project-metadata.outputs.major }}-x-y
           token: ${{ steps.generate-token.outputs.token }}
+      - name: Dump Release Project Board Contents
+        if: ${{ steps.check-major-version.outputs.MAJOR }}
+        run: gh project item-list ${{ steps.create-release-board.outputs.number }} --owner electron --format json | jq
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+      - name: Find Previous Release Project Board
+        if: ${{ steps.check-major-version.outputs.MAJOR }}
+        uses: dsanders11/project-actions/find-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        id: find-prev-release-board
+        with:
+          title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y
+      - name: Close Previous Release Project Board
+        if: ${{ steps.check-major-version.outputs.MAJOR }}
+        uses: dsanders11/project-actions/close-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        with:
+          project-number: ${{ steps.find-prev-release-board.outputs.number }}

.github/workflows/pull-request-labeled.yml

@@ -1,13 +1,26 @@
 name: Pull Request Labeled
 
 on:
-  pull_request:
+  pull_request_target:
     types: [labeled]
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
+  pull-request-labeled-backport-requested:
+    name: backport/requested label added
+    if: github.event.label.name == 'backport/requested 🗳'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger Slack workflow
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        with:
+          payload: |
+            {
+              "url": "${{ github.event.pull_request.html_url }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }}
   pull-request-labeled-deprecation-review-complete:
     name: deprecation-review/complete label added
     if: github.event.label.name == 'deprecation-review/complete ✅'

BUILD.gn

@@ -29,6 +29,7 @@ import("filenames.gni")
 import("filenames.hunspell.gni")
 import("filenames.libcxx.gni")
 import("filenames.libcxxabi.gni")
+import("js2c_toolchain.gni")
 
 if (is_mac) {
   import("//build/config/mac/rules.gni")
@@ -165,15 +166,6 @@ npm_action("build_electron_definitions") {
   outputs = [ "$target_gen_dir/tsc/typings/electron.d.ts" ]
 }
 
-webpack_build("electron_asar_bundle") {
-  deps = [ ":build_electron_definitions" ]
-
-  inputs = auto_filenames.asar_bundle_deps
-
-  config_file = "//electron/build/webpack/webpack.config.asar.js"
-  out_file = "$target_gen_dir/js2c/asar_bundle.js"
-}
-
 webpack_build("electron_browser_bundle") {
   deps = [ ":build_electron_definitions" ]
 
@@ -219,6 +211,15 @@ webpack_build("electron_isolated_renderer_bundle") {
   out_file = "$target_gen_dir/js2c/isolated_bundle.js"
 }
 
+webpack_build("electron_node_bundle") {
+  deps = [ ":build_electron_definitions" ]
+
+  inputs = auto_filenames.node_bundle_deps
+
+  config_file = "//electron/build/webpack/webpack.config.node.js"
+  out_file = "$target_gen_dir/js2c/node_init.js"
+}
+
 webpack_build("electron_utility_bundle") {
   deps = [ ":build_electron_definitions" ]
 
@@ -230,32 +231,37 @@ webpack_build("electron_utility_bundle") {
 
 action("electron_js2c") {
   deps = [
-    ":electron_asar_bundle",
     ":electron_browser_bundle",
     ":electron_isolated_renderer_bundle",
+    ":electron_node_bundle",
     ":electron_renderer_bundle",
     ":electron_sandboxed_renderer_bundle",
     ":electron_utility_bundle",
     ":electron_worker_bundle",
+    "//third_party/electron_node:node_js2c($electron_js2c_toolchain)",
   ]
 
   sources = [
-    "$target_gen_dir/js2c/asar_bundle.js",
     "$target_gen_dir/js2c/browser_init.js",
     "$target_gen_dir/js2c/isolated_bundle.js",
+    "$target_gen_dir/js2c/node_init.js",
     "$target_gen_dir/js2c/renderer_init.js",
     "$target_gen_dir/js2c/sandbox_bundle.js",
     "$target_gen_dir/js2c/utility_init.js",
     "$target_gen_dir/js2c/worker_init.js",
   ]
 
-  inputs = sources + [ "//third_party/electron_node/tools/js2c.py" ]
+  inputs = sources
   outputs = [ "$root_gen_dir/electron_natives.cc" ]
 
   script = "build/js2c.py"
-  args = [ rebase_path("//third_party/electron_node") ] +
-         rebase_path(outputs, root_build_dir) +
-         rebase_path(sources, root_build_dir)
+  out_dir =
+      get_label_info(":anything($electron_js2c_toolchain)", "root_out_dir")
+  args = [
+           rebase_path("$out_dir/node_js2c"),
+           rebase_path("$root_gen_dir"),
+         ] + rebase_path(outputs, root_gen_dir) +
+         rebase_path(sources, root_gen_dir)
 }
 
 action("generate_config_gypi") {
@@ -486,6 +492,7 @@ source_set("electron_lib") {
     "//third_party/webrtc_overrides:webrtc_component",
     "//third_party/widevine/cdm:headers",
     "//third_party/zlib/google:zip",
+    "//ui/base:ozone_buildflags",
     "//ui/base/idle",
     "//ui/compositor",
     "//ui/events:dom_keycode_converter",
@@ -716,6 +723,7 @@ source_set("electron_lib") {
       "shell/common/extensions/api",
       "shell/common/extensions/api:extensions_features",
       "//chrome/browser/resources:component_extension_resources",
+      "//components/guest_view/common:mojom",
       "//components/update_client:update_client",
       "//components/zoom",
       "//extensions/browser",
@@ -1331,25 +1339,6 @@ if (is_mac) {
   }
 }
 
-test("shell_browser_ui_unittests") {
-  sources = [
-    "//electron/shell/browser/ui/accelerator_util_unittests.cc",
-    "//electron/shell/browser/ui/run_all_unittests.cc",
-  ]
-
-  configs += [ ":electron_lib_config" ]
-
-  deps = [
-    ":electron_lib",
-    "//base",
-    "//base/test:test_support",
-    "//testing/gmock",
-    "//testing/gtest",
-    "//ui/base",
-    "//ui/strings",
-  ]
-}
-
 template("dist_zip") {
   _runtime_deps_target = "${target_name}__deps"
   _runtime_deps_file =

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '120.0.6099.216',
+    '122.0.6261.130',
   'node_version':
-    'v18.18.2',
+    'v20.9.0',
   'nan_version':
     'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':
@@ -13,6 +13,8 @@ vars = {
     '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
   'mantle_version':
     '78d3966b3c331292ea29ec38661b25df0a245948',
+  'engflow_reclient_configs_version':
+    '955335c30a752e9ef7bff375baab5e0819b6c00d',
 
   'pyyaml_version': '3.12',
 
@@ -23,6 +25,7 @@ vars = {
   'squirrel_git': 'https://github.com/Squirrel',
   'reactiveobjc_git': 'https://github.com/ReactiveCocoa',
   'mantle_git': 'https://github.com/Mantle',
+  'engflow_git': 'https://github.com/EngFlow',
   
   # The path of the sysroots.json file.
   'sysroots_json_path': 'electron/script/sysroots.json',
@@ -102,6 +105,10 @@ deps = {
   'src/third_party/squirrel.mac/vendor/Mantle': {
     'url':  Var("mantle_git") + '/Mantle.git@' + Var("mantle_version"),
     'condition': 'process_deps',
+  },
+  'src/third_party/engflow-reclient-configs': {
+    'url': Var("engflow_git") + '/reclient-configs.git@' + Var("engflow_reclient_configs_version"),
+    'condition': 'process_deps'
   }
 }
 

README.md

@@ -9,8 +9,8 @@ View these docs in other languages on our [Crowdin](https://crowdin.com/project/
 
 The Electron framework lets you write cross-platform desktop applications
 using JavaScript, HTML and CSS. It is based on [Node.js](https://nodejs.org/) and
-[Chromium](https://www.chromium.org) and is used by the [Atom
-editor](https://github.com/atom/atom) and many other [apps](https://electronjs.org/apps).
+[Chromium](https://www.chromium.org) and is used by the [Visual Studio
+Code](https://github.com/Microsoft/vscode/) and many other [apps](https://electronjs.org/apps).
 
 Follow [@electronjs](https://twitter.com/electronjs) on Twitter for important
 announcements.
@@ -41,9 +41,9 @@ Each Electron release provides binaries for macOS, Windows, and Linux.
 * macOS (Catalina and up): Electron provides 64-bit Intel and ARM binaries for macOS. Apple Silicon support was added in Electron 11.
 * Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
 * Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
-  * Ubuntu 14.04 and newer
-  * Fedora 24 and newer
-  * Debian 8 and newer
+  * Ubuntu 18.04 and newer
+  * Fedora 32 and newer
+  * Debian 10 and newer
 
 ## Quick start & Electron Fiddle
 

appveyor-bake.yml

@@ -13,7 +13,6 @@ environment:
   ELECTRON_ENABLE_STACK_DUMPING: 1
   MOCHA_REPORTER: mocha-multi-reporters
   MOCHA_MULTI_REPORTERS: mocha-appveyor-reporter, tap
-  GOMA_FALLBACK_ON_AUTH_FAILURE: true
   DEPOT_TOOLS_WIN_TOOLCHAIN: 0
   PYTHONIOENCODING: UTF-8
 

appveyor-woa.yml

@@ -29,7 +29,7 @@
 
 version: 1.0.{build}
 build_cloud: electronhq-16-core
-image: e-120.0.6099.0
+image: e-121.0.6116.0
 environment:
   GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
   ELECTRON_OUT_DIR: Default
@@ -37,7 +37,6 @@ environment:
   ELECTRON_ALSO_LOG_TO_STDERR: 1
   MOCHA_REPORTER: mocha-multi-reporters
   MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, tap"
-  GOMA_FALLBACK_ON_AUTH_FAILURE: true
   DEPOT_TOOLS_WIN_TOOLCHAIN: 1
   DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
   GYP_MSVS_HASH_27370823e7: 28622d16b1
@@ -101,31 +100,22 @@ for:
           if (Test-Path -Path "$pwd\src\electron") {
             Remove-Item -Recurse -Force $pwd\src\electron
           }
-      - ps: >-
-          if (Test-Path 'env:RAW_GOMA_AUTH') {
-            $env:GOMA_OAUTH2_CONFIG_FILE = "$pwd\.goma_oauth2_config"
-            $env:RAW_GOMA_AUTH | Set-Content $env:GOMA_OAUTH2_CONFIG_FILE
-          }
       - git clone https://github.com/electron/build-tools.git
       - cd build-tools
-      - npm install
+      - npx yarn --ignore-engines
       - mkdir third_party
       - ps: >-
-          node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
-      - ps: $env:GN_GOMA_FILE = node -e "console.log(require('./src/utils/goma.js').gnFilePath)"
-      - ps: $env:LOCAL_GOMA_DIR = node -e "console.log(require('./src/utils/goma.js').dir)"
-      - cd ..\..
-      - ps: .\src\electron\script\start-goma.ps1 -gomaDir $env:LOCAL_GOMA_DIR
+          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
+      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
       - ps: >-
-          if (Test-Path 'env:RAW_GOMA_AUTH') {
-            $goma_login = python3 $env:LOCAL_GOMA_DIR\goma_auth.py info
-            if ($goma_login -eq 'Login as Fermi Planck') {
-              Write-warning "Goma authentication is correct";
-            } else {
-              Write-warning "WARNING!!!!!! Goma authentication is incorrect; please update Goma auth token.";
-              $host.SetShouldExit(1)
-            }
-          }
+          & $env:RECLIENT_HELPER login
+      - ps: >-
+          $env:RBE_service = node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"
+      - ps: >-
+          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
+      - ps: >-
+          $env:RBE_experimental_credentials_helper_args = "print"
+      - cd ..\..
       - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
       - ps: >-
           if ($env:GN_CONFIG -ne 'release') {
@@ -147,37 +137,36 @@ for:
       - cd src
       - ps: $env:PATH="$pwd\third_party\ninja;$env:PATH"
       - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn
-      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") import(\"%GN_GOMA_FILE%\") %GN_EXTRA_ARGS% "
+      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") use_remoteexec=true %GN_EXTRA_ARGS% "
       - gn check out/Default //electron:electron_lib
       - gn check out/Default //electron:electron_app
       - gn check out/Default //electron/shell/common/api:mojo
-      - if DEFINED GN_GOMA_FILE (ninja -j 300 -C out/Default electron:electron_app) else (ninja -C out/Default electron:electron_app)
+      - if DEFINED ELECTRON_RBE_JWT (autoninja -j 300 -C out/Default electron:electron_app) else (autoninja -C out/Default electron:electron_app)
       - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
-      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") %GN_EXTRA_ARGS%"
-      - ninja -C out/ffmpeg electron:electron_ffmpeg_zip
-      - ninja -C out/Default electron:electron_dist_zip
-      - ninja -C out/Default shell_browser_ui_unittests
+      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
+      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
+      - autoninja -C out/Default electron:electron_dist_zip
       - gn desc out/Default v8:run_mksnapshot_default args > out/Default/default_mksnapshot_args
       # Remove unused args from mksnapshot_args
       - ps: >-
           Get-Content out/Default/default_mksnapshot_args | Where-Object { -not $_.Contains('--turbo-profiling-input') -And -not $_.Contains('builtins-pgo') -And -not $_.Contains('The gn arg use_goma=true') } | Set-Content out/Default/mksnapshot_args
-      - ninja -C out/Default electron:electron_mksnapshot_zip
+      - autoninja -C out/Default electron:electron_mksnapshot_zip
       - cd out\Default
       - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
       - cd ..\..
-      - ninja -C out/Default electron:hunspell_dictionaries_zip
-      - ninja -C out/Default electron:electron_chromedriver_zip
-      - ninja -C out/Default electron:node_headers
-      - python3 %LOCAL_GOMA_DIR%\goma_ctl.py stat
+      - autoninja -C out/Default electron:hunspell_dictionaries_zip
+      - autoninja -C out/Default electron:electron_chromedriver_zip
+      - autoninja -C out/Default electron:node_headers
       - ps: >-
           Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
       - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
       - 7z a node_headers.zip out\Default\gen\node_headers
+      - 7z a nan.zip third_party\nan
       - ps: >-
           if ($env:GN_CONFIG -eq 'release') {
             # Needed for msdia140.dll on 64-bit windows
             $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-            ninja -C out/Default electron:electron_symbols
+            autoninja -C out/Default electron:electron_symbols
           }
       - ps: >-
           if ($env:GN_CONFIG -eq 'release') {
@@ -188,20 +177,28 @@ for:
             # built on CI.
             7z a pdb.zip out\Default\*.pdb
           }
-      - python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.win.%TARGET_ARCH%.manifest
+      - ps: |
+          $manifest_file = "electron/script/zip_manifests/dist_zip.win.$env:TARGET_ARCH.manifest"
+          python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip $manifest_file
+          if ($LASTEXITCODE -ne 0) {
+            throw "Zip contains files not listed in the manifest $manifest_file"
+          }
       - ps: |
           cd C:\projects\src
           $missing_artifacts = $false
           if ($env:SHOULD_SKIP_ARTIFACT_VALIDATION -eq 'true') {
             Write-warning "Skipping artifact validation for doc-only $env:APPVEYOR_PROJECT_NAME"
           } else {
-            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','shell_browser_ui_unittests.exe','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip'
+            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip','nan.zip'
             foreach($artifact_name in $artifacts_to_validate) {
               if ($artifact_name -eq 'ffmpeg.zip') {
                 $artifact_file = "out\ffmpeg\ffmpeg.zip"
               } elseif (
                 $artifact_name -eq 'node_headers.zip') {
                 $artifact_file = $artifact_name
+              } elseif (
+                $artifact_name -eq 'nan.zip') {
+                $artifact_file = $artifact_name
               } else {
                 $artifact_file = "out\Default\$artifact_name"
               }
@@ -233,10 +230,10 @@ for:
       - cd C:\projects\src
       - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
       - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
-      - if exist out\Default\shell_browser_ui_unittests.exe (appveyor-retry appveyor PushArtifact out\Default\shell_browser_ui_unittests.exe)
       - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
       - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
       - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
+      - if exist nan.zip (appveyor-retry appveyor PushArtifact nan.zip)
       - if exist out\Default\mksnapshot.zip (appveyor-retry appveyor PushArtifact out\Default\mksnapshot.zip)
       - if exist out\Default\hunspell_dictionaries.zip (appveyor-retry appveyor PushArtifact out\Default\hunspell_dictionaries.zip)
       - if exist out\Default\electron.lib (appveyor-retry appveyor PushArtifact out\Default\electron.lib)        
@@ -272,12 +269,12 @@ for:
           # Download build artifacts
           $apiUrl = 'https://ci.appveyor.com/api'
           $build_info = Invoke-RestMethod -Method Get -Uri "$apiUrl/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/builds/$env:APPVEYOR_BUILD_ID"
-          $artifacts_to_download = @('dist.zip','ffmpeg.zip','node_headers.zip','electron.lib')
+          $artifacts_to_download = @('dist.zip','ffmpeg.zip','node_headers.zip','electron.lib', 'nan.zip')
           foreach ($job in $build_info.build.jobs) {
             if ($job.name -eq "Build Arm on X64 Windows") {
               $jobId = $job.jobId
               foreach($artifact_name in $artifacts_to_download) {
-                if ($artifact_name -eq 'shell_browser_ui_unittests.exe' -Or $artifact_name -eq 'electron.lib') {
+                if ($artifact_name -eq 'electron.lib') {
                   $outfile = "src\out\Default\$artifact_name"
                 } else {
                   $outfile = $artifact_name
@@ -296,6 +293,7 @@ for:
           }
       - ps: 7z x -y -osrc\out\ffmpeg ffmpeg.zip
       - ps: 7z x -y -osrc node_headers.zip
+      - ps: 7z x -y -osrc nan.zip
 
     test_script:
       # Workaround for https://github.com/appveyor/ci/issues/2420

appveyor.yml

@@ -29,7 +29,7 @@
 
 version: 1.0.{build}
 build_cloud: electronhq-16-core
-image: e-120.0.6099.0
+image: e-121.0.6116.0
 environment:
   GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
   ELECTRON_OUT_DIR: Default
@@ -37,7 +37,6 @@ environment:
   ELECTRON_ALSO_LOG_TO_STDERR: 1
   MOCHA_REPORTER: mocha-multi-reporters
   MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, tap"
-  GOMA_FALLBACK_ON_AUTH_FAILURE: true
   DEPOT_TOOLS_WIN_TOOLCHAIN: 1
   DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
   GYP_MSVS_HASH_27370823e7: 28622d16b1
@@ -99,31 +98,22 @@ for:
           if (Test-Path -Path "$pwd\src\electron") {
             Remove-Item -Recurse -Force $pwd\src\electron
           }
-      - ps: >-
-          if (Test-Path 'env:RAW_GOMA_AUTH') {
-            $env:GOMA_OAUTH2_CONFIG_FILE = "$pwd\.goma_oauth2_config"
-            $env:RAW_GOMA_AUTH | Set-Content $env:GOMA_OAUTH2_CONFIG_FILE
-          }
       - git clone https://github.com/electron/build-tools.git
       - cd build-tools
-      - npm install
+      - npx yarn --ignore-engines
       - mkdir third_party
       - ps: >-
-          node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
-      - ps: $env:GN_GOMA_FILE = node -e "console.log(require('./src/utils/goma.js').gnFilePath)"
-      - ps: $env:LOCAL_GOMA_DIR = node -e "console.log(require('./src/utils/goma.js').dir)"
-      - cd ..\..
-      - ps: .\src\electron\script\start-goma.ps1 -gomaDir $env:LOCAL_GOMA_DIR
+          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
+      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
       - ps: >-
-          if (Test-Path 'env:RAW_GOMA_AUTH') {
-            $goma_login = python3 $env:LOCAL_GOMA_DIR\goma_auth.py info
-            if ($goma_login -eq 'Login as Fermi Planck') {
-              Write-warning "Goma authentication is correct";
-            } else {
-              Write-warning "WARNING!!!!!! Goma authentication is incorrect; please update Goma auth token.";
-              $host.SetShouldExit(1)
-            }
-          }
+          & $env:RECLIENT_HELPER login
+      - ps: >-
+          $env:RBE_service = node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"
+      - ps: >-
+          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
+      - ps: >-
+          $env:RBE_experimental_credentials_helper_args = "print"
+      - cd ..\..
       - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
       - ps: >-
           if ($env:GN_CONFIG -ne 'release') {
@@ -145,28 +135,26 @@ for:
       - cd src
       - ps: $env:PATH="$pwd\third_party\ninja;$env:PATH"
       - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn
-      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") import(\"%GN_GOMA_FILE%\") %GN_EXTRA_ARGS% "
+      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") use_remoteexec=true %GN_EXTRA_ARGS% "
       - gn check out/Default //electron:electron_lib
       - gn check out/Default //electron:electron_app
       - gn check out/Default //electron/shell/common/api:mojo
-      - if DEFINED GN_GOMA_FILE (ninja -j 300 -C out/Default electron:electron_app) else (ninja -C out/Default electron:electron_app)
+      - if DEFINED ELECTRON_RBE_JWT (autoninja -j 300 -C out/Default electron:electron_app) else (autoninja -C out/Default electron:electron_app)
       - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
-      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") %GN_EXTRA_ARGS%"
-      - ninja -C out/ffmpeg electron:electron_ffmpeg_zip
-      - ninja -C out/Default electron:electron_dist_zip
-      - ninja -C out/Default shell_browser_ui_unittests
+      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
+      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
+      - autoninja -C out/Default electron:electron_dist_zip
       - gn desc out/Default v8:run_mksnapshot_default args > out/Default/default_mksnapshot_args
       # Remove unused args from mksnapshot_args
       - ps: >-
           Get-Content out/Default/default_mksnapshot_args | Where-Object { -not $_.Contains('--turbo-profiling-input') -And -not $_.Contains('builtins-pgo') -And -not $_.Contains('The gn arg use_goma=true') } | Set-Content out/Default/mksnapshot_args
-      - ninja -C out/Default electron:electron_mksnapshot_zip
+      - autoninja -C out/Default electron:electron_mksnapshot_zip
       - cd out\Default
       - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
       - cd ..\..
-      - ninja -C out/Default electron:hunspell_dictionaries_zip
-      - ninja -C out/Default electron:electron_chromedriver_zip
-      - ninja -C out/Default electron:node_headers
-      - python3 %LOCAL_GOMA_DIR%\goma_ctl.py stat
+      - autoninja -C out/Default electron:hunspell_dictionaries_zip
+      - autoninja -C out/Default electron:electron_chromedriver_zip
+      - autoninja -C out/Default electron:node_headers
       - ps: >-
           Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
       - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
@@ -175,7 +163,7 @@ for:
           if ($env:GN_CONFIG -eq 'release') {
             # Needed for msdia140.dll on 64-bit windows
             $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-            ninja -C out/Default electron:electron_symbols
+            autoninja -C out/Default electron:electron_symbols
           }
       - ps: >-
           if ($env:GN_CONFIG -eq 'release') {
@@ -186,14 +174,19 @@ for:
             # built on CI.
             7z a pdb.zip out\Default\*.pdb
           }
-      - python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.win.%TARGET_ARCH%.manifest
+      - ps: |
+          $manifest_file = "electron/script/zip_manifests/dist_zip.win.$env:TARGET_ARCH.manifest"
+          python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip $manifest_file
+          if ($LASTEXITCODE -ne 0) {
+            throw "Zip contains files not listed in the manifest $manifest_file"
+          }
       - ps: |
           cd C:\projects\src
           $missing_artifacts = $false
           if ($env:SHOULD_SKIP_ARTIFACT_VALIDATION -eq 'true') {
             Write-warning "Skipping artifact validation for doc-only $env:APPVEYOR_PROJECT_NAME"
           } else {
-            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','shell_browser_ui_unittests.exe','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip'
+            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip'
             foreach($artifact_name in $artifacts_to_validate) {
               if ($artifact_name -eq 'ffmpeg.zip') {
                 $artifact_file = "out\ffmpeg\ffmpeg.zip"
@@ -231,7 +224,6 @@ for:
       - cd C:\projects\src
       - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
       - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
-      - if exist out\Default\shell_browser_ui_unittests.exe (appveyor-retry appveyor PushArtifact out\Default\shell_browser_ui_unittests.exe)
       - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
       - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
       - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
@@ -268,12 +260,12 @@ for:
           # Download build artifacts
           $apiUrl = 'https://ci.appveyor.com/api'
           $build_info = Invoke-RestMethod -Method Get -Uri "$apiUrl/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/builds/$env:APPVEYOR_BUILD_ID"
-          $artifacts_to_download = @('dist.zip','shell_browser_ui_unittests.exe','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib')
+          $artifacts_to_download = @('dist.zip','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib')
           foreach ($job in $build_info.build.jobs) {
             if ($job.name -eq "Build") {
               $jobId = $job.jobId
               foreach($artifact_name in $artifacts_to_download) {
-                if ($artifact_name -eq 'shell_browser_ui_unittests.exe' -Or $artifact_name -eq 'electron.lib') {
+                if ($artifact_name -eq 'electron.lib') {
                   $outfile = "src\out\Default\$artifact_name"
                 } else {
                   $outfile = $artifact_name
@@ -307,7 +299,6 @@ for:
             $env:npm_config_arch = "ia32"
           }
       - echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging=file --log-file=%cd%\electron.log
-      - echo Running native test suite & node script/yarn test -- --trace-uncaught --runners=native --enable-logging=file --log-file=%cd%\electron.log
       - cd ..
       - echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg
       - echo "About to verify mksnapshot"

build/args/all.gn

@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 
 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 119
+node_module_version = 121
 
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -24,6 +24,10 @@ enable_printing = true
 angle_enable_vulkan_validation_layers = false
 dawn_enable_vulkan_validation_layers = false
 
+# Removes dxc dll's that are only used experimentally.
+# See https://bugs.chromium.org/p/chromium/issues/detail?id=1474897
+dawn_use_built_dxc = false
+
 # These are disabled because they cause the zip manifest to differ between
 # testing and release builds.
 # See https://chromium-review.googlesource.com/c/chromium/src/+/2774898.
@@ -60,3 +64,6 @@ enable_dangling_raw_ptr_checks = false
 # This flag speeds up the performance of fork/execve on linux systems.
 # Ref: https://chromium-review.googlesource.com/c/v8/v8/+/4602858
 v8_enable_private_mapping_fork_optimization = true
+
+# Expose public V8 symbols for native modules.
+v8_expose_public_symbols = true

build/dump_syms.py

@@ -1,4 +1,4 @@
-from __future__ import print_function
+#!/usr/bin/env python3
 
 import collections
 import os

build/fuses/build.py

@@ -32,6 +32,13 @@ extern const volatile char kFuseWire[];
 
 TEMPLATE_CC = """
 #include "electron/fuses.h"
+#include "base/dcheck_is_on.h"
+
+#if DCHECK_IS_ON()
+#include "base/command_line.h"
+#include "base/strings/string_util.h"
+#include <string>
+#endif
 
 namespace electron::fuses {
 
@@ -66,9 +73,20 @@ for fuse in fuses:
   getters_h += "FUSE_EXPORT bool Is{name}Enabled();\n".replace("{name}", name)
   getters_cc += """
 bool Is{name}Enabled() {
+#if DCHECK_IS_ON()
+  // RunAsNode is checked so early that base::CommandLine isn't yet
+  // initialized, so guard here to avoid a CHECK.
+  if (base::CommandLine::InitializedForCurrentProcess()) {
+    base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+    if (command_line->HasSwitch("{switch_name}")) {
+      std::string switch_value = command_line->GetSwitchValueASCII("{switch_name}");
+      return switch_value == "1";
+    }
+  }
+#endif
   return kFuseWire[{index}] == '1';
 }
-""".replace("{name}", name).replace("{index}", str(index))
+""".replace("{name}", name).replace("{switch_name}", f"set-fuse-{fuse.lower()}").replace("{index}", str(index))
 
 def c_hex(n):
   s = hex(n)[2:]

build/fuses/fuses.json5

@@ -8,5 +8,6 @@
   "node_cli_inspect": "1",
   "embedded_asar_integrity_validation": "0",
   "only_load_app_from_asar": "0",
-  "load_browser_process_specific_v8_snapshot": "0"
+  "load_browser_process_specific_v8_snapshot": "0",
+  "grant_file_protocol_extra_privileges": "1"
 }

build/js2c.py

@@ -4,32 +4,14 @@ import os
 import subprocess
 import sys
 
-TEMPLATE = """
-#include "node_native_module.h"
-#include "node_internals.h"
-
-namespace node::native_module {{
-
-{definitions}
-
-void NativeModuleLoader::LoadEmbedderJavaScriptSource() {{
-  {initializers}
-}}
-
-}}  // namespace node::native_module
-"""
-
 def main():
-  node_path = os.path.abspath(sys.argv[1])
-  natives = os.path.abspath(sys.argv[2])
-  js_source_files = sys.argv[3:]
+  js2c = sys.argv[1]
+  root = sys.argv[2]
+  natives = sys.argv[3]
+  js_source_files = sys.argv[4:]
 
-  js2c = os.path.join(node_path, 'tools', 'js2c.py')
   subprocess.check_call(
-    [sys.executable, js2c] +
-    js_source_files +
-    ['--only-js', '--target', natives])
-
+    [js2c, natives] + js_source_files + ['--only-js', "--root", root])
 
 if __name__ == '__main__':
-  sys.exit(main())
+  sys.exit(main())

build/npm-run.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from __future__ import print_function
+
 import os
 import subprocess
 import sys

build/profile_toolchain.py

@@ -1,4 +1,4 @@
-from __future__ import unicode_literals
+#!/usr/bin/env python3
 
 import contextlib
 import sys

build/run-in-dir.py

@@ -1,10 +1,11 @@
 import sys
 import os
+import subprocess
 
 def main(argv):
-  cwd = argv[1]
-  os.chdir(cwd)
-  os.execv(sys.executable, [sys.executable] + argv[2:])
+  os.chdir(argv[1])
+  p = subprocess.Popen(argv[2:])
+  return p.wait()
 
 if __name__ == '__main__':
-  main(sys.argv)
+  sys.exit(main(sys.argv))

build/webpack/webpack.config.asar.js

@@ -1,5 +0,0 @@
-module.exports = require('./webpack.config.base')({
-  target: 'asar',
-  alwaysHasNode: true,
-  targetDeletesNodeGlobals: true
-});

build/webpack/webpack.config.node.js

@@ -0,0 +1,4 @@
+module.exports = require('./webpack.config.base')({
+  target: 'node',
+  alwaysHasNode: true
+});

build/zip.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from __future__ import print_function
+
 import os
 import subprocess
 import sys

build/zip_libcxx.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from __future__ import print_function
+
 import os
 import subprocess
 import sys

buildflags/BUILD.gn

@@ -15,4 +15,15 @@ buildflag_header("buildflags") {
     "ENABLE_BUILTIN_SPELLCHECKER=$enable_builtin_spellchecker",
     "OVERRIDE_LOCATION_PROVIDER=$enable_fake_location_provider",
   ]
+
+  if (electron_vendor_version != "") {
+    result = string_split(electron_vendor_version, ":")
+    flags += [
+      "HAS_VENDOR_VERSION=true",
+      "VENDOR_VERSION_NAME=\"${result[0]}\"",
+      "VENDOR_VERSION_VALUE=\"${result[1]}\"",
+    ]
+  } else {
+    flags += [ "HAS_VENDOR_VERSION=false" ]
+  }
 }

buildflags/buildflags.gni

@@ -23,4 +23,10 @@ declare_args() {
   # Packagers and vendor builders should set this in gn args to avoid running
   # the script that reads git tag.
   override_electron_version = ""
+
+  # Define an extra item that will show in process.versions, the value must
+  # be in the format of "key:value".
+  # Packagers and vendor builders can set this in gn args to attach extra info
+  # about the build in the binary.
+  electron_vendor_version = ""
 }

chromium_src/BUILD.gn

@@ -31,6 +31,8 @@ static_library("chrome") {
     "//chrome/browser/devtools/devtools_file_system_indexer.cc",
     "//chrome/browser/devtools/devtools_file_system_indexer.h",
     "//chrome/browser/devtools/devtools_settings.h",
+    "//chrome/browser/devtools/visual_logging.cc",
+    "//chrome/browser/devtools/visual_logging.h",
     "//chrome/browser/extensions/global_shortcut_listener.cc",
     "//chrome/browser/extensions/global_shortcut_listener.h",
     "//chrome/browser/icon_loader.cc",
@@ -57,8 +59,14 @@ static_library("chrome") {
     "//chrome/browser/net/proxy_service_factory.h",
     "//chrome/browser/picture_in_picture/picture_in_picture_bounds_cache.cc",
     "//chrome/browser/picture_in_picture/picture_in_picture_bounds_cache.h",
+    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker.cc",
+    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker.h",
+    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.cc",
+    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.h",
     "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.cc",
     "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
+    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.cc",
+    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.h",
     "//chrome/browser/platform_util.cc",
     "//chrome/browser/platform_util.h",
     "//chrome/browser/predictors/preconnect_manager.cc",
@@ -234,6 +242,8 @@ static_library("chrome") {
       "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.mm",
       "//chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.h",
       "//chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm",
+      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.h",
+      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.mm",
       "//chrome/browser/media/webrtc/window_icon_util_mac.mm",
       "//chrome/browser/platform_util_mac.mm",
       "//chrome/browser/process_singleton_mac.mm",
@@ -335,6 +345,8 @@ static_library("chrome") {
         "//chrome/browser/pdf/pdf_extension_util.h",
         "//chrome/browser/pdf/pdf_frame_util.cc",
         "//chrome/browser/pdf/pdf_frame_util.h",
+        "//chrome/browser/pdf/pdf_viewer_stream_manager.cc",
+        "//chrome/browser/pdf/pdf_viewer_stream_manager.h",
         "//chrome/browser/plugins/pdf_iframe_navigation_throttle.cc",
         "//chrome/browser/plugins/pdf_iframe_navigation_throttle.h",
       ]
@@ -442,6 +454,8 @@ source_set("chrome_spellchecker") {
       "//chrome/browser/profiles/profile_selections.h",
       "//chrome/browser/spellchecker/spell_check_host_chrome_impl.cc",
       "//chrome/browser/spellchecker/spell_check_host_chrome_impl.h",
+      "//chrome/browser/spellchecker/spell_check_initialization_host_impl.cc",
+      "//chrome/browser/spellchecker/spell_check_initialization_host_impl.h",
       "//chrome/browser/spellchecker/spellcheck_custom_dictionary.cc",
       "//chrome/browser/spellchecker/spellcheck_custom_dictionary.h",
       "//chrome/browser/spellchecker/spellcheck_factory.cc",

docs/api/app.md

@@ -377,35 +377,6 @@ page.
 
 Emitted whenever there is a GPU info update.
 
-### Event: 'gpu-process-crashed' _Deprecated_
-
-Returns:
-
-* `event` Event
-* `killed` boolean
-
-Emitted when the GPU process crashes or is killed.
-
-**Deprecated:** This event is superceded by the `child-process-gone` event
-which contains more information about why the child process disappeared. It
-isn't always because it crashed. The `killed` boolean can be replaced by
-checking `reason === 'killed'` when you switch to that event.
-
-### Event: 'renderer-process-crashed' _Deprecated_
-
-Returns:
-
-* `event` Event
-* `webContents` [WebContents](web-contents.md)
-* `killed` boolean
-
-Emitted when the renderer process of `webContents` crashes or is killed.
-
-**Deprecated:** This event is superceded by the `render-process-gone` event
-which contains more information about why the render process disappeared. It
-isn't always because it crashed.  The `killed` boolean can be replaced by
-checking `reason === 'killed'` when you switch to that event.
-
 ### Event: 'render-process-gone'
 
 Returns:
@@ -1278,10 +1249,10 @@ Returns `boolean` - Whether the current desktop environment is Unity launcher.
 ### `app.getLoginItemSettings([options])` _macOS_ _Windows_
 
 * `options` Object (optional)
-  * `path` string (optional) _Windows_ - The executable path to compare against.
-    Defaults to `process.execPath`.
-  * `args` string[] (optional) _Windows_ - The command-line arguments to compare
-    against. Defaults to an empty array.
+  * `type` string (optional) _macOS_ - Can be one of `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
+  * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
+  * `path` string (optional) _Windows_ - The executable path to compare against. Defaults to `process.execPath`.
+  * `args` string[] (optional) _Windows_ - The command-line arguments to compare against. Defaults to an empty array.
 
 If you provided `path` and `args` options to `app.setLoginItemSettings`, then you
 need to pass the same arguments here for `openAtLogin` to be set correctly.
@@ -1289,17 +1260,11 @@ need to pass the same arguments here for `openAtLogin` to be set correctly.
 Returns `Object`:
 
 * `openAtLogin` boolean - `true` if the app is set to open at login.
-* `openAsHidden` boolean _macOS_ - `true` if the app is set to open as hidden at login.
-  This setting is not available on [MAS builds][mas-builds].
-* `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login
-  automatically. This setting is not available on [MAS builds][mas-builds].
-* `wasOpenedAsHidden` boolean _macOS_ - `true` if the app was opened as a hidden login
-  item. This indicates that the app should not open any windows at startup.
-  This setting is not available on [MAS builds][mas-builds].
-* `restoreState` boolean _macOS_ - `true` if the app was opened as a login item that
-  should restore the state from the previous session. This indicates that the
-  app should restore the windows that were open the last time the app was
-  closed. This setting is not available on [MAS builds][mas-builds].
+* `openAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app is set to open as hidden at login. This does not work on macOS 13 and up.
+* `wasOpenedAtLogin` boolean _macOS_ _Deprecated_ - `true` if the app was opened at login automatically. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
+* `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
+* `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
+* `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
 * `executableWillLaunchAtLogin` boolean _Windows_ - `true` if app is set to open at login and its run key is not deactivated. This differs from `openAtLogin` as it ignores the `args` option, this property will be true if the given executable would be launched at login with **any** arguments.
 * `launchItems` Object[] _Windows_
   * `name` string _Windows_ - name value of a registry entry.
@@ -1313,10 +1278,14 @@ Returns `Object`:
 * `settings` Object
   * `openAtLogin` boolean (optional) - `true` to open the app at login, `false` to remove
     the app as a login item. Defaults to `false`.
-  * `openAsHidden` boolean (optional) _macOS_ - `true` to open the app as hidden. Defaults to
-    `false`. The user can edit this setting from the System Preferences so
-    `app.getLoginItemSettings().wasOpenedAsHidden` should be checked when the app
-    is opened to know the current value. This setting is not available on [MAS builds][mas-builds].
+  * `openAsHidden` boolean (optional) _macOS_ _Deprecated_ - `true` to open the app as hidden. Defaults to `false`. The user can edit this setting from the System Preferences so `app.getLoginItemSettings().wasOpenedAsHidden` should be checked when the app is opened to know the current value. This setting is not available on [MAS build
+s][mas-builds] or on macOS 13 and up.
+  * `type` string (optional) _macOS_ - The type of service to add as a login item. Defaults to `mainAppService`. Only available on macOS 13 and up.
+    * `mainAppService` - The primary application.
+    * `agentService` - The property list name for a launch agent. The property list name must correspond to a property list in the app’s `Contents/Library/LaunchAgents` directory.
+    * `daemonService` string (optional) _macOS_ - The property list name for a launch agent. The property list name must correspond to a property list in the app’s `Contents/Library/LaunchDaemons` directory.
+    * `loginItemService` string (optional) _macOS_ - The property list name for a login item service. The property list name must correspond to a property list in the app’s `Contents/Library/LoginItems` directory.
+  * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
   * `path` string (optional) _Windows_ - The executable to launch at login.
     Defaults to `process.execPath`.
   * `args` string[] (optional) _Windows_ - The command-line arguments to pass to
@@ -1325,6 +1294,7 @@ Returns `Object`:
   * `enabled` boolean (optional) _Windows_ - `true` will change the startup approved registry key and `enable / disable` the App in Task Manager and Windows Settings.
     Defaults to `true`.
   * `name` string (optional) _Windows_ - value name to write into registry. Defaults to the app's AppUserModelId().
+
 Set the app's login item settings.
 
 To work with Electron's `autoUpdater` on Windows, which uses [Squirrel][Squirrel-Windows],
@@ -1349,6 +1319,8 @@ app.setLoginItemSettings({
 })
 ```
 
+For more information about setting different services as login items on macOS 13 and up, see [`SMAppService`](https://developer.apple.com/documentation/servicemanagement/smappservice?language=objc).
+
 ### `app.isAccessibilitySupportEnabled()` _macOS_ _Windows_
 
 Returns `boolean` - `true` if Chrome's accessibility support is enabled,
@@ -1496,6 +1468,24 @@ details.
 
 **Note:** Enable `Secure Keyboard Entry` only when it is needed and disable it when it is no longer needed.
 
+### `app.setProxy(config)`
+
+* `config` [ProxyConfig](structures/proxy-config.md)
+
+Returns `Promise<void>` - Resolves when the proxy setting process is complete.
+
+Sets the proxy settings for networks requests made without an associated [Session](session.md).
+Currently this will affect requests made with [Net](net.md) in the [utility process](../glossary.md#utility-process)
+and internal requests made by the runtime (ex: geolocation queries).
+
+This method can only be called after app is ready.
+
+#### `app.resolveProxy(url)`
+
+* `url` URL
+
+Returns `Promise<string>` - Resolves with the proxy information for `url` that will be used when attempting to make requests using [Net](net.md) in the [utility process](../glossary.md#utility-process).
+
 ## Properties
 
 ### `app.accessibilitySupportEnabled` _macOS_ _Windows_

docs/api/client-request.md

@@ -2,7 +2,7 @@
 
 > Make HTTP/HTTPS requests.
 
-Process: [Main](../glossary.md#main-process)<br />
+Process: [Main](../glossary.md#main-process), [Utility](../glossary.md#utility-process)<br />
 _This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._
 
 `ClientRequest` implements the [Writable Stream](https://nodejs.org/api/stream.html#stream_writable_streams)

docs/api/crash-reporter.md

@@ -100,7 +100,7 @@ longer than the maximum length will be truncated.
 
 ### `crashReporter.getLastCrashReport()`
 
-Returns [`CrashReport`](structures/crash-report.md) - The date and ID of the
+Returns [`CrashReport | null`](structures/crash-report.md) - The date and ID of the
 last crash report. Only crash reports that have been uploaded will be returned;
 even if a crash report is present on disk it will not be returned until it is
 uploaded. In the case that there are no uploaded reports, `null` is returned.

docs/api/file-object.md

@@ -2,6 +2,11 @@
 
 > Use the HTML5 `File` API to work natively with files on the filesystem.
 
+> **Warning**
+> The `path` property that Electron adds to the `File` interface is deprecated
+> and **will** be removed in a future Electron release.  We recommend you
+> use `webUtils.getPathForFile` instead.
+
 The DOM's File interface provides abstraction around native files in order to
 let users work on native files directly with the HTML5 file API. Electron has
 added a `path` attribute to the `File` interface which exposes the file's real

docs/api/incoming-message.md

@@ -2,7 +2,7 @@
 
 > Handle responses to HTTP/HTTPS requests.
 
-Process: [Main](../glossary.md#main-process)<br />
+Process: [Main](../glossary.md#main-process), [Utility](../glossary.md#utility-process)<br />
 _This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._
 
 `IncomingMessage` implements the [Readable Stream](https://nodejs.org/api/stream.html#stream_readable_streams)

docs/api/native-image.md

@@ -4,36 +4,41 @@
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
 
-In Electron, for the APIs that take images, you can pass either file paths or
-`NativeImage` instances. An empty image will be used when `null` is passed.
+The `nativeImage` module provides a unified interface for manipulating
+system images. These can be handy if you want to provide multiple scaled
+versions of the same icon or take advantage of macOS [template images][template-image].
 
-For example, when creating a tray or setting a window's icon, you can pass an
-image file path as a `string`:
+Electron APIs that take image files accept either file paths or
+`NativeImage` instances. An empty and transparent image will be used when `null` is passed.
 
-```js
+For example, when creating a [Tray](../api/tray.md) or setting a [BrowserWindow](../api/browser-window.md)'s
+icon, you can either pass an image file path as a string:
+
+```js title='Main Process'
 const { BrowserWindow, Tray } = require('electron')
 
-const appIcon = new Tray('/Users/somebody/images/icon.png')
+const tray = new Tray('/Users/somebody/images/icon.png')
 const win = new BrowserWindow({ icon: '/Users/somebody/images/window.png' })
-console.log(appIcon, win)
 ```
 
-Or read the image from the clipboard, which returns a `NativeImage`:
+or generate a `NativeImage` instance from the same file:
 
-```js
-const { clipboard, Tray } = require('electron')
-const image = clipboard.readImage()
-const appIcon = new Tray(image)
-console.log(appIcon)
+```js title='Main Process'
+const { BrowserWindow, nativeImage, Tray } = require('electron')
+
+const trayIcon = nativeImage.createFromPath('/Users/somebody/images/icon.png')
+const appIcon = nativeImage.createFromPath('/Users/somebody/images/window.png')
+const tray = new Tray(trayIcon)
+const win = new BrowserWindow({ icon: appIcon })
 ```
 
 ## Supported Formats
 
-Currently `PNG` and `JPEG` image formats are supported. `PNG` is recommended
-because of its support for transparency and lossless compression.
+Currently, `PNG` and `JPEG` image formats are supported across all platforms.
+`PNG` is recommended because of its support for transparency and lossless compression.
 
 On Windows, you can also load `ICO` icons from file paths. For best visual
-quality, it is recommended to include at least the following sizes in the:
+quality, we recommend including at least the following sizes:
 
 * Small icon
   * 16x16 (100% DPI scale)
@@ -47,22 +52,30 @@ quality, it is recommended to include at least the following sizes in the:
   * 64x64 (200% DPI scale)
   * 256x256
 
-Check the _Size requirements_ section in [this article][icons].
+Check the _Icon Scaling_ section in the Windows [App Icon Construction][icons] reference.
 
-[icons]: https://learn.microsoft.com/en-us/windows/win32/uxguide/vis-icons
+[icons]: https://learn.microsoft.com/en-us/windows/apps/design/style/iconography/app-icon-construction#icon-scaling
+
+:::note
+
+EXIF metadata is currently not supported and will not be taken into account during
+image encoding and decoding.
+
+:::
 
 ## High Resolution Image
 
-On platforms that have high-DPI support such as Apple Retina displays, you can
-append `@2x` after image's base filename to mark it as a high resolution image.
+On platforms that support high pixel density displays (such as Apple Retina),
+you can append `@2x` after image's base filename to mark it as a 2x scale
+high resolution image.
 
 For example, if `icon.png` is a normal image that has standard resolution, then
-`icon@2x.png` will be treated as a high resolution image that has double DPI
-density.
+`icon@2x.png` will be treated as a high resolution image that has double
+Dots per Inch (DPI) density.
 
 If you want to support displays with different DPI densities at the same time,
 you can put images with different sizes in the same folder and use the filename
-without DPI suffixes. For example:
+without DPI suffixes within Electron. For example:
 
 ```plaintext
 images/
@@ -71,10 +84,9 @@ images/
 └── icon@3x.png
 ```
 
-```js
+```js title='Main Process'
 const { Tray } = require('electron')
-const appIcon = new Tray('/Users/somebody/images/icon.png')
-console.log(appIcon)
+const appTray = new Tray('/Users/somebody/images/icon.png')
 ```
 
 The following suffixes for DPI are also supported:
@@ -91,27 +103,23 @@ The following suffixes for DPI are also supported:
 * `@4x`
 * `@5x`
 
-## Template Image
+## Template Image _macOS_
 
-Template images consist of black and an alpha channel.
+On macOS, [template images][template-image] consist of black and an alpha channel.
 Template images are not intended to be used as standalone images and are usually
 mixed with other content to create the desired final appearance.
 
-The most common case is to use template images for a menu bar icon, so it can
+The most common case is to use template images for a menu bar (Tray) icon, so it can
 adapt to both light and dark menu bars.
 
-**Note:** Template image is only supported on macOS.
-
-To mark an image as a template image, its filename should end with the word
-`Template`. For example:
-
-* `xxxTemplate.png`
-* `xxxTemplate@2x.png`
+To mark an image as a template image, its base filename should end with the word
+`Template` (e.g. `xxxTemplate.png`). You can also specify template images at
+different DPI densities (e.g. `xxxTemplate@2x.png`).
 
 ## Methods
 
 The `nativeImage` module has the following methods, all of which return
-an instance of the `NativeImage` class:
+an instance of the [`NativeImage`](#class-nativeimage) class:
 
 ### `nativeImage.createEmpty()`
 
@@ -130,7 +138,7 @@ Note: The Windows implementation will ignore `size.height` and scale the height
 
 ### `nativeImage.createFromPath(path)`
 
-* `path` string
+* `path` string - path to a file that we intend to construct an image out of.
 
 Returns `NativeImage`
 
@@ -139,7 +147,7 @@ returns an empty image if the `path` does not exist, cannot be read, or is not
 a valid image.
 
 ```js
-const nativeImage = require('electron').nativeImage
+const { nativeImage } = require('electron')
 
 const image = nativeImage.createFromPath('/Users/somebody/images/icon.png')
 console.log(image)
@@ -176,7 +184,7 @@ Creates a new `NativeImage` instance from `buffer`. Tries to decode as PNG or JP
 
 Returns `NativeImage`
 
-Creates a new `NativeImage` instance from `dataURL`.
+Creates a new `NativeImage` instance from `dataUrl`, a base 64 encoded [Data URL][data-url] string.
 
 ### `nativeImage.createFromNamedImage(imageName[, hslShift])` _macOS_
 
@@ -185,14 +193,14 @@ Creates a new `NativeImage` instance from `dataURL`.
 
 Returns `NativeImage`
 
-Creates a new `NativeImage` instance from the NSImage that maps to the
-given image name. See [`System Icons`](https://developer.apple.com/design/human-interface-guidelines/macos/icons-and-images/system-icons/)
-for a list of possible values.
+Creates a new `NativeImage` instance from the `NSImage` that maps to the
+given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388)
+documentation for a list of possible values.
 
 The `hslShift` is applied to the image with the following rules:
 
 * `hsl_shift[0]` (hue): The absolute hue value for the image - 0 and 1 map
-     to 0 and 360 on the hue color wheel (red).
+    to 0 and 360 on the hue color wheel (red).
 * `hsl_shift[1]` (saturation): A saturation shift for the image, with the
     following key values:
     0 = remove all color.
@@ -209,7 +217,9 @@ This means that `[-1, 0, 1]` will make the image completely white and
 
 In some cases, the `NSImageName` doesn't match its string representation; one example of this is `NSFolderImageName`, whose string representation would actually be `NSFolder`. Therefore, you'll need to determine the correct string representation for your image before passing it in. This can be done with the following:
 
-`echo -e '#import <Cocoa/Cocoa.h>\nint main() { NSLog(@"%@", SYSTEM_IMAGE_NAME); }' | clang -otest -x objective-c -framework Cocoa - && ./test`
+```sh
+echo -e '#import <Cocoa/Cocoa.h>\nint main() { NSLog(@"%@", SYSTEM_IMAGE_NAME); }' | clang -otest -x objective-c -framework Cocoa - && ./test
+```
 
 where `SYSTEM_IMAGE_NAME` should be replaced with any value from [this list](https://developer.apple.com/documentation/appkit/nsimagename?language=objc).
 
@@ -250,7 +260,7 @@ data.
 * `options` Object (optional)
   * `scaleFactor` Number (optional) - Defaults to 1.0.
 
-Returns `string` - The data URL of the image.
+Returns `string` - The [Data URL][data-url] of the image.
 
 #### `image.getBitmap([options])`
 
@@ -266,7 +276,7 @@ current event loop tick; otherwise the data might be changed or destroyed.
 #### `image.getNativeHandle()` _macOS_
 
 Returns `Buffer` - A [Buffer][buffer] that stores C pointer to underlying native handle of
-the image. On macOS, a pointer to `NSImage` instance would be returned.
+the image. On macOS, a pointer to `NSImage` instance is returned.
 
 Notice that the returned pointer is a weak pointer to the underlying native
 image instead of a copy, so you _must_ ensure that the associated
@@ -288,11 +298,11 @@ If `scaleFactor` is passed, this will return the size corresponding to the image
 
 * `option` boolean
 
-Marks the image as a template image.
+Marks the image as a macOS [template image][template-image].
 
 #### `image.isTemplateImage()`
 
-Returns `boolean` - Whether the image is a template image.
+Returns `boolean` - Whether the image is a macOS [template image][template-image].
 
 #### `image.crop(rect)`
 
@@ -321,13 +331,13 @@ will be preserved in the resized image.
 
 * `scaleFactor` Number (optional) - Defaults to 1.0.
 
-Returns `Number` - The image's aspect ratio.
+Returns `Number` - The image's aspect ratio (width divided by height).
 
 If `scaleFactor` is passed, this will return the aspect ratio corresponding to the image representation most closely matching the passed value.
 
 #### `image.getScaleFactors()`
 
-Returns `Number[]` - An array of all scale factors corresponding to representations for a given nativeImage.
+Returns `Number[]` - An array of all scale factors corresponding to representations for a given `NativeImage`.
 
 #### `image.addRepresentation(options)`
 
@@ -342,15 +352,17 @@ Returns `Number[]` - An array of all scale factors corresponding to representati
     encoded PNG or JPEG image.
 
 Add an image representation for a specific scale factor. This can be used
-to explicitly add different scale factor representations to an image. This
+to programmatically add different scale factor representations to an image. This
 can be called on empty images.
 
-[buffer]: https://nodejs.org/api/buffer.html#buffer_class_buffer
-
 ### Instance Properties
 
 #### `nativeImage.isMacTemplateImage` _macOS_
 
-A `boolean` property that determines whether the image is considered a [template image](https://developer.apple.com/documentation/appkit/nsimage/1520017-template).
+A `boolean` property that determines whether the image is considered a [template image][template-image].
 
 Please note that this property only has an effect on macOS.
+
+[buffer]: https://nodejs.org/api/buffer.html#buffer_class_buffer
+[data-url]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs
+[template-image]: https://developer.apple.com/documentation/appkit/nsimage/1520017-template

docs/api/net.md

@@ -2,7 +2,7 @@
 
 > Issue HTTP/HTTPS requests using Chromium's native networking library
 
-Process: [Main](../glossary.md#main-process)
+Process: [Main](../glossary.md#main-process), [Utility](../glossary.md#utility-process)
 
 The `net` module is a client-side API for issuing HTTP(S) requests. It is
 similar to the [HTTP](https://nodejs.org/api/http.html) and
@@ -119,6 +119,9 @@ protocol.handle('https', (req) => {
 })
 ```
 
+Note: in the [utility process](../glossary.md#utility-process) custom protocols
+are not supported.
+
 ### `net.isOnline()`
 
 Returns `boolean` - Whether there is currently internet connection.

docs/api/protocol.md

@@ -123,7 +123,7 @@ Example:
 
 ```js
 const { app, net, protocol } = require('electron')
-const { join } = require('node:path')
+const path = require('node:path')
 const { pathToFileURL } = require('url')
 
 protocol.registerSchemesAsPrivileged([
@@ -146,9 +146,19 @@ app.whenReady().then(() => {
           headers: { 'content-type': 'text/html' }
         })
       }
-      // NB, this does not check for paths that escape the bundle, e.g.
+      // NB, this checks for paths that escape the bundle, e.g.
       // app://bundle/../../secret_file.txt
-      return net.fetch(pathToFileURL(join(__dirname, pathname)).toString())
+      const pathToServe = path.resolve(__dirname, pathname)
+      const relativePath = path.relative(__dirname, pathToServe)
+      const isSafe = relativePath && !relativePath.startsWith('..') && !path.isAbsolute(relativePath)
+      if (!isSafe) {
+        return new Response('bad', {
+          status: 400,
+          headers: { 'content-type': 'text/html' }
+        })
+      }
+
+      return net.fetch(pathToFileURL(pathToServe).toString())
     } else if (host === 'api') {
       return net.fetch('https://api.my-server.com/' + pathname, {
         method: req.method,

docs/api/session.md

@@ -589,105 +589,15 @@ Writes any unwritten DOMStorage data to disk.
 
 #### `ses.setProxy(config)`
 
-* `config` Object
-  * `mode` string (optional) - The proxy mode. Should be one of `direct`,
-    `auto_detect`, `pac_script`, `fixed_servers` or `system`. If it's
-    unspecified, it will be automatically determined based on other specified
-    options.
-    * `direct`
-      In direct mode all connections are created directly, without any proxy involved.
-    * `auto_detect`
-      In auto_detect mode the proxy configuration is determined by a PAC script that can
-      be downloaded at http://wpad/wpad.dat.
-    * `pac_script`
-      In pac_script mode the proxy configuration is determined by a PAC script that is
-      retrieved from the URL specified in the `pacScript`. This is the default mode
-      if `pacScript` is specified.
-    * `fixed_servers`
-      In fixed_servers mode the proxy configuration is specified in `proxyRules`.
-      This is the default mode if `proxyRules` is specified.
-    * `system`
-      In system mode the proxy configuration is taken from the operating system.
-      Note that the system mode is different from setting no proxy configuration.
-      In the latter case, Electron falls back to the system settings
-      only if no command-line options influence the proxy configuration.
-  * `pacScript` string (optional) - The URL associated with the PAC file.
-  * `proxyRules` string (optional) - Rules indicating which proxies to use.
-  * `proxyBypassRules` string (optional) - Rules indicating which URLs should
-    bypass the proxy settings.
+* `config` [ProxyConfig](structures/proxy-config.md)
 
 Returns `Promise<void>` - Resolves when the proxy setting process is complete.
 
 Sets the proxy settings.
 
-When `mode` is unspecified, `pacScript` and `proxyRules` are provided together, the `proxyRules`
-option is ignored and `pacScript` configuration is applied.
-
 You may need `ses.closeAllConnections` to close currently in flight connections to prevent
 pooled sockets using previous proxy from being reused by future requests.
 
-The `proxyRules` has to follow the rules below:
-
-```sh
-proxyRules = schemeProxies[";"<schemeProxies>]
-schemeProxies = [<urlScheme>"="]<proxyURIList>
-urlScheme = "http" | "https" | "ftp" | "socks"
-proxyURIList = <proxyURL>[","<proxyURIList>]
-proxyURL = [<proxyScheme>"://"]<proxyHost>[":"<proxyPort>]
-```
-
-For example:
-
-* `http=foopy:80;ftp=foopy2` - Use HTTP proxy `foopy:80` for `http://` URLs, and
-  HTTP proxy `foopy2:80` for `ftp://` URLs.
-* `foopy:80` - Use HTTP proxy `foopy:80` for all URLs.
-* `foopy:80,bar,direct://` - Use HTTP proxy `foopy:80` for all URLs, failing
-  over to `bar` if `foopy:80` is unavailable, and after that using no proxy.
-* `socks4://foopy` - Use SOCKS v4 proxy `foopy:1080` for all URLs.
-* `http=foopy,socks5://bar.com` - Use HTTP proxy `foopy` for http URLs, and fail
-  over to the SOCKS5 proxy `bar.com` if `foopy` is unavailable.
-* `http=foopy,direct://` - Use HTTP proxy `foopy` for http URLs, and use no
-  proxy if `foopy` is unavailable.
-* `http=foopy;socks=foopy2` - Use HTTP proxy `foopy` for http URLs, and use
-  `socks4://foopy2` for all other URLs.
-
-The `proxyBypassRules` is a comma separated list of rules described below:
-
-* `[ URL_SCHEME "://" ] HOSTNAME_PATTERN [ ":" <port> ]`
-
-   Match all hostnames that match the pattern HOSTNAME_PATTERN.
-
-   Examples:
-     "foobar.com", "\*foobar.com", "\*.foobar.com", "\*foobar.com:99",
-     "https://x.\*.y.com:99"
-
-* `"." HOSTNAME_SUFFIX_PATTERN [ ":" PORT ]`
-
-   Match a particular domain suffix.
-
-   Examples:
-     ".google.com", ".com", "http://.google.com"
-
-* `[ SCHEME "://" ] IP_LITERAL [ ":" PORT ]`
-
-   Match URLs which are IP address literals.
-
-   Examples:
-     "127.0.1", "\[0:0::1]", "\[::1]", "http://\[::1]:99"
-
-* `IP_LITERAL "/" PREFIX_LENGTH_IN_BITS`
-
-   Match any URL that is to an IP literal that falls between the
-   given range. IP range is specified using CIDR notation.
-
-   Examples:
-     "192.168.1.1/16", "fefe:13::abc/33".
-
-* `<local>`
-
-   Match local addresses. The meaning of `<local>` is whether the
-   host matches one of: "127.0.0.1", "::1", "localhost".
-
 #### `ses.resolveHost(host, [options])`
 
 * `host` string - Hostname to resolve.

docs/api/structures/proxy-config.md

@@ -0,0 +1,86 @@
+# ProxyConfig Object
+
+* `mode` string (optional) - The proxy mode. Should be one of `direct`,
+`auto_detect`, `pac_script`, `fixed_servers` or `system`.
+Defaults to `pac_script` proxy mode if `pacScript` option is specified
+otherwise defaults to `fixed_servers`.
+  * `direct` - In direct mode all connections are created directly, without any proxy involved.
+  * `auto_detect` - In auto_detect mode the proxy configuration is determined by a PAC script that can
+    be downloaded at http://wpad/wpad.dat.
+  * `pac_script` - In pac_script mode the proxy configuration is determined by a PAC script that is
+    retrieved from the URL specified in the `pacScript`. This is the default mode if `pacScript` is specified.
+  * `fixed_servers` - In fixed_servers mode the proxy configuration is specified in `proxyRules`.
+    This is the default mode if `proxyRules` is specified.
+  * `system` - In system mode the proxy configuration is taken from the operating system.
+    Note that the system mode is different from setting no proxy configuration.
+    In the latter case, Electron falls back to the system settings only if no
+    command-line options influence the proxy configuration.
+* `pacScript` string (optional) - The URL associated with the PAC file.
+* `proxyRules` string (optional) - Rules indicating which proxies to use.
+* `proxyBypassRules` string (optional) - Rules indicating which URLs should
+bypass the proxy settings.
+
+When `mode` is unspecified, `pacScript` and `proxyRules` are provided together, the `proxyRules`
+option is ignored and `pacScript` configuration is applied.
+
+The `proxyRules` has to follow the rules below:
+
+```sh
+proxyRules = schemeProxies[";"<schemeProxies>]
+schemeProxies = [<urlScheme>"="]<proxyURIList>
+urlScheme = "http" | "https" | "ftp" | "socks"
+proxyURIList = <proxyURL>[","<proxyURIList>]
+proxyURL = [<proxyScheme>"://"]<proxyHost>[":"<proxyPort>]
+```
+
+For example:
+
+* `http=foopy:80;ftp=foopy2` - Use HTTP proxy `foopy:80` for `http://` URLs, and
+  HTTP proxy `foopy2:80` for `ftp://` URLs.
+* `foopy:80` - Use HTTP proxy `foopy:80` for all URLs.
+* `foopy:80,bar,direct://` - Use HTTP proxy `foopy:80` for all URLs, failing
+  over to `bar` if `foopy:80` is unavailable, and after that using no proxy.
+* `socks4://foopy` - Use SOCKS v4 proxy `foopy:1080` for all URLs.
+* `http=foopy,socks5://bar.com` - Use HTTP proxy `foopy` for http URLs, and fail
+  over to the SOCKS5 proxy `bar.com` if `foopy` is unavailable.
+* `http=foopy,direct://` - Use HTTP proxy `foopy` for http URLs, and use no
+  proxy if `foopy` is unavailable.
+* `http=foopy;socks=foopy2` - Use HTTP proxy `foopy` for http URLs, and use
+  `socks4://foopy2` for all other URLs.
+
+The `proxyBypassRules` is a comma separated list of rules described below:
+
+* `[ URL_SCHEME "://" ] HOSTNAME_PATTERN [ ":" <port> ]`
+
+   Match all hostnames that match the pattern HOSTNAME_PATTERN.
+
+   Examples:
+     "foobar.com", "\*foobar.com", "\*.foobar.com", "\*foobar.com:99",
+     "https://x.\*.y.com:99"
+
+* `"." HOSTNAME_SUFFIX_PATTERN [ ":" PORT ]`
+
+   Match a particular domain suffix.
+
+   Examples:
+     ".google.com", ".com", "http://.google.com"
+
+* `[ SCHEME "://" ] IP_LITERAL [ ":" PORT ]`
+
+   Match URLs which are IP address literals.
+
+   Examples:
+     "127.0.1", "\[0:0::1]", "\[::1]", "http://\[::1]:99"
+
+* `IP_LITERAL "/" PREFIX_LENGTH_IN_BITS`
+
+   Match any URL that is to an IP literal that falls between the
+   given range. IP range is specified using CIDR notation.
+
+   Examples:
+     "192.168.1.1/16", "fefe:13::abc/33".
+
+* `<local>`
+
+   Match local addresses. The meaning of `<local>` is whether the
+   host matches one of: "127.0.0.1", "::1", "localhost".

docs/api/structures/user-default-types.md

@@ -9,4 +9,4 @@
 * `array` Array\<unknown>
 * `dictionary` Record\<string, unknown>
 
-This type is a helper alias, no object will never exist of this type.
+This type is a helper alias, no object will ever exist of this type.

docs/api/tray.md

@@ -60,7 +60,7 @@ app.whenReady().then(() => {
 
 **MacOS**
 
-* Icons passed to the Tray constructor should be [Template Images](native-image.md#template-image).
+* Icons passed to the Tray constructor should be [Template Images](native-image.md#template-image-macos).
 * To make sure your icon isn't grainy on retina monitors, be sure your `@2x` image is 144dpi.
 * If you are bundling your application (e.g., with webpack for development), be sure that the file names are not being mangled or hashed. The filename needs to end in Template, and the `@2x` image needs to have the same filename as the standard image, or MacOS will not magically invert your image's colors or use the high density image.
 * 16x16 (72dpi) and 32x32@2x (144dpi) work well for most icons.

docs/api/utility-process.md

@@ -21,12 +21,11 @@ Process: [Main](../glossary.md#main-process)<br />
     of the child process. Default is `inherit`.
     String value can be one of `pipe`, `ignore`, `inherit`, for more details on these values you can refer to
     [stdio][] documentation from Node.js. Currently this option only supports configuring `stdout` and
-    `stderr` to either `pipe`, `inherit` or `ignore`. Configuring `stdin` is not supported; `stdin` will
-    always be ignored.
+    `stderr` to either `pipe`, `inherit` or `ignore`. Configuring `stdin` to any property other than `ignore` is not supported and will result in an error.
     For example, the supported values will be processed as following:
-    * `pipe`: equivalent to \['ignore', 'pipe', 'pipe'] (the default)
+    * `pipe`: equivalent to \['ignore', 'pipe', 'pipe']
     * `ignore`: equivalent to \['ignore', 'ignore', 'ignore']
-    * `inherit`: equivalent to \['ignore', 'inherit', 'inherit']
+    * `inherit`: equivalent to \['ignore', 'inherit', 'inherit'] (the default)
   * `serviceName` string (optional) - Name of the process that will appear in `name` property of
     [`ProcessMetric`](structures/process-metric.md) returned by [`app.getAppMetrics`](app.md#appgetappmetrics)
     and [`child-process-gone` event of `app`](app.md#event-child-process-gone).

docs/api/web-contents.md

@@ -460,20 +460,6 @@ win.webContents.on('will-prevent-unload', (event) => {
 
 **Note:** This will be emitted for `BrowserViews` but will _not_ be respected - this is because we have chosen not to tie the `BrowserView` lifecycle to its owning BrowserWindow should one exist per the [specification](https://developer.mozilla.org/en-US/docs/Web/API/Window/beforeunload_event).
 
-#### Event: 'crashed' _Deprecated_
-
-Returns:
-
-* `event` Event
-* `killed` boolean
-
-Emitted when the renderer process crashes or is killed.
-
-**Deprecated:** This event is superceded by the `render-process-gone` event
-which contains more information about why the render process disappeared. It
-isn't always because it crashed.  The `killed` boolean can be replaced by
-checking `reason === 'killed'` when you switch to that event.
-
 #### Event: 'render-process-gone'
 
 Returns:
@@ -1628,6 +1614,7 @@ win.webContents.print(options, (success, errorType) => {
   * `footerTemplate` string (optional) - HTML template for the print footer. Should use the same format as the `headerTemplate`.
   * `preferCSSPageSize` boolean (optional) - Whether or not to prefer page size as defined by css. Defaults to false, in which case the content will be scaled to fit the paper size.
   * `generateTaggedPDF` boolean (optional) _Experimental_ - Whether or not to generate a tagged (accessible) PDF. Defaults to false. As this property is experimental, the generated PDF may not adhere fully to PDF/UA and WCAG standards.
+  * `generateDocumentOutline` boolean (optional) _Experimental_ - Whether or not to generate a PDF document outline from content headers. Defaults to false.
 
 Returns `Promise<Buffer>` - Resolves with the generated PDF data.
 
@@ -1638,24 +1625,26 @@ The `landscape` will be ignored if `@page` CSS at-rule is used in the web page.
 An example of `webContents.printToPDF`:
 
 ```js
-const { BrowserWindow } = require('electron')
+const { app, BrowserWindow } = require('electron')
 const fs = require('node:fs')
 const path = require('node:path')
 const os = require('node:os')
 
-const win = new BrowserWindow()
-win.loadURL('https://github.com')
+app.whenReady().then(() => {
+  const win = new BrowserWindow()
+  win.loadURL('https://github.com')
 
-win.webContents.on('did-finish-load', () => {
-  // Use default printing options
-  const pdfPath = path.join(os.homedir(), 'Desktop', 'temp.pdf')
-  win.webContents.printToPDF({}).then(data => {
-    fs.writeFile(pdfPath, data, (error) => {
-      if (error) throw error
-      console.log(`Wrote PDF successfully to ${pdfPath}`)
+  win.webContents.on('did-finish-load', () => {
+    // Use default printing options
+    const pdfPath = path.join(os.homedir(), 'Desktop', 'temp.pdf')
+    win.webContents.printToPDF({}).then(data => {
+      fs.writeFile(pdfPath, data, (error) => {
+        if (error) throw error
+        console.log(`Wrote PDF successfully to ${pdfPath}`)
+      })
+    }).catch(error => {
+      console.log(`Failed to write PDF to ${pdfPath}: `, error)
     })
-  }).catch(error => {
-    console.log(`Failed to write PDF to ${pdfPath}: `, error)
   })
 })
 ```

docs/api/web-utils.md

@@ -0,0 +1,26 @@
+# webUtils
+
+> A utility layer to interact with Web API objects (Files, Blobs, etc.)
+
+Process: [Renderer](../glossary.md#renderer-process)
+
+## Methods
+
+The `webUtils` module has the following methods:
+
+### `webUtils.getPathForFile(file)`
+
+* `file` File - A web [File](https://developer.mozilla.org/en-US/docs/Web/API/File) object.
+
+Returns `string` - The file system path that this `File` object points to. In the case where the object passed in is not a `File` object an exception is thrown. In the case where the File object passed in was constructed in JS and is not backed by a file on disk an empty string is returned.
+
+This method superceded the previous augmentation to the `File` object with the `path` property.  An example is included below.
+
+```js
+// Before
+const oldPath = document.querySelector('input').files[0].path
+
+// After
+const { webUtils } = require('electron')
+const newPath = webUtils.getPathForFile(document.querySelector('input').files[0])
+```

docs/api/webview-tag.md

@@ -608,6 +608,7 @@ Prints `webview`'s web page. Same as `webContents.print([options])`.
   * `footerTemplate` string (optional) - HTML template for the print footer. Should use the same format as the `headerTemplate`.
   * `preferCSSPageSize` boolean (optional) - Whether or not to prefer page size as defined by css. Defaults to false, in which case the content will be scaled to fit the paper size.
   * `generateTaggedPDF` boolean (optional) _Experimental_ - Whether or not to generate a tagged (accessible) PDF. Defaults to false. As this property is experimental, the generated PDF may not adhere fully to PDF/UA and WCAG standards.
+  * `generateDocumentOutline` boolean (optional) _Experimental_ - Whether or not to generate a PDF document outline from content headers. Defaults to false.
 
 Returns `Promise<Uint8Array>` - Resolves with the generated PDF data.
 
@@ -986,14 +987,6 @@ ipcRenderer.on('ping', () => {
 })
 ```
 
-### Event: 'crashed' _Deprecated_
-
-Fired when the renderer process crashes or is killed.
-
-**Deprecated:** This event is superceded by the `render-process-gone` event
-which contains more information about why the render process disappeared. It
-isn't always because it crashed.
-
 ### Event: 'render-process-gone'
 
 Returns:

docs/breaking-changes.md

@@ -12,6 +12,76 @@ This document uses the following convention to categorize breaking changes:
 * **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
 * **Removed:** An API or feature was removed, and is no longer supported by Electron.
 
+## Planned Breaking API Changes (30.0)
+
+### Behavior Changed: cross-origin iframes now use Permission Policy to access features
+
+Cross-origin iframes must now specify features available to a given `iframe` via the `allow`
+attribute in order to access them.
+
+See [documentation](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#allow) for
+more information.
+
+### Removed: The `--disable-color-correct-rendering` switch
+
+This switch was never formally documented but it's removal is being noted here regardless. Chromium itself now has better support for color spaces so this flag should not be needed.
+
+## Planned Breaking API Changes (29.0)
+
+### Behavior Changed: `ipcRenderer` can no longer be sent over the `contextBridge`
+
+Attempting to send the entire `ipcRenderer` module as an object over the `contextBridge` will now result in
+an empty object on the receiving side of the bridge. This change was made to remove / mitigate
+a security footgun. You should not directly expose ipcRenderer or its methods over the bridge.
+Instead, provide a safe wrapper like below:
+
+```js
+contextBridge.exposeInMainWorld('app', {
+  onEvent: (cb) => ipcRenderer.on('foo', (e, ...args) => cb(args))
+})
+```
+
+### Removed: `renderer-process-crashed` event on `app`
+
+The `renderer-process-crashed` event on `app` has been removed.
+Use the new `render-process-gone` event instead.
+
+```js
+// Removed
+app.on('renderer-process-crashed', (event, webContents, killed) => { /* ... */ })
+
+// Replace with
+app.on('render-process-gone', (event, webContents, details) => { /* ... */ })
+```
+
+### Removed: `crashed` event on `WebContents` and `<webview>`
+
+The `crashed` events on `WebContents` and `<webview>` have been removed.
+Use the new `render-process-gone` event instead.
+
+```js
+// Removed
+win.webContents.on('crashed', (event, killed) => { /* ... */ })
+webview.addEventListener('crashed', (event) => { /* ... */ })
+
+// Replace with
+win.webContents.on('render-process-gone', (event, details) => { /* ... */ })
+webview.addEventListener('render-process-gone', (event) => { /* ... */ })
+```
+
+### Removed: `gpu-process-crashed` event on `app`
+
+The `gpu-process-crashed` event on `app` has been removed.
+Use the new `child-process-gone` event instead.
+
+```js
+// Removed
+app.on('gpu-process-crashed', (event, killed) => { /* ... */ })
+
+// Replace with
+app.on('child-process-gone', (event, details) => { /* ... */ })
+```
+
 ## Planned Breaking API Changes (28.0)
 
 ### Behavior Changed: `WebContents.backgroundThrottling` set to false affects all `WebContents` in the host `BrowserWindow`

docs/tutorial/automated-testing.md

@@ -196,32 +196,19 @@ support via Electron's support for the [Chrome DevTools Protocol][] (CDP).
 
 ### Install dependencies
 
-You can install Playwright through your preferred Node.js package manager. The Playwright team
-recommends using the `PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD` environment variable to avoid
-unnecessary browser downloads when testing an Electron app.
-
-```sh npm2yarn
-PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 npm install --save-dev playwright
-```
-
-Playwright also comes with its own test runner, Playwright Test, which is built for end-to-end
-testing. You can also install it as a dev dependency in your project:
+You can install Playwright through your preferred Node.js package manager. It comes with its
+own [test runner][playwright-intro], which is built for end-to-end testing:
 
 ```sh npm2yarn
 npm install --save-dev @playwright/test
 ```
 
 :::caution Dependencies
-This tutorial was written `playwright@1.16.3` and `@playwright/test@1.16.3`. Check out
+This tutorial was written with `@playwright/test@1.41.1`. Check out
 [Playwright's releases][playwright-releases] page to learn about
 changes that might affect the code below.
 :::
 
-:::info Using third-party test runners
-If you're interested in using an alternative test runner (e.g. Jest or Mocha), check out
-Playwright's [Third-Party Test Runner][playwright-test-runners] guide.
-:::
-
 ### Write your tests
 
 Playwright launches your app in development mode through the `_electron.launch` API.
@@ -229,8 +216,7 @@ To point this API to your Electron app, you can pass the path to your main proce
 entry point (here, it is `main.js`).
 
 ```js {5} @ts-nocheck
-const { _electron: electron } = require('playwright')
-const { test } = require('@playwright/test')
+const { test, _electron: electron } = require('@playwright/test')
 
 test('launch app', async () => {
   const electronApp = await electron.launch({ args: ['main.js'] })
@@ -242,9 +228,8 @@ test('launch app', async () => {
 After that, you will access to an instance of Playwright's `ElectronApp` class. This
 is a powerful class that has access to main process modules for example:
 
-```js {6-11} @ts-nocheck
-const { _electron: electron } = require('playwright')
-const { test } = require('@playwright/test')
+```js {5-10} @ts-nocheck
+const { test, _electron: electron } = require('@playwright/test')
 
 test('get isPackaged', async () => {
   const electronApp = await electron.launch({ args: ['main.js'] })
@@ -263,8 +248,7 @@ It can also create individual [Page][playwright-page] objects from Electron Brow
 For example, to grab the first BrowserWindow and save a screenshot:
 
 ```js {6-7} @ts-nocheck
-const { _electron: electron } = require('playwright')
-const { test } = require('@playwright/test')
+const { test, _electron: electron } = require('@playwright/test')
 
 test('save screenshot', async () => {
   const electronApp = await electron.launch({ args: ['main.js'] })
@@ -275,12 +259,11 @@ test('save screenshot', async () => {
 })
 ```
 
-Putting all this together using the PlayWright Test runner, let's create a `example.spec.js`
+Putting all this together using the Playwright test-runner, let's create a `example.spec.js`
 test file with a single test and assertion:
 
 ```js title='example.spec.js' @ts-nocheck
-const { _electron: electron } = require('playwright')
-const { test, expect } = require('@playwright/test')
+const { test, expect, _electron: electron } = require('@playwright/test')
 
 test('example test', async () => {
   const electronApp = await electron.launch({ args: ['.'] })
@@ -316,6 +299,7 @@ Running 1 test using 1 worker
 :::info
 Playwright Test will automatically run any files matching the `.*(test|spec)\.(js|ts|mjs)` regex.
 You can customize this match in the [Playwright Test configuration options][playwright-test-config].
+It also works with TypeScript out of the box.
 :::
 
 :::tip Further reading
@@ -473,10 +457,10 @@ test.after.always('cleanup', async t => {
 
 [chrome-driver]: https://sites.google.com/chromium.org/driver/
 [Puppeteer]: https://github.com/puppeteer/puppeteer
+[playwright-intro]: https://playwright.dev/docs/intro
 [playwright-electron]: https://playwright.dev/docs/api/class-electron/
 [playwright-electronapplication]: https://playwright.dev/docs/api/class-electronapplication
 [playwright-page]: https://playwright.dev/docs/api/class-page
-[playwright-releases]: https://github.com/microsoft/playwright/releases
+[playwright-releases]: https://playwright.dev/docs/release-notes
 [playwright-test-config]: https://playwright.dev/docs/api/class-testconfig#test-config-test-match
-[playwright-test-runners]: https://playwright.dev/docs/test-runners/
 [Chrome DevTools Protocol]: https://chromedevtools.github.io/devtools-protocol/

docs/tutorial/code-signing.md

@@ -5,34 +5,25 @@ slug: code-signing
 hide_title: false
 ---
 
-Code signing is a security technology that you use to certify that an app was
-created by you. You should sign your application so it does not trigger any
-operating system security checks.
+Code signing is a security technology to certify that an app was created by you.
+You should sign your application so it does not trigger any operating system
+security warnings.
 
-On macOS, the system can detect any change to the app, whether the change is
-introduced accidentally or by malicious code.
+![macOS Sonoma Gatekeeper warning: The app is damaged](../images/gatekeeper.png)
 
-On Windows, the system assigns a trust level to your code signing certificate
-which if you don't have, or if your trust level is low, will cause security
-dialogs to appear when users start using your application. Trust level builds
-over time so it's better to start code signing as early as possible.
-
-While it is possible to distribute unsigned apps, it is not recommended. Both
-Windows and macOS will, by default, prevent either the download or the execution
-of unsigned applications. Starting with macOS Catalina (version 10.15), users
-have to go through multiple manual steps to open unsigned applications.
-
-![macOS Catalina Gatekeeper warning: The app cannot be opened because the developer cannot be verified](../images/gatekeeper.png)
-
-As you can see, users get two options: Move the app straight to the trash or
-cancel running it. You don't want your users to see that dialog.
+Both Windows and macOS prevent users from running unsigned applications. It is
+possible to distribute applications without codesigning them - but in order to
+run them, users need to go through multiple advanced and manual steps to run
+them.
 
 If you are building an Electron app that you intend to package and distribute,
-it should be code signed.
+it should be code signed. The Electron ecosystem tooling makes codesigning your
+apps straightforward - this documentation explains how sign your apps on both
+Windows and macOS.
 
 ## Signing & notarizing macOS builds
 
-Properly preparing macOS applications for release requires two steps. First, the
+Preparing macOS applications for release requires two steps: First, the
 app needs to be code signed. Then, the app needs to be uploaded to Apple for a
 process called **notarization**, where automated systems will further verify that
 your app isn't doing anything to endanger its users.
@@ -65,7 +56,9 @@ are likely using [`@electron/packager`][], which includes [`@electron/osx-sign`]
 [`@electron/notarize`][].
 
 If you're using Packager's API, you can pass [in configuration that both signs
-and notarizes your application](https://electron.github.io/packager/main/interfaces/electronpackager.options.html).
+and notarizes your application](https://electron.github.io/packager/main/modules.html).
+If the example below does not meet your needs, please see [`@electron/osx-sign`][] and
+[`@electron/notarize`][] for the many possible configuration options.
 
 ```js @ts-nocheck
 const packager = require('@electron/packager')
@@ -86,35 +79,81 @@ See the [Mac App Store Guide][].
 
 ## Signing Windows builds
 
-Before signing Windows builds, you must do the following:
+Before you can code sign your application, you need to acquire a code signing
+certificate. Unlike Apple, Microsoft allows developers to purchase those
+certificates on the open market. They are usually sold by the same companies
+also offering HTTPS certificates. Prices vary, so it may be worth your time to
+shop around. Popular resellers include:
 
-1. Get a Windows Authenticode code signing certificate (requires an annual fee)
-2. Install Visual Studio to get the signing utility (the free [Community
-   Edition](https://visualstudio.microsoft.com/vs/community/) is enough)
+- [Certum EV code signing certificate](https://shop.certum.eu/data-safety/code-signing-certificates/certum-ev-code-sigining.html)
+- [DigiCert EV code signing certificate](https://www.digicert.com/signing/code-signing-certificates)
+- [Entrust EV code signing certificate](https://www.entrustdatacard.com/products/digital-signing-certificates/code-signing-certificates)
+- [GlobalSign EV code signing certificate](https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates)
+- [IdenTrust EV code signing certificate](https://www.identrust.com/digital-certificates/trustid-ev-code-signing)
+- [Sectigo (formerly Comodo) EV code signing certificate](https://sectigo.com/ssl-certificates-tls/code-signing)
+- [SSL.com EV code signing certificate](https://www.ssl.com/certificates/ev-code-signing/)
 
-You can get a code signing certificate from a lot of resellers. Prices vary, so
-it may be worth your time to shop around. Popular resellers include:
+It is important to call out that since June 2023, Microsoft requires software to
+be signed with an "extended validation" certificate, also called an "EV code signing
+certificate". In the past, developers could sign software with a simpler and cheaper
+certificate called "authenticode code signing certificate" or "software-based OV certificate".
+These simpler certificates no longer provide benefits: Windows will treat your app as
+completely unsigned and display the equivalent warning dialogs.
 
-- [digicert](https://www.digicert.com/dc/code-signing/microsoft-authenticode.htm)
-- [Sectigo](https://sectigo.com/ssl-certificates-tls/code-signing)
-- Amongst others, please shop around to find one that suits your needs! 😄
+The new EV certificates are required to be stored on a hardware storage module
+compliant with FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent. In other words,
+the certificate cannot be simply downloaded onto a CI infrastructure. In practice,
+those storage modules look like fancy USB thumb drives.
 
-:::caution Keep your certificate password private
-Your certificate password should be a **secret**. Do not share it publicly or
-commit it to your source code.
-:::
+Many certificate providers now offer "cloud-based signing" - the entire signing hardware
+is in their data center and you can use it to remotely sign code. This approach is
+popular with Electron maintainers since it makes signing your applications in CI (like
+GitHub Actions, CircleCI, etc) relatively easy.
+
+At the time of writing, Electron's own apps use [DigiCert KeyLocker](https://docs.digicert.com/en/digicert-keylocker.html), but any provider that provides a command line tool for
+signing files will be compatible with Electron's tooling.
+
+All tools in the Electron ecosystem use [`@electron/windows-sign`][] and typically
+expose configuration options through a `windowsSign` property. You can either use it
+to sign files directly - or use the same `windowsSign` configuration across Electron
+Forge, [`@electron/packager`][], [`electron-winstaller`][], and [`electron-wix-msi`][].
 
 ### Using Electron Forge
 
-Electron Forge is the recommended way to sign your `Squirrel.Windows` and `WiX MSI` installers. Detailed instructions on how to configure your application can be found in the [Electron Forge Code Signing Tutorial](https://www.electronforge.io/guides/code-signing/code-signing-macos).
+Electron Forge is the recommended way to sign your app as well as your `Squirrel.Windows`
+and `WiX MSI` installers. Detailed instructions on how to configure your application can
+be found in the [Electron Forge Code Signing Tutorial](https://www.electronforge.io/guides/code-signing/code-signing-windows).
+
+### Using Electron Packager
+
+If you're not using an integrated build pipeline like Forge, you
+are likely using [`@electron/packager`][], which includes [`@electron/windows-sign`][].
+
+If you're using Packager's API, you can pass [in configuration that signs
+your application](https://electron.github.io/packager/main/modules.html). If the
+example below does not meet your needs, please see [`@electron/windows-sign`][]
+for the many possible configuration options.
+
+```js @ts-nocheck
+const packager = require('@electron/packager')
+
+packager({
+  dir: '/path/to/my/app',
+  windowsSign: {
+    signWithParams: '--my=custom --parameters',
+    // If signtool.exe does not work for you, customize!
+    signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
+  }
+})
+```
 
 ### Using electron-winstaller (Squirrel.Windows)
 
 [`electron-winstaller`][] is a package that can generate Squirrel.Windows installers for your
 Electron app. This is the tool used under the hood by Electron Forge's
-[Squirrel.Windows Maker][maker-squirrel]. If you're not using Electron Forge and want to use
-`electron-winstaller` directly, use the `certificateFile` and `certificatePassword` configuration
-options when creating your installer.
+[Squirrel.Windows Maker][maker-squirrel]. Just like `@electron/packager`, it uses
+[`@electron/windows-sign`][] under the hood and supports the same `windowsSign`
+options.
 
 ```js {10-11} @ts-nocheck
 const electronInstaller = require('electron-winstaller')
@@ -126,8 +165,11 @@ try {
     outputDirectory: '/tmp/build/installer64',
     authors: 'My App Inc.',
     exe: 'myapp.exe',
-    certificateFile: './cert.pfx',
-    certificatePassword: 'this-is-a-secret'
+    windowsSign: {
+      signWithParams: '--my=custom --parameters',
+      // If signtool.exe does not work for you, customize!
+      signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
+    }
   })
   console.log('It worked!')
 } catch (e) {
@@ -141,10 +183,8 @@ For full configuration options, check out the [`electron-winstaller`][] reposito
 
 [`electron-wix-msi`][] is a package that can generate MSI installers for your
 Electron app. This is the tool used under the hood by Electron Forge's [MSI Maker][maker-msi].
-
-If you're not using Electron Forge and want to use `electron-wix-msi` directly, use the
-`certificateFile` and `certificatePassword` configuration options
-or pass in parameters directly to [SignTool.exe][] with the `signWithParams` option.
+Just like `@electron/packager`, it uses [`@electron/windows-sign`][] under the hood
+and supports the same `windowsSign` options.
 
 ```js {12-13} @ts-nocheck
 import { MSICreator } from 'electron-wix-msi'
@@ -158,8 +198,11 @@ const msiCreator = new MSICreator({
   manufacturer: 'Kitten Technologies',
   version: '1.1.2',
   outputDirectory: '/path/to/output/folder',
-  certificateFile: './cert.pfx',
-  certificatePassword: 'this-is-a-secret'
+  windowsSign: {
+    signWithParams: '--my=custom --parameters',
+    // If signtool.exe does not work for you, customize!
+    signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
+  }
 })
 
 // Step 2: Create a .wxs template file
@@ -192,6 +235,7 @@ See the [Windows Store Guide][].
 [`@electron/osx-sign`]: https://github.com/electron/osx-sign
 [`@electron/packager`]: https://github.com/electron/packager
 [`@electron/notarize`]: https://github.com/electron/notarize
+[`@electron/windows-sign`]: https://github.com/electron/windows-sign
 [`electron-winstaller`]: https://github.com/electron/windows-installer
 [`electron-wix-msi`]: https://github.com/electron-userland/electron-wix-msi
 [xcode]: https://developer.apple.com/xcode
@@ -200,4 +244,3 @@ See the [Windows Store Guide][].
 [windows store guide]: ./windows-store-guide.md
 [maker-squirrel]: https://www.electronforge.io/config/makers/squirrel.windows
 [maker-msi]: https://www.electronforge.io/config/makers/wix-msi
-[signtool.exe]: https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe

docs/tutorial/context-isolation.md

@@ -82,9 +82,9 @@ contextBridge.exposeInMainWorld('electronAPI', {
 })
 ```
 
-You can create a `renderer.d.ts` declaration file and globally augment the `Window` interface:
+You can create a `interface.d.ts` declaration file and globally augment the `Window` interface:
 
-```ts title='renderer.d.ts' @ts-noisolate
+```ts title='interface.d.ts' @ts-noisolate
 export interface IElectronAPI {
   loadPreferences: () => Promise<void>,
 }

docs/tutorial/debugging-main-process.md

@@ -14,10 +14,10 @@ process:
 
 Electron will listen for V8 inspector protocol messages on the specified `port`,
 an external debugger will need to connect on this port. The default `port` is
-`9229`.
+`5858`.
 
 ```shell
-electron --inspect=9229 your/app
+electron --inspect=5858 your/app
 ```
 
 ### `--inspect-brk=[port]`

docs/tutorial/devices.md

@@ -33,7 +33,7 @@ clicked.
 ## WebHID API
 
 The [WebHID API](https://web.dev/hid/) can be used to access HID devices such
-as keyboards and gamepads.  Electron provides several APIs for working with
+as keyboards and gamepads. Electron provides several APIs for working with
 the WebHID API:
 
 * The [`select-hid-device` event on the Session](../api/session.md#event-select-hid-device)

docs/tutorial/electron-timelines.md

@@ -12,7 +12,7 @@ check out our [Electron Versioning](./electron-versioning.md) doc.
 | 29.0.0 |  2023-Dec-07 | 2024-Jan-24 | 2024-Feb-20 | 2024-Aug-20 | M122 | v18.19 | ✅ |
 | 28.0.0 |  2023-Oct-11 | 2023-Nov-06 | 2023-Dec-05 | 2024-Jun-11 | M120 | v18.18 | ✅ |
 | 27.0.0 |  2023-Aug-17 | 2023-Sep-13 | 2023-Oct-10 | 2024-Apr-16 | M118 | v18.17 | ✅ |
-| 26.0.0 | 2023-Jun-01 | 2023-Jun-27 | 2023-Aug-15 | 2024-Feb-20 | M116 | v18.16 | ✅ |
+| 26.0.0 | 2023-Jun-01 | 2023-Jun-27 | 2023-Aug-15 | 2024-Feb-20 | M116 | v18.16 | 🚫 |
 | 25.0.0 | 2023-Apr-10 | 2023-May-02 | 2023-May-30 | 2023-Dec-05 | M114 | v18.15 | 🚫 |
 | 24.0.0 | 2023-Feb-09 | 2023-Mar-07 | 2023-Apr-04 | 2023-Oct-10 | M112 | v18.14 | 🚫 |
 | 23.0.0 | 2022-Dec-01 | 2023-Jan-10 | 2023-Feb-07 | 2023-Aug-15 | M110 | v18.12 | 🚫 |

docs/tutorial/fuses.md

@@ -15,7 +15,7 @@ Fuses are the solution to this problem, at a high level they are "magic bits" in
 **Default:** Enabled
 **@electron/fuses:** `FuseV1Options.RunAsNode`
 
-The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not.  Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environment variable to function.
+The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not.  Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environment variable to function. Instead, we recommend that you use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a standalone Node.js process (like a Sqlite server process or similar scenarios).
 
 ### `cookieEncryption`
 
@@ -61,6 +61,19 @@ The onlyLoadAppFromAsar fuse changes the search system that Electron uses to loc
 
 The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process.  By default Electron's processes will all use the same V8 snapshot file.  When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
 
+### `grantFileProtocolExtraPrivileges`
+
+**Default:** Enabled
+**@electron/fuses:** `FuseV1Options.GrantFileProtocolExtraPrivileges`
+
+The grantFileProtocolExtraPrivileges fuse changes whether pages loaded from the `file://` protocol are given privileges beyond what they would receive in a traditional web browser.  This behavior was core to Electron apps in original versions of Electron but is no longer required as apps should be [serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.  If you aren't serving pages from `file://` you should disable this fuse.
+
+The extra privileges granted to the `file://` protocol by this fuse are incompletely documented below:
+
+* `file://` protocol pages can use `fetch` to load other assets over `file://`
+* `file://` protocol pages can use service workers
+* `file://` protocol pages have universal access granted to child frames also running on `file://` protocols regardless of sandbox settings
+
 ## How do I flip the fuses?
 
 ### The easy way

docs/tutorial/in-app-purchases.md

@@ -107,7 +107,7 @@ if (!inAppPurchase.canMakePayments()) {
 inAppPurchase.getProducts(PRODUCT_IDS).then(products => {
   // Check the parameters.
   if (!Array.isArray(products) || products.length <= 0) {
-    console.log('Unable to retrieve the product informations.')
+    console.log('Unable to retrieve the product information.')
     return
   }
 

docs/tutorial/installation.md

@@ -91,9 +91,9 @@ The above configuration will download from URLs such as
 `https://npmmirror.com/mirrors/electron/8.0.0/electron-v8.0.0-linux-x64.zip`.
 
 If your mirror serves artifacts with different checksums to the official
-Electron release you may have to set `electron_use_remote_checksums=1` to
-force Electron to use the remote `SHASUMS256.txt` file to verify the checksum
-instead of the embedded checksums.
+Electron release you may have to set `electron_use_remote_checksums=1` directly,
+or configure it in a `.npmrc` file, to force Electron to use the remote `SHASUMS256.txt`
+file to verify the checksum instead of the embedded checksums.
 
 #### Cache
 

docs/tutorial/ipc.md

@@ -280,8 +280,8 @@ selected file path in the `#filePath` element.
 ### Note: legacy approaches
 
 The `ipcRenderer.invoke` API was added in Electron 7 as a developer-friendly way to tackle two-way
-IPC from the renderer process. However, there exist a couple alternative approaches to this IPC
-pattern.
+IPC from the renderer process. However, a couple of alternative approaches to this IPC pattern
+exist.
 
 :::warning Avoid legacy approaches if possible
 We recommend using `ipcRenderer.invoke` whenever possible. The following two-way renderer-to-main

docs/tutorial/performance.md

@@ -24,7 +24,7 @@ careful to understand that the term "performance" means different things for
 a Node.js backend than it does for an application running on a client.
 
 This list is provided for your convenience – and is, much like our
-[security checklist][security] – not meant to exhaustive. It is probably possible
+[security checklist][security] – not meant to be exhaustive. It is probably possible
 to build a slow Electron app that follows all the steps outlined below. Electron
 is a powerful development platform that enables you, the developer, to do more
 or less whatever you want. All that freedom means that performance is largely
@@ -83,7 +83,7 @@ is not in fact the leanest or smallest one available.
 
 The reasoning behind this recommendation is best illustrated with a real-world
 example. During the early days of Electron, reliable detection of network
-connectivity was a problem, resulting many apps to use a module that exposed a
+connectivity was a problem, resulting in many apps using a module that exposed a
 simple `isOnline()` method.
 
 That module detected your network connectivity by attempting to reach out to a

docs/tutorial/process-model.md

@@ -83,7 +83,7 @@ terminated as well.
 
 The main process also controls your application's lifecycle through Electron's
 [`app`][app] module. This module provides a large set of events and methods
-that you can use to add custom application behaviour (for instance, programmatically
+that you can use to add custom application behavior (for instance, programmatically
 quitting your application, modifying the application dock, or showing an About panel).
 
 As a practical example, the app shown in the [quick start guide][quick-start-lifecycle]

docs/tutorial/quick-start.md

@@ -155,7 +155,7 @@ need two Electron modules:
   windows.
 
 Because the main process runs Node.js, you can import these as [CommonJS][commonjs]
-modules at the top of your file:
+modules at the top of your `main.js` file:
 
 ```js
 const { app, BrowserWindow } = require('electron')

docs/tutorial/sandbox.md

@@ -17,7 +17,7 @@ further configuration. If you want to disable the sandbox for a process, see the
 [Disabling the sandbox for a single process](#disabling-the-sandbox-for-a-single-process)
 section.
 
-## Sandbox behaviour in Electron
+## Sandbox behavior in Electron
 
 Sandboxed processes in Electron behave _mostly_ in the same way as Chromium's do, but
 Electron has a few additional concepts to consider because it interfaces with Node.js.
@@ -46,7 +46,7 @@ scripts attached to sandboxed renderers will still have a polyfilled subset of N
 APIs available. A `require` function similar to Node's `require` module is exposed,
 but can only import a subset of Electron and Node's built-in modules:
 
-* `electron` (following renderer process modules: `contextBridge`, `crashReporter`, `ipcRenderer`, `nativeImage`, `webFrame`)
+* `electron` (following renderer process modules: `contextBridge`, `crashReporter`, `ipcRenderer`, `nativeImage`, `webFrame`, `webUtils`)
 * [`events`](https://nodejs.org/api/events.html)
 * [`timers`](https://nodejs.org/api/timers.html)
 * [`url`](https://nodejs.org/api/url.html)

docs/tutorial/security.md

@@ -114,6 +114,8 @@ You should at least follow these steps to improve the security of your applicati
 15. [Do not use `shell.openExternal` with untrusted content](#15-do-not-use-shellopenexternal-with-untrusted-content)
 16. [Use a current version of Electron](#16-use-a-current-version-of-electron)
 17. [Validate the `sender` of all IPC messages](#17-validate-the-sender-of-all-ipc-messages)
+18. [Avoid usage of the `file://` protocol and prefer usage of custom protocols](#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols)
+19. [Check which fuses you can change](#19-check-which-fuses-you-can-change)
 
 To automate the detection of misconfigurations and insecure patterns, it is
 possible to use
@@ -759,6 +761,49 @@ function validateSender (frame) {
 }
 ```
 
+### 18. Avoid usage of the `file://` protocol and prefer usage of custom protocols
+
+You should serve local pages from a custom protocol instead of the `file://` protocol.
+
+#### Why?
+
+The `file://` protocol gets more privileges in Electron than in a web browser and even in
+browsers it is treated differently to http/https URLs. Using a custom protocol allows you
+to be more aligned with classic web url behavior while retaining even more control about
+what can be loaded and when.
+
+Pages running on `file://` have unilateral access to every file on your machine meaning
+that XSS issues can be used to load arbitrary files from the users machine. Using a custom
+protocol prevents issues like this as you can limit the protocol to only serving a specific
+set of files.
+
+#### How?
+
+Follow the [`protocol.handle`](../api/protocol.md#protocolhandlescheme-handler) examples to
+learn how to serve files / content from a custom protocol.
+
+### 19. Check which fuses you can change
+
+Electron ships with a number of options that can be useful but a large portion of
+applications probably don't need. In order to avoid having to build your own version of
+Electron, these can be turned off or on using [Fuses](./fuses.md).
+
+#### Why?
+
+Some fuses, like `runAsNode` and `nodeCliInspect`, allow the application to behave differently
+when run from the command line using specific environment variables or CLI arguments. These
+can be used to execute commands on the device through your application.
+
+This can let external scripts run commands that they potentially would not be allowed to, but
+that your application might have the rights for.
+
+#### How?
+
+We've made a module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make
+flipping these fuses easy. Check out the README of that module for more details on usage and
+potential error cases, and refer to
+[How do I flip the fuses?](./fuses.md#how-do-i-flip-the-fuses) in our documentation.
+
 [breaking-changes]: ../breaking-changes.md
 [browser-window]: ../api/browser-window.md
 [browser-view]: ../api/browser-view.md

docs/tutorial/tutorial-3-preload.md

@@ -203,7 +203,7 @@ loading the HTML file so that the handler is guaranteed to be ready before
 you send out the `invoke` call from the renderer.
 
 ```js {1,15} title="main.js"
-const { app, BrowserWindow, ipcMain } = require('electron')
+const { app, BrowserWindow, ipcMain } = require('electron/main')
 const path = require('node:path')
 
 const createWindow = () => {

electron_paks.gni

@@ -77,6 +77,7 @@ template("electron_extra_paks") {
       "//content:content_resources",
       "//content/browser/resources/gpu:resources",
       "//content/browser/resources/media:resources",
+      "//content/browser/resources/process:resources",
       "//content/browser/tracing:resources",
       "//content/browser/webrtc/resources",
       "//electron:resources",
@@ -96,6 +97,7 @@ template("electron_extra_paks") {
     # New paks should be added here by default.
     sources += [
       "$root_gen_dir/content/browser/devtools/devtools_resources.pak",
+      "$root_gen_dir/content/process_resources.pak",
       "$root_gen_dir/ui/resources/webui_resources.pak",
     ]
     deps += [ "//content/browser/devtools:devtools_resources" ]

filenames.auto.gni

@@ -67,6 +67,7 @@ auto_filenames = {
     "docs/api/web-frame-main.md",
     "docs/api/web-frame.md",
     "docs/api/web-request.md",
+    "docs/api/web-utils.md",
     "docs/api/webview-tag.md",
     "docs/api/window-open.md",
     "docs/api/structures/bluetooth-device.md",
@@ -113,6 +114,7 @@ auto_filenames = {
     "docs/api/structures/protocol-request.md",
     "docs/api/structures/protocol-response-upload-data.md",
     "docs/api/structures/protocol-response.md",
+    "docs/api/structures/proxy-config.md",
     "docs/api/structures/rectangle.md",
     "docs/api/structures/referrer.md",
     "docs/api/structures/render-process-gone-details.md",
@@ -151,6 +153,7 @@ auto_filenames = {
     "lib/renderer/api/crash-reporter.ts",
     "lib/renderer/api/ipc-renderer.ts",
     "lib/renderer/api/web-frame.ts",
+    "lib/renderer/api/web-utils.ts",
     "lib/renderer/common-init.ts",
     "lib/renderer/inspector.ts",
     "lib/renderer/ipc-renderer-internal-utils.ts",
@@ -213,7 +216,6 @@ auto_filenames = {
     "lib/browser/api/message-channel.ts",
     "lib/browser/api/module-list.ts",
     "lib/browser/api/native-theme.ts",
-    "lib/browser/api/net-client-request.ts",
     "lib/browser/api/net-fetch.ts",
     "lib/browser/api/net-log.ts",
     "lib/browser/api/net.ts",
@@ -249,12 +251,12 @@ auto_filenames = {
     "lib/browser/web-view-events.ts",
     "lib/common/api/module-list.ts",
     "lib/common/api/native-image.ts",
+    "lib/common/api/net-client-request.ts",
     "lib/common/api/shell.ts",
     "lib/common/define-properties.ts",
     "lib/common/deprecate.ts",
     "lib/common/init.ts",
     "lib/common/ipc-messages.ts",
-    "lib/common/reset-search-paths.ts",
     "lib/common/web-view-methods.ts",
     "lib/common/webpack-globals-provider.ts",
     "package.json",
@@ -271,7 +273,6 @@ auto_filenames = {
     "lib/common/define-properties.ts",
     "lib/common/init.ts",
     "lib/common/ipc-messages.ts",
-    "lib/common/reset-search-paths.ts",
     "lib/common/web-view-methods.ts",
     "lib/common/webpack-provider.ts",
     "lib/renderer/api/clipboard.ts",
@@ -281,6 +282,7 @@ auto_filenames = {
     "lib/renderer/api/ipc-renderer.ts",
     "lib/renderer/api/module-list.ts",
     "lib/renderer/api/web-frame.ts",
+    "lib/renderer/api/web-utils.ts",
     "lib/renderer/common-init.ts",
     "lib/renderer/init.ts",
     "lib/renderer/inspector.ts",
@@ -309,7 +311,6 @@ auto_filenames = {
     "lib/common/define-properties.ts",
     "lib/common/init.ts",
     "lib/common/ipc-messages.ts",
-    "lib/common/reset-search-paths.ts",
     "lib/common/webpack-provider.ts",
     "lib/renderer/api/clipboard.ts",
     "lib/renderer/api/context-bridge.ts",
@@ -318,6 +319,7 @@ auto_filenames = {
     "lib/renderer/api/ipc-renderer.ts",
     "lib/renderer/api/module-list.ts",
     "lib/renderer/api/web-frame.ts",
+    "lib/renderer/api/web-utils.ts",
     "lib/renderer/ipc-renderer-internal-utils.ts",
     "lib/renderer/ipc-renderer-internal.ts",
     "lib/worker/init.ts",
@@ -328,10 +330,9 @@ auto_filenames = {
     "typings/internal-electron.d.ts",
   ]
 
-  asar_bundle_deps = [
-    "lib/asar/fs-wrapper.ts",
-    "lib/asar/init.ts",
-    "lib/common/webpack-provider.ts",
+  node_bundle_deps = [
+    "lib/node/asar-fs-wrapper.ts",
+    "lib/node/init.ts",
     "package.json",
     "tsconfig.electron.json",
     "tsconfig.json",
@@ -340,12 +341,15 @@ auto_filenames = {
   ]
 
   utility_bundle_deps = [
+    "lib/browser/api/net-fetch.ts",
     "lib/browser/message-port-main.ts",
+    "lib/common/api/net-client-request.ts",
     "lib/common/define-properties.ts",
     "lib/common/init.ts",
-    "lib/common/reset-search-paths.ts",
+    "lib/common/webpack-globals-provider.ts",
     "lib/utility/api/exports/electron.ts",
     "lib/utility/api/module-list.ts",
+    "lib/utility/api/net.ts",
     "lib/utility/init.ts",
     "lib/utility/parent-port.ts",
     "package.json",

filenames.gni

@@ -283,7 +283,6 @@ filenames = {
     "shell/browser/api/electron_api_menu.h",
     "shell/browser/api/electron_api_native_theme.cc",
     "shell/browser/api/electron_api_native_theme.h",
-    "shell/browser/api/electron_api_net.cc",
     "shell/browser/api/electron_api_net_log.cc",
     "shell/browser/api/electron_api_net_log.h",
     "shell/browser/api/electron_api_notification.cc",
@@ -309,8 +308,6 @@ filenames = {
     "shell/browser/api/electron_api_system_preferences.h",
     "shell/browser/api/electron_api_tray.cc",
     "shell/browser/api/electron_api_tray.h",
-    "shell/browser/api/electron_api_url_loader.cc",
-    "shell/browser/api/electron_api_url_loader.h",
     "shell/browser/api/electron_api_utility_process.cc",
     "shell/browser/api/electron_api_utility_process.h",
     "shell/browser/api/electron_api_view.cc",
@@ -374,8 +371,6 @@ filenames = {
     "shell/browser/electron_download_manager_delegate.h",
     "shell/browser/electron_gpu_client.cc",
     "shell/browser/electron_gpu_client.h",
-    "shell/browser/electron_javascript_dialog_manager.cc",
-    "shell/browser/electron_javascript_dialog_manager.h",
     "shell/browser/electron_navigation_throttle.cc",
     "shell/browser/electron_navigation_throttle.h",
     "shell/browser/electron_permission_manager.cc",
@@ -390,6 +385,7 @@ filenames = {
     "shell/browser/extended_web_contents_observer.h",
     "shell/browser/feature_list.cc",
     "shell/browser/feature_list.h",
+    "shell/browser/feature_list_mac.mm",
     "shell/browser/file_select_helper.cc",
     "shell/browser/file_select_helper.h",
     "shell/browser/file_select_helper_mac.mm",
@@ -550,8 +546,11 @@ filenames = {
     "shell/common/api/electron_api_key_weak_map.h",
     "shell/common/api/electron_api_native_image.cc",
     "shell/common/api/electron_api_native_image.h",
+    "shell/common/api/electron_api_net.cc",
     "shell/common/api/electron_api_shell.cc",
     "shell/common/api/electron_api_testing.cc",
+    "shell/common/api/electron_api_url_loader.cc",
+    "shell/common/api/electron_api_url_loader.h",
     "shell/common/api/electron_api_v8_util.cc",
     "shell/common/api/electron_bindings.cc",
     "shell/common/api/electron_bindings.h",
@@ -662,7 +661,6 @@ filenames = {
     "shell/common/node_includes.h",
     "shell/common/node_util.cc",
     "shell/common/node_util.h",
-    "shell/common/node_util_mac.mm",
     "shell/common/options_switches.cc",
     "shell/common/options_switches.h",
     "shell/common/platform_util.cc",
@@ -685,6 +683,8 @@ filenames = {
     "shell/renderer/api/electron_api_spell_check_client.cc",
     "shell/renderer/api/electron_api_spell_check_client.h",
     "shell/renderer/api/electron_api_web_frame.cc",
+    "shell/renderer/api/electron_api_web_utils.cc",
+    "shell/renderer/api/electron_api_web_utils.h",
     "shell/renderer/browser_exposed_renderer_interfaces.cc",
     "shell/renderer/browser_exposed_renderer_interfaces.h",
     "shell/renderer/content_settings_observer.cc",
@@ -736,8 +736,6 @@ filenames = {
     "shell/browser/extensions/electron_extension_host_delegate.h",
     "shell/browser/extensions/electron_extension_loader.cc",
     "shell/browser/extensions/electron_extension_loader.h",
-    "shell/browser/extensions/electron_extension_message_filter.cc",
-    "shell/browser/extensions/electron_extension_message_filter.h",
     "shell/browser/extensions/electron_extension_system_factory.cc",
     "shell/browser/extensions/electron_extension_system_factory.h",
     "shell/browser/extensions/electron_extension_system.cc",

filenames.libcxx.gni

@@ -23,6 +23,8 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__algorithm/find_first_of.h",
   "//third_party/libc++/src/include/__algorithm/find_if.h",
   "//third_party/libc++/src/include/__algorithm/find_if_not.h",
+  "//third_party/libc++/src/include/__algorithm/find_segment_if.h",
+  "//third_party/libc++/src/include/__algorithm/fold.h",
   "//third_party/libc++/src/include/__algorithm/for_each.h",
   "//third_party/libc++/src/include/__algorithm/for_each_n.h",
   "//third_party/libc++/src/include/__algorithm/for_each_segment.h",
@@ -88,6 +90,7 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__algorithm/pstl_backends/cpu_backends/transform_reduce.h",
   "//third_party/libc++/src/include/__algorithm/pstl_copy.h",
   "//third_party/libc++/src/include/__algorithm/pstl_count.h",
+  "//third_party/libc++/src/include/__algorithm/pstl_equal.h",
   "//third_party/libc++/src/include/__algorithm/pstl_fill.h",
   "//third_party/libc++/src/include/__algorithm/pstl_find.h",
   "//third_party/libc++/src/include/__algorithm/pstl_for_each.h",
@@ -107,6 +110,7 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__algorithm/ranges_any_of.h",
   "//third_party/libc++/src/include/__algorithm/ranges_binary_search.h",
   "//third_party/libc++/src/include/__algorithm/ranges_clamp.h",
+  "//third_party/libc++/src/include/__algorithm/ranges_contains.h",
   "//third_party/libc++/src/include/__algorithm/ranges_copy.h",
   "//third_party/libc++/src/include/__algorithm/ranges_copy_backward.h",
   "//third_party/libc++/src/include/__algorithm/ranges_copy_if.h",
@@ -818,7 +822,6 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__type_traits/negation.h",
   "//third_party/libc++/src/include/__type_traits/noexcept_move_assign_container.h",
   "//third_party/libc++/src/include/__type_traits/operation_traits.h",
-  "//third_party/libc++/src/include/__type_traits/predicate_traits.h",
   "//third_party/libc++/src/include/__type_traits/promote.h",
   "//third_party/libc++/src/include/__type_traits/rank.h",
   "//third_party/libc++/src/include/__type_traits/remove_all_extents.h",
@@ -839,6 +842,7 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__type_traits/void_t.h",
   "//third_party/libc++/src/include/__undef_macros",
   "//third_party/libc++/src/include/__utility/as_const.h",
+  "//third_party/libc++/src/include/__utility/as_lvalue.h",
   "//third_party/libc++/src/include/__utility/auto_cast.h",
   "//third_party/libc++/src/include/__utility/cmp.h",
   "//third_party/libc++/src/include/__utility/convert_to_integral.h",
@@ -852,6 +856,7 @@ libcxx_headers = [
   "//third_party/libc++/src/include/__utility/integer_sequence.h",
   "//third_party/libc++/src/include/__utility/is_pointer_in_range.h",
   "//third_party/libc++/src/include/__utility/move.h",
+  "//third_party/libc++/src/include/__utility/no_destroy.h",
   "//third_party/libc++/src/include/__utility/pair.h",
   "//third_party/libc++/src/include/__utility/piecewise_construct.h",
   "//third_party/libc++/src/include/__utility/priority_tag.h",
@@ -911,10 +916,8 @@ libcxx_headers = [
   "//third_party/libc++/src/include/expected",
   "//third_party/libc++/src/include/experimental/__config",
   "//third_party/libc++/src/include/experimental/__memory",
-  "//third_party/libc++/src/include/experimental/__simd/abi_tag.h",
   "//third_party/libc++/src/include/experimental/__simd/aligned_tag.h",
   "//third_party/libc++/src/include/experimental/__simd/declaration.h",
-  "//third_party/libc++/src/include/experimental/__simd/internal_declaration.h",
   "//third_party/libc++/src/include/experimental/__simd/reference.h",
   "//third_party/libc++/src/include/experimental/__simd/scalar.h",
   "//third_party/libc++/src/include/experimental/__simd/simd.h",
@@ -922,22 +925,12 @@ libcxx_headers = [
   "//third_party/libc++/src/include/experimental/__simd/traits.h",
   "//third_party/libc++/src/include/experimental/__simd/utility.h",
   "//third_party/libc++/src/include/experimental/__simd/vec_ext.h",
-  "//third_party/libc++/src/include/experimental/deque",
-  "//third_party/libc++/src/include/experimental/forward_list",
   "//third_party/libc++/src/include/experimental/iterator",
-  "//third_party/libc++/src/include/experimental/list",
-  "//third_party/libc++/src/include/experimental/map",
-  "//third_party/libc++/src/include/experimental/memory_resource",
+  "//third_party/libc++/src/include/experimental/memory",
   "//third_party/libc++/src/include/experimental/propagate_const",
-  "//third_party/libc++/src/include/experimental/regex",
-  "//third_party/libc++/src/include/experimental/set",
   "//third_party/libc++/src/include/experimental/simd",
-  "//third_party/libc++/src/include/experimental/string",
   "//third_party/libc++/src/include/experimental/type_traits",
-  "//third_party/libc++/src/include/experimental/unordered_map",
-  "//third_party/libc++/src/include/experimental/unordered_set",
   "//third_party/libc++/src/include/experimental/utility",
-  "//third_party/libc++/src/include/experimental/vector",
   "//third_party/libc++/src/include/ext/__hash",
   "//third_party/libc++/src/include/ext/hash_map",
   "//third_party/libc++/src/include/ext/hash_set",
@@ -1002,6 +995,7 @@ libcxx_headers = [
   "//third_party/libc++/src/include/string.h",
   "//third_party/libc++/src/include/string_view",
   "//third_party/libc++/src/include/strstream",
+  "//third_party/libc++/src/include/syncstream",
   "//third_party/libc++/src/include/system_error",
   "//third_party/libc++/src/include/tgmath.h",
   "//third_party/libc++/src/include/thread",

js2c_toolchain.gni

@@ -0,0 +1,71 @@
+# Copyright (c) 2023 Microsoft, GmbH
+# Use of this source code is governed by the MIT license that can be
+# found in the LICENSE file.
+
+declare_args() {
+  electron_js2c_toolchain = ""
+}
+
+if (electron_js2c_toolchain == "") {
+  if (current_os == host_os && current_cpu == host_cpu) {
+    # This is not a cross-compile, so build the snapshot with the current
+    # toolchain.
+    electron_js2c_toolchain = current_toolchain
+  } else if (current_os == host_os && current_cpu == "x86" &&
+             host_cpu == "x64") {
+    # This is an x64 -> x86 cross-compile, but x64 hosts can usually run x86
+    # binaries built for the same OS, so build the snapshot with the current
+    # toolchain here, too.
+    electron_js2c_toolchain = current_toolchain
+  } else if (current_os == host_os && host_cpu == "arm64" &&
+             current_cpu == "arm") {
+    # Trying to compile 32-bit arm on arm64. Good luck!
+    electron_js2c_toolchain = current_toolchain
+  } else if (host_cpu == current_cpu) {
+    # Cross-build from same ISA on one OS to another. For example:
+    # * targeting win/x64 on a linux/x64 host
+    # * targeting win/arm64 on a mac/arm64 host
+    electron_js2c_toolchain = host_toolchain
+  } else if (host_cpu == "arm64" && current_cpu == "x64") {
+    # Cross-build from arm64 to intel (likely on an Apple Silicon mac).
+    electron_js2c_toolchain =
+        "//build/toolchain/${host_os}:clang_arm64_v8_$current_cpu"
+  } else if (host_cpu == "x64") {
+    # This is a cross-compile from an x64 host to either a non-Intel target
+    # cpu or to 32-bit x86 on a different target OS.
+
+    assert(current_cpu != "x64", "handled by host_cpu == current_cpu branch")
+    if (current_cpu == "x86") {
+      _cpus = current_cpu
+    } else if (current_cpu == "arm64") {
+      if (is_win) {
+        # set _cpus to blank for Windows ARM64 so host_toolchain could be
+        # selected as snapshot toolchain later.
+        _cpus = ""
+      } else {
+        _cpus = "x64_v8_${current_cpu}"
+      }
+    } else if (current_cpu == "arm") {
+      _cpus = "x86_v8_${current_cpu}"
+    } else {
+      # This branch should not be reached; leave _cpus blank so the assert
+      # below will fail.
+      _cpus = ""
+    }
+
+    if (_cpus != "") {
+      electron_js2c_toolchain = "//build/toolchain/${host_os}:clang_${_cpus}"
+    } else if (is_win && current_cpu == "arm64") {
+      # cross compile Windows arm64 with host toolchain.
+      electron_js2c_toolchain = host_toolchain
+    }
+  } else if (host_cpu == "arm64" && current_cpu == "arm64" &&
+             host_os == "mac") {
+    # cross compile iOS arm64 with host_toolchain
+    electron_js2c_toolchain = host_toolchain
+  }
+}
+
+assert(electron_js2c_toolchain != "",
+       "Do not know how to build js2c for $current_toolchain " +
+           "on $host_os $host_cpu")

lib/asar/init.ts

@@ -1,3 +0,0 @@
-import { wrapFsWithAsar } from './fs-wrapper';
-
-wrapFsWithAsar(require('fs'));

lib/browser/api/app.ts

@@ -1,7 +1,6 @@
 import * as fs from 'fs';
 
 import { Menu } from 'electron/main';
-import * as deprecate from '@electron/internal/common/deprecate';
 
 const bindings = process._linkedBinding('electron_browser_app');
 const commandLine = process._linkedBinding('electron_common_command_line');
@@ -112,13 +111,3 @@ for (const name of events) {
     webContents.emit(name, event, ...args);
   });
 }
-
-// Deprecation.
-deprecate.event(app, 'gpu-process-crashed', 'child-process-gone', () => {
-  // the old event is still emitted by App::OnGpuProcessCrashed()
-  return undefined;
-});
-
-deprecate.event(app, 'renderer-process-crashed', 'render-process-gone', (event: Electron.Event, webContents: Electron.WebContents, details: Electron.RenderProcessGoneDetails) => {
-  return [event, webContents, details.reason === 'killed'];
-});

lib/browser/api/auto-updater/auto-updater-win.ts

@@ -2,7 +2,7 @@ import { app } from 'electron/main';
 import { EventEmitter } from 'events';
 import * as squirrelUpdate from '@electron/internal/browser/api/auto-updater/squirrel-update-win';
 
-class AutoUpdater extends EventEmitter {
+class AutoUpdater extends EventEmitter implements Electron.AutoUpdater {
   updateAvailable: boolean = false;
   updateURL: string | null = null;
 
@@ -15,7 +15,7 @@ class AutoUpdater extends EventEmitter {
   }
 
   getFeedURL () {
-    return this.updateURL;
+    return this.updateURL ?? '';
   }
 
   setFeedURL (options: { url: string } | string) {
@@ -34,7 +34,7 @@ class AutoUpdater extends EventEmitter {
     this.updateURL = updateURL;
   }
 
-  checkForUpdates () {
+  async checkForUpdates () {
     const url = this.updateURL;
     if (!url) {
       return this.emitError(new Error('Update URL is not set'));
@@ -43,27 +43,24 @@ class AutoUpdater extends EventEmitter {
       return this.emitError(new Error('Can not find Squirrel'));
     }
     this.emit('checking-for-update');
-    squirrelUpdate.checkForUpdate(url, (error, update) => {
-      if (error != null) {
-        return this.emitError(error);
-      }
+    try {
+      const update = await squirrelUpdate.checkForUpdate(url);
       if (update == null) {
         return this.emit('update-not-available');
       }
       this.updateAvailable = true;
       this.emit('update-available');
-      squirrelUpdate.update(url, (error) => {
-        if (error != null) {
-          return this.emitError(error);
-        }
-        const { releaseNotes, version } = update;
-        // Date is not available on Windows, so fake it.
-        const date = new Date();
-        this.emit('update-downloaded', {}, releaseNotes, version, date, this.updateURL, () => {
-          this.quitAndInstall();
-        });
+
+      await squirrelUpdate.update(url);
+      const { releaseNotes, version } = update;
+      // Date is not available on Windows, so fake it.
+      const date = new Date();
+      this.emit('update-downloaded', {}, releaseNotes, version, date, this.updateURL, () => {
+        this.quitAndInstall();
       });
-    });
+    } catch (error) {
+      this.emitError(error as Error);
+    }
   }
 
   // Private: Emit both error object and message, this is to keep compatibility

lib/browser/api/auto-updater/squirrel-update-win.ts

@@ -15,89 +15,69 @@ const isSameArgs = (args: string[]) => args.length === spawnedArgs.length && arg
 
 // Spawn a command and invoke the callback when it completes with an error
 // and the output from standard out.
-const spawnUpdate = function (args: string[], detached: boolean, callback: Function) {
-  let error: Error, errorEmitted: boolean, stderr: string, stdout: string;
-
-  try {
+const spawnUpdate = async function (args: string[], options: { detached: boolean }): Promise<string> {
+  return new Promise((resolve, reject) => {
     // Ensure we don't spawn multiple squirrel processes
     // Process spawned, same args:        Attach events to already running process
     // Process spawned, different args:   Return with error
     // No process spawned:                Spawn new process
     if (spawnedProcess && !isSameArgs(args)) {
-      return callback(`AutoUpdater process with arguments ${args} is already running`);
+      throw new Error(`AutoUpdater process with arguments ${args} is already running`);
     } else if (!spawnedProcess) {
       spawnedProcess = spawn(updateExe, args, {
-        detached: detached,
+        detached: options.detached,
         windowsHide: true
       });
       spawnedArgs = args || [];
     }
-  } catch (error1) {
-    error = error1 as Error;
 
-    // Shouldn't happen, but still guard it.
-    process.nextTick(function () {
-      return callback(error);
+    let stdout = '';
+    let stderr = '';
+
+    spawnedProcess.stdout.on('data', (data) => { stdout += data; });
+    spawnedProcess.stderr.on('data', (data) => { stderr += data; });
+
+    spawnedProcess.on('error', (error) => {
+      spawnedProcess = undefined;
+      spawnedArgs = [];
+      reject(error);
     });
-    return;
-  }
-  stdout = '';
-  stderr = '';
 
-  spawnedProcess.stdout.on('data', (data) => { stdout += data; });
-  spawnedProcess.stderr.on('data', (data) => { stderr += data; });
+    spawnedProcess.on('exit', function (code, signal) {
+      spawnedProcess = undefined;
+      spawnedArgs = [];
 
-  errorEmitted = false;
-  spawnedProcess.on('error', (error) => {
-    errorEmitted = true;
-    callback(error);
-  });
-
-  return spawnedProcess.on('exit', function (code, signal) {
-    spawnedProcess = undefined;
-    spawnedArgs = [];
-
-    // We may have already emitted an error.
-    if (errorEmitted) {
-      return;
-    }
-
-    // Process terminated with error.
-    if (code !== 0) {
-      return callback(`Command failed: ${signal ?? code}\n${stderr}`);
-    }
-
-    // Success.
-    callback(null, stdout);
+      if (code !== 0) {
+        // Process terminated with error.
+        reject(new Error(`Command failed: ${signal ?? code}\n${stderr}`));
+      } else {
+        // Success.
+        resolve(stdout);
+      }
+    });
   });
 };
 
 // Start an instance of the installed app.
 export function processStart () {
-  return spawnUpdate(['--processStartAndWait', exeName], true, function () {});
+  spawnUpdate(['--processStartAndWait', exeName], { detached: true });
 }
 
 // Download the releases specified by the URL and write new results to stdout.
-export function checkForUpdate (updateURL: string, callback: (error: Error | null, update?: any) => void) {
-  return spawnUpdate(['--checkForUpdate', updateURL], false, function (error: Error, stdout: string) {
-    let ref, ref1, update;
-    if (error != null) {
-      return callback(error);
-    }
-    try {
-      // Last line of output is the JSON details about the releases
-      const json = stdout.trim().split('\n').pop();
-      update = (ref = JSON.parse(json!)) != null ? (ref1 = ref.releasesToApply) != null ? typeof ref1.pop === 'function' ? ref1.pop() : undefined : undefined : undefined;
-    } catch {
-      return callback(new Error(`Invalid result:\n${stdout}`));
-    }
-    return callback(null, update);
-  });
+export async function checkForUpdate (updateURL: string): Promise<any> {
+  const stdout = await spawnUpdate(['--checkForUpdate', updateURL], { detached: false });
+  try {
+    // Last line of output is the JSON details about the releases
+    const json = stdout.trim().split('\n').pop();
+    return JSON.parse(json!)?.releasesToApply?.pop?.();
+  } catch {
+    throw new Error(`Invalid result:\n${stdout}`);
+  }
 }
 
 // Update the application to the latest remote version specified by URL.
-export function update (updateURL: string, callback: (error: Error) => void) {
-  return spawnUpdate(['--update', updateURL], false, callback);
+export async function update (updateURL: string): Promise<void> {
+  await spawnUpdate(['--update', updateURL], { detached: false });
 }
 
 // Is the Update.exe installed with the current application?

lib/browser/api/browser-window.ts

@@ -11,7 +11,7 @@ BrowserWindow.prototype._init = function (this: BWT) {
   // Avoid recursive require.
   const { app } = require('electron');
 
-  // Set ID at constructon time so it's accessible after
+  // Set ID at construction time so it's accessible after
   // underlying window destruction.
   const id = this.id;
   Object.defineProperty(this, 'id', {

lib/browser/api/crash-reporter.ts

@@ -3,7 +3,7 @@ import * as deprecate from '@electron/internal/common/deprecate';
 
 const binding = process._linkedBinding('electron_browser_crash_reporter');
 
-class CrashReporter {
+class CrashReporter implements Electron.CrashReporter {
   start (options: Electron.CrashReporterStartOptions) {
     const {
       productName = app.name,

lib/browser/api/message-channel.ts

@@ -1,10 +1,12 @@
 import { MessagePortMain } from '@electron/internal/browser/message-port-main';
+import { EventEmitter } from 'events';
 const { createPair } = process._linkedBinding('electron_browser_message_port');
 
-export default class MessageChannelMain {
+export default class MessageChannelMain extends EventEmitter implements Electron.MessageChannelMain {
   port1: MessagePortMain;
   port2: MessagePortMain;
   constructor () {
+    super();
     const { port1, port2 } = createPair();
     this.port1 = new MessagePortMain(port1);
     this.port2 = new MessagePortMain(port2);

lib/browser/api/net-fetch.ts

@@ -1,6 +1,6 @@
-import { net, IncomingMessage, Session as SessionT } from 'electron/main';
+import { ClientRequestConstructorOptions, ClientRequest, IncomingMessage, Session as SessionT } from 'electron/main';
 import { Readable, Writable, isReadable } from 'stream';
-import { allowAnyProtocol } from '@electron/internal/browser/api/net-client-request';
+import { allowAnyProtocol } from '@electron/internal/common/api/net-client-request';
 
 function createDeferredPromise<T, E extends Error = Error> (): { promise: Promise<T>; resolve: (x: T) => void; reject: (e: E) => void; } {
   let res: (x: T) => void;
@@ -13,7 +13,8 @@ function createDeferredPromise<T, E extends Error = Error> (): { promise: Promis
   return { promise, resolve: res!, reject: rej! };
 }
 
-export function fetchWithSession (input: RequestInfo, init: (RequestInit & {bypassCustomProtocolHandlers?: boolean}) | undefined, session: SessionT): Promise<Response> {
+export function fetchWithSession (input: RequestInfo, init: (RequestInit & {bypassCustomProtocolHandlers?: boolean}) | undefined, session: SessionT | undefined,
+  request: (options: ClientRequestConstructorOptions | string) => ClientRequest) {
   const p = createDeferredPromise<Response>();
   let req: Request;
   try {
@@ -73,7 +74,7 @@ export function fetchWithSession (input: RequestInfo, init: (RequestInit & {bypa
   // We can't set credentials to same-origin unless there's an origin set.
   const credentials = req.credentials === 'same-origin' && !origin ? 'include' : req.credentials;
 
-  const r = net.request(allowAnyProtocol({
+  const r = request(allowAnyProtocol({
     session,
     method: req.method,
     url: req.url,

lib/browser/api/net.ts

@@ -1,10 +1,13 @@
-import { IncomingMessage, session } from 'electron/main';
+import { app, IncomingMessage, session } from 'electron/main';
 import type { ClientRequestConstructorOptions } from 'electron/main';
-import { ClientRequest } from '@electron/internal/browser/api/net-client-request';
+import { ClientRequest } from '@electron/internal/common/api/net-client-request';
 
-const { isOnline } = process._linkedBinding('electron_browser_net');
+const { isOnline } = process._linkedBinding('electron_common_net');
 
 export function request (options: ClientRequestConstructorOptions | string, callback?: (message: IncomingMessage) => void) {
+  if (!app.isReady()) {
+    throw new Error('net module can only be used after app is ready');
+  }
   return new ClientRequest(options, callback);
 }
 

lib/browser/api/power-monitor.ts

@@ -8,7 +8,7 @@ const {
   isOnBatteryPower
 } = process._linkedBinding('electron_browser_power_monitor');
 
-class PowerMonitor extends EventEmitter {
+class PowerMonitor extends EventEmitter implements Electron.PowerMonitor {
   constructor () {
     super();
     // Don't start the event source until both a) the app is ready and b)

lib/browser/api/protocol.ts

@@ -29,6 +29,21 @@ function makeStreamFromPipe (pipe: any): ReadableStream {
   });
 }
 
+function makeStreamFromFileInfo ({
+  filePath,
+  offset = 0,
+  length = -1
+}: {
+  filePath: string;
+  offset?: number;
+  length?: number;
+}): ReadableStream {
+  return Readable.toWeb(createReadStream(filePath, {
+    start: offset,
+    end: length >= 0 ? offset + length : undefined
+  }));
+}
+
 function convertToRequestBody (uploadData: ProtocolRequest['uploadData']): RequestInit['body'] {
   if (!uploadData) return null;
   // Optimization: skip creating a stream if the request is just a single buffer.
@@ -37,30 +52,42 @@ function convertToRequestBody (uploadData: ProtocolRequest['uploadData']): Reque
   const chunks = [...uploadData] as any[]; // TODO: types are wrong
   let current: ReadableStreamDefaultReader | null = null;
   return new ReadableStream({
-    pull (controller) {
+    async pull (controller) {
       if (current) {
-        current.read().then(({ done, value }) => {
+        const { done, value } = await current.read();
+        // (done => value === undefined) as per WHATWG spec
+        if (done) {
+          current = null;
+          return this.pull!(controller);
+        } else {
           controller.enqueue(value);
-          if (done) current = null;
-        }, (err) => {
-          controller.error(err);
-        });
+        }
       } else {
         if (!chunks.length) { return controller.close(); }
         const chunk = chunks.shift()!;
-        if (chunk.type === 'rawData') { controller.enqueue(chunk.bytes); } else if (chunk.type === 'file') {
-          current = Readable.toWeb(createReadStream(chunk.filePath, { start: chunk.offset ?? 0, end: chunk.length >= 0 ? chunk.offset + chunk.length : undefined })).getReader();
-          this.pull!(controller);
+        if (chunk.type === 'rawData') {
+          controller.enqueue(chunk.bytes);
+        } else if (chunk.type === 'file') {
+          current = makeStreamFromFileInfo(chunk).getReader();
+          return this.pull!(controller);
         } else if (chunk.type === 'stream') {
           current = makeStreamFromPipe(chunk.body).getReader();
-          this.pull!(controller);
+          return this.pull!(controller);
+        } else if (chunk.type === 'blob') {
+          // Note that even though `getBlobData()` is a `Session` API, it doesn't
+          // actually use the `Session` context. Its implementation solely relies
+          // on global variables which allows us to implement this feature without
+          // knowledge of the `Session` associated with the current request by
+          // always pulling `Blob` data out of the default `Session`.
+          controller.enqueue(await session.defaultSession.getBlobData(chunk.blobUUID));
+        } else {
+          throw new Error(`Unknown upload data chunk type: ${chunk.type}`);
         }
       }
     }
   }) as RequestInit['body'];
 }
 
-// TODO(codebytere): Use Object.hasOwn() once we update to ECMAScript 2022.
 function validateResponse (res: Response) {
   if (!res || typeof res !== 'object') return false;
 
@@ -85,8 +112,12 @@ Protocol.prototype.handle = function (this: Electron.Protocol, scheme: string, h
   const success = register.call(this, scheme, async (preq: ProtocolRequest, cb: any) => {
     try {
       const body = convertToRequestBody(preq.uploadData);
+      const headers = new Headers(preq.headers);
+      if (headers.get('origin') === 'null') {
+        headers.delete('origin');
+      }
       const req = new Request(preq.url, {
-        headers: preq.headers,
+        headers,
         method: preq.method,
         referrer: preq.referrer,
         body,

lib/browser/api/session.ts

@@ -1,8 +1,9 @@
 import { fetchWithSession } from '@electron/internal/browser/api/net-fetch';
+import { net } from 'electron/main';
 const { fromPartition, fromPath, Session } = process._linkedBinding('electron_browser_session');
 
 Session.prototype.fetch = function (input: RequestInfo, init?: RequestInit) {
-  return fetchWithSession(input, init, this);
+  return fetchWithSession(input, init, this, net.request);
 };
 
 export default {

lib/browser/api/share-menu.ts

@@ -1,9 +1,11 @@
 import { BrowserWindow, Menu, SharingItem, PopupOptions } from 'electron/main';
+import { EventEmitter } from 'events';
 
-class ShareMenu {
+class ShareMenu extends EventEmitter implements Electron.ShareMenu {
   private menu: Menu;
 
   constructor (sharingItem: SharingItem) {
+    super();
     this.menu = new (Menu as any)({ sharingItem });
   }
 

lib/browser/api/utility-process.ts

@@ -4,7 +4,7 @@ import { Socket } from 'net';
 import { MessagePortMain } from '@electron/internal/browser/message-port-main';
 const { _fork } = process._linkedBinding('electron_browser_utility_process');
 
-class ForkUtilityProcess extends EventEmitter {
+class ForkUtilityProcess extends EventEmitter implements Electron.UtilityProcess {
   #handle: ElectronInternal.UtilityProcessWrapper | null;
   #stdout: Duplex | null = null;
   #stderr: Duplex | null = null;

lib/browser/api/web-contents.ts

@@ -1,5 +1,5 @@
-import { app, ipcMain, session, webFrameMain } from 'electron/main';
-import type { BrowserWindowConstructorOptions, LoadURLOptions } from 'electron/main';
+import { app, ipcMain, session, webFrameMain, dialog } from 'electron/main';
+import type { BrowserWindowConstructorOptions, LoadURLOptions, MessageBoxOptions, WebFrameMain } from 'electron/main';
 
 import * as url from 'url';
 import * as path from 'path';
@@ -220,6 +220,16 @@ function parsePageSize (pageSize: string | ElectronInternal.PageSize) {
 let pendingPromise: Promise<any> | undefined;
 WebContents.prototype.printToPDF = async function (options) {
   const margins = checkType(options.margins ?? {}, 'object', 'margins');
+  const pageSize = parsePageSize(options.pageSize ?? 'letter');
+
+  const { top, bottom, left, right } = margins;
+  const validHeight = [top, bottom].every(u => u === undefined || u <= pageSize.paperHeight);
+  const validWidth = [left, right].every(u => u === undefined || u <= pageSize.paperWidth);
+
+  if (!validHeight || !validWidth) {
+    throw new Error('margins must be less than or equal to pageSize');
+  }
+
   const printSettings = {
     requestID: getNextId(),
     landscape: checkType(options.landscape ?? false, 'boolean', 'landscape'),
@@ -235,7 +245,8 @@ WebContents.prototype.printToPDF = async function (options) {
     pageRanges: checkType(options.pageRanges ?? '', 'string', 'pageRanges'),
     preferCSSPageSize: checkType(options.preferCSSPageSize ?? false, 'boolean', 'preferCSSPageSize'),
     generateTaggedPDF: checkType(options.generateTaggedPDF ?? false, 'boolean', 'generateTaggedPDF'),
-    ...parsePageSize(options.pageSize ?? 'letter')
+    generateDocumentOutline: checkType(options.generateDocumentOutline ?? false, 'boolean', 'generateDocumentOutline'),
+    ...pageSize
   };
 
   if (this._printToPDF) {
@@ -252,13 +263,11 @@ WebContents.prototype.printToPDF = async function (options) {
 
 // TODO(codebytere): deduplicate argument sanitization by moving rest of
 // print param logic into new file shared between printToPDF and print
-WebContents.prototype.print = function (options: ElectronInternal.WebContentsPrintOptions, callback) {
-  if (typeof options !== 'object') {
+WebContents.prototype.print = function (options: ElectronInternal.WebContentsPrintOptions = {}, callback) {
+  if (typeof options !== 'object' || options == null) {
     throw new TypeError('webContents.print(): Invalid print settings specified.');
   }
 
-  const printSettings: Record<string, any> = { ...options };
-
   const pageSize = options.pageSize ?? 'A4';
   if (typeof pageSize === 'object') {
     if (!pageSize.height || !pageSize.width) {
@@ -272,7 +281,7 @@ WebContents.prototype.print = function (options: ElectronInternal.WebContentsPri
       throw new RangeError('height and width properties must be minimum 352 microns.');
     }
 
-    printSettings.mediaSize = {
+    options.mediaSize = {
       name: 'CUSTOM',
       custom_display_name: 'Custom',
       height_microns: height,
@@ -284,7 +293,7 @@ WebContents.prototype.print = function (options: ElectronInternal.WebContentsPri
     };
   } else if (typeof pageSize === 'string' && PDFPageSizes[pageSize]) {
     const mediaSize = PDFPageSizes[pageSize];
-    printSettings.mediaSize = {
+    options.mediaSize = {
       ...mediaSize,
       imageable_area_left_microns: 0,
       imageable_area_bottom_microns: 0,
@@ -297,9 +306,9 @@ WebContents.prototype.print = function (options: ElectronInternal.WebContentsPri
 
   if (this._print) {
     if (callback) {
-      this._print(printSettings, callback);
+      this._print(options, callback);
     } else {
-      this._print(printSettings);
+      this._print(options);
     }
   } else {
     console.error('Error: Printing feature is disabled.');
@@ -573,10 +582,6 @@ WebContents.prototype._init = function () {
     ipcMain.emit(channel, event, message);
   });
 
-  deprecate.event(this, 'crashed', 'render-process-gone', (event: Electron.Event, details: Electron.RenderProcessGoneDetails) => {
-    return [event, details.reason === 'killed'];
-  });
-
   this.on('render-process-gone', (event, details) => {
     app.emit('render-process-gone', event, this, details);
 
@@ -733,6 +738,56 @@ WebContents.prototype._init = function () {
     }
   });
 
+  const originCounts = new Map<string, number>();
+  const openDialogs = new Set<AbortController>();
+  this.on('-run-dialog' as any, async (info: {frame: WebFrameMain, dialogType: 'prompt' | 'confirm' | 'alert', messageText: string, defaultPromptText: string}, callback: (success: boolean, user_input: string) => void) => {
+    const originUrl = new URL(info.frame.url);
+    const origin = originUrl.protocol === 'file:' ? originUrl.href : originUrl.origin;
+    if ((originCounts.get(origin) ?? 0) < 0) return callback(false, '');
+
+    const prefs = this.getLastWebPreferences();
+    if (!prefs || prefs.disableDialogs) return callback(false, '');
+
+    // We don't support prompt() for some reason :)
+    if (info.dialogType === 'prompt') return callback(false, '');
+
+    originCounts.set(origin, (originCounts.get(origin) ?? 0) + 1);
+
+    // TODO: translate?
+    const checkbox = originCounts.get(origin)! > 1 && prefs.safeDialogs ? prefs.safeDialogsMessage || 'Prevent this app from creating additional dialogs' : '';
+    const parent = this.getOwnerBrowserWindow();
+    const abortController = new AbortController();
+    const options: MessageBoxOptions = {
+      message: info.messageText,
+      checkboxLabel: checkbox,
+      signal: abortController.signal,
+      ...(info.dialogType === 'confirm') ? {
+        buttons: ['OK', 'Cancel'],
+        defaultId: 0,
+        cancelId: 1
+      } : {
+        buttons: ['OK'],
+        defaultId: -1, // No default button
+        cancelId: 0
+      }
+    };
+    openDialogs.add(abortController);
+    const promise = parent && !prefs.offscreen ? dialog.showMessageBox(parent, options) : dialog.showMessageBox(options);
+    try {
+      const result = await promise;
+      if (abortController.signal.aborted) return;
+      if (result.checkboxChecked) originCounts.set(origin, -1);
+      return callback(result.response === 0, '');
+    } finally {
+      openDialogs.delete(abortController);
+    }
+  });
+
+  this.on('-cancel-dialogs' as any, () => {
+    for (const controller of openDialogs) { controller.abort(); }
+    openDialogs.clear();
+  });
+
   app.emit('web-contents-created', { sender: this, preventDefault () {}, get defaultPrevented () { return false; } }, this);
 
   // Properties

lib/browser/guest-view-manager.ts

@@ -14,7 +14,7 @@ interface GuestInstance {
 }
 
 const webViewManager = process._linkedBinding('electron_browser_web_view_manager');
-const netBinding = process._linkedBinding('electron_browser_net');
+const netBinding = process._linkedBinding('electron_common_net');
 
 const supportedWebViewEvents = Object.keys(webViewEvents);
 

lib/browser/init.ts

@@ -3,6 +3,8 @@ import * as fs from 'fs';
 import * as path from 'path';
 
 import type * as defaultMenuModule from '@electron/internal/browser/default-menu';
+import type * as url from 'url';
+import type * as v8 from 'v8';
 
 const Module = require('module') as NodeJS.ModuleInternal;
 
@@ -10,9 +12,6 @@ const Module = require('module') as NodeJS.ModuleInternal;
 // we need to restore it here.
 process.argv.splice(1, 1);
 
-// Clear search paths.
-require('../common/reset-search-paths');
-
 // Import common settings.
 require('@electron/internal/common/init');
 
@@ -135,7 +134,7 @@ if (packageJson.desktopName != null) {
 // Set v8 flags, deliberately lazy load so that apps that do not use this
 // feature do not pay the price
 if (packageJson.v8Flags != null) {
-  require('v8').setFlagsFromString(packageJson.v8Flags);
+  (require('v8') as typeof v8).setFlagsFromString(packageJson.v8Flags);
 }
 
 app.setAppPath(packagePath);
@@ -198,7 +197,7 @@ if (packagePath) {
   // Finally load app's main.js and transfer control to C++.
   if ((packageJson.type === 'module' && !mainStartupScript.endsWith('.cjs')) || mainStartupScript.endsWith('.mjs')) {
     const { loadESM } = __non_webpack_require__('internal/process/esm_loader');
-    const main = require('url').pathToFileURL(path.join(packagePath, mainStartupScript));
+    const main = (require('url') as typeof url).pathToFileURL(path.join(packagePath, mainStartupScript));
     loadESM(async (esmLoader: any) => {
       try {
         await esmLoader.import(main.toString(), undefined, Object.create(null));

lib/browser/ipc-main-impl.ts

@@ -1,7 +1,7 @@
 import { EventEmitter } from 'events';
 import { IpcMainInvokeEvent } from 'electron/main';
 
-export class IpcMainImpl extends EventEmitter {
+export class IpcMainImpl extends EventEmitter implements Electron.IpcMain {
   private _invokeHandlers: Map<string, (e: IpcMainInvokeEvent, ...args: any[]) => void> = new Map();
 
   constructor () {

lib/browser/message-port-main.ts

@@ -1,6 +1,6 @@
 import { EventEmitter } from 'events';
 
-export class MessagePortMain extends EventEmitter {
+export class MessagePortMain extends EventEmitter implements Electron.MessagePortMain {
   _internalPort: any;
   constructor (internalPort: any) {
     super();

lib/browser/web-view-events.ts

@@ -21,7 +21,6 @@ export const webViewEvents: Record<string, readonly string[]> = {
   'did-navigate-in-page': ['url', 'isMainFrame', 'frameProcessId', 'frameRoutingId'],
   '-focus-change': ['focus'],
   close: [],
-  crashed: [],
   'render-process-gone': ['details'],
   'plugin-crashed': ['name', 'version'],
   destroyed: [],

lib/common/api/net-client-request.ts

@@ -1,14 +1,15 @@
 import * as url from 'url';
 import { Readable, Writable } from 'stream';
-import { app } from 'electron/main';
-import type { ClientRequestConstructorOptions, UploadProgress } from 'electron/main';
+import type {
+  ClientRequestConstructorOptions,
+  UploadProgress
+} from 'electron/common';
 
 const {
   isValidHeaderName,
   isValidHeaderValue,
   createURLLoader
-} = process._linkedBinding('electron_browser_net');
-const { Session } = process._linkedBinding('electron_browser_session');
+} = process._linkedBinding('electron_common_net');
 
 const kHttpProtocols = new Set(['http:', 'https:']);
 
@@ -283,14 +284,17 @@ function parseOptions (optionsIn: ClientRequestConstructorOptions | string): Nod
     const key = name.toLowerCase();
     urlLoaderOptions.headers[key] = { name, value };
   }
-  if (options.session) {
-    if (!(options.session instanceof Session)) { throw new TypeError('`session` should be an instance of the Session class'); }
-    urlLoaderOptions.session = options.session;
-  } else if (options.partition) {
-    if (typeof options.partition === 'string') {
-      urlLoaderOptions.partition = options.partition;
-    } else {
-      throw new TypeError('`partition` should be a string');
+  if (process.type !== 'utility') {
+    const { Session } = process._linkedBinding('electron_browser_session');
+    if (options.session) {
+      if (!(options.session instanceof Session)) { throw new TypeError('`session` should be an instance of the Session class'); }
+      urlLoaderOptions.session = options.session;
+    } else if (options.partition) {
+      if (typeof options.partition === 'string') {
+        urlLoaderOptions.partition = options.partition;
+      } else {
+        throw new TypeError('`partition` should be a string');
+      }
     }
   }
   return urlLoaderOptions;
@@ -312,10 +316,6 @@ export class ClientRequest extends Writable implements Electron.ClientRequest {
   constructor (options: ClientRequestConstructorOptions | string, callback?: (message: IncomingMessage) => void) {
     super({ autoDestroy: true });
 
-    if (!app.isReady()) {
-      throw new Error('net module can only be used after app is ready');
-    }
-
     if (callback) {
       this.once('response', callback);
     }

lib/common/init.ts

@@ -1,6 +1,7 @@
 import * as util from 'util';
+import type * as stream from 'stream';
 
-const timers = require('timers');
+import timers = require('timers');
 
 type AnyFn = (...args: any[]) => any
 
@@ -62,7 +63,7 @@ if (process.type === 'browser' ||
 
 if (process.platform === 'win32') {
   // Always returns EOF for stdin stream.
-  const { Readable } = require('stream');
+  const { Readable } = require('stream') as typeof stream;
   const stdin = new Readable();
   stdin.push(null);
   Object.defineProperty(process, 'stdin', {
@@ -73,3 +74,43 @@ if (process.platform === 'win32') {
     }
   });
 }
+
+const Module = require('module') as NodeJS.ModuleInternal;
+
+// Make a fake Electron module that we will insert into the module cache
+const makeElectronModule = (name: string) => {
+  const electronModule = new Module('electron', null);
+  electronModule.id = 'electron';
+  electronModule.loaded = true;
+  electronModule.filename = name;
+  Object.defineProperty(electronModule, 'exports', {
+    get: () => require('electron')
+  });
+  Module._cache[name] = electronModule;
+};
+
+makeElectronModule('electron');
+makeElectronModule('electron/common');
+if (process.type === 'browser') {
+  makeElectronModule('electron/main');
+}
+if (process.type === 'renderer') {
+  makeElectronModule('electron/renderer');
+}
+
+const originalResolveFilename = Module._resolveFilename;
+
+// 'electron/main', 'electron/renderer' and 'electron/common' are module aliases
+// of the 'electron' module for TypeScript purposes, i.e., the types for
+// 'electron/main' consist of only main process modules, etc. It is intentional
+// that these can be `require()`-ed from both the main process as well as the
+// renderer process regardless of the names, they're superficial for TypeScript
+// only.
+const electronModuleNames = new Set(['electron', 'electron/main', 'electron/renderer', 'electron/common']);
+Module._resolveFilename = function (request, parent, isMain, options) {
+  if (electronModuleNames.has(request)) {
+    return 'electron';
+  } else {
+    return originalResolveFilename(request, parent, isMain, options);
+  }
+};

lib/common/reset-search-paths.ts

@@ -1,69 +0,0 @@
-import * as path from 'path';
-
-const Module = require('module') as NodeJS.ModuleInternal;
-
-// We do not want to allow use of the VM module in the renderer process as
-// it conflicts with Blink's V8::Context internal logic.
-if (process.type === 'renderer') {
-  const _load = Module._load;
-  Module._load = function (request: string) {
-    if (request === 'vm') {
-      console.warn('The vm module of Node.js is deprecated in the renderer process and will be removed.');
-    }
-    return _load.apply(this, arguments as any);
-  };
-}
-
-// Prevent Node from adding paths outside this app to search paths.
-const resourcesPathWithTrailingSlash = process.resourcesPath + path.sep;
-const originalNodeModulePaths = Module._nodeModulePaths;
-Module._nodeModulePaths = function (from: string) {
-  const paths: string[] = originalNodeModulePaths(from);
-  const fromPath = path.resolve(from) + path.sep;
-  // If "from" is outside the app then we do nothing.
-  if (fromPath.startsWith(resourcesPathWithTrailingSlash)) {
-    return paths.filter(function (candidate) {
-      return candidate.startsWith(resourcesPathWithTrailingSlash);
-    });
-  } else {
-    return paths;
-  }
-};
-
-// Make a fake Electron module that we will insert into the module cache
-const makeElectronModule = (name: string) => {
-  const electronModule = new Module('electron', null);
-  electronModule.id = 'electron';
-  electronModule.loaded = true;
-  electronModule.filename = name;
-  Object.defineProperty(electronModule, 'exports', {
-    get: () => require('electron')
-  });
-  Module._cache[name] = electronModule;
-};
-
-makeElectronModule('electron');
-makeElectronModule('electron/common');
-if (process.type === 'browser') {
-  makeElectronModule('electron/main');
-}
-if (process.type === 'renderer') {
-  makeElectronModule('electron/renderer');
-}
-
-const originalResolveFilename = Module._resolveFilename;
-
-// 'electron/main', 'electron/renderer' and 'electron/common' are module aliases
-// of the 'electron' module for TypeScript purposes, i.e., the types for
-// 'electron/main' consist of only main process modules, etc. It is intentional
-// that these can be `require()`-ed from both the main process as well as the
-// renderer process regardless of the names, they're superficial for TypeScript
-// only.
-const electronModuleNames = new Set(['electron', 'electron/main', 'electron/renderer', 'electron/common']);
-Module._resolveFilename = function (request, parent, isMain, options) {
-  if (electronModuleNames.has(request)) {
-    return 'electron';
-  } else {
-    return originalResolveFilename(request, parent, isMain, options);
-  }
-};

lib/node/asar-fs-wrapper.ts

@@ -2,7 +2,9 @@ import { Buffer } from 'buffer';
 import { constants } from 'fs';
 import * as path from 'path';
 import * as util from 'util';
+
 import type * as Crypto from 'crypto';
+import type * as os from 'os';
 
 const asar = process._linkedBinding('electron_common_asar');
 
@@ -255,7 +257,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     if (!process.env.ELECTRON_LOG_ASAR_READS) return;
     if (!logFDs.has(asarPath)) {
       const logFilename = `${path.basename(asarPath, '.asar')}-access-log.txt`;
-      const logPath = path.join(require('os').tmpdir(), logFilename);
+      const logPath = path.join((require('os') as typeof os).tmpdir(), logFilename);
       logFDs.set(asarPath, fs.openSync(logPath, 'a'));
     }
     fs.writeSync(logFDs.get(asarPath), `${offset}: ${filePath}\n`);

lib/node/init.ts

@@ -0,0 +1,49 @@
+// Initialize ASAR support in fs module.
+import { wrapFsWithAsar } from './asar-fs-wrapper';
+wrapFsWithAsar(require('fs'));
+
+// Hook child_process.fork.
+import cp = require('child_process'); // eslint-disable-line import/first
+const originalFork = cp.fork;
+cp.fork = (modulePath, args?, options?: cp.ForkOptions) => {
+  // Parse optional args.
+  if (args == null) {
+    args = [];
+  } else if (typeof args === 'object' && !Array.isArray(args)) {
+    options = args as cp.ForkOptions;
+    args = [];
+  }
+  // Fallback to original fork to report arg type errors.
+  if (typeof modulePath !== 'string' || !Array.isArray(args) ||
+      (typeof options !== 'object' && typeof options !== 'undefined')) {
+    return originalFork(modulePath, args, options);
+  }
+  // When forking a child script, we setup a special environment to make
+  // the electron binary run like upstream Node.js.
+  options = options ?? {};
+  options.env = Object.create(options.env || process.env);
+  options.env!.ELECTRON_RUN_AS_NODE = '1';
+  // On mac the child script runs in helper executable.
+  if (!options.execPath && process.platform === 'darwin') {
+    options.execPath = process.helperExecPath;
+  }
+  return originalFork(modulePath, args, options);
+};
+
+// Prevent Node from adding paths outside this app to search paths.
+import path = require('path'); // eslint-disable-line import/first
+const Module = require('module') as NodeJS.ModuleInternal;
+const resourcesPathWithTrailingSlash = process.resourcesPath + path.sep;
+const originalNodeModulePaths = Module._nodeModulePaths;
+Module._nodeModulePaths = function (from) {
+  const paths: string[] = originalNodeModulePaths(from);
+  const fromPath = path.resolve(from) + path.sep;
+  // If "from" is outside the app then we do nothing.
+  if (fromPath.startsWith(resourcesPathWithTrailingSlash)) {
+    return paths.filter(function (candidate) {
+      return candidate.startsWith(resourcesPathWithTrailingSlash);
+    });
+  } else {
+    return paths;
+  }
+};

lib/renderer/api/ipc-renderer.ts

@@ -3,30 +3,30 @@ import { EventEmitter } from 'events';
 const { ipc } = process._linkedBinding('electron_renderer_ipc');
 
 const internal = false;
-
-const ipcRenderer = new EventEmitter() as Electron.IpcRenderer;
-ipcRenderer.send = function (channel, ...args) {
-  return ipc.send(internal, channel, args);
-};
-
-ipcRenderer.sendSync = function (channel, ...args) {
-  return ipc.sendSync(internal, channel, args);
-};
-
-ipcRenderer.sendToHost = function (channel, ...args) {
-  return ipc.sendToHost(channel, args);
-};
-
-ipcRenderer.invoke = async function (channel, ...args) {
-  const { error, result } = await ipc.invoke(internal, channel, args);
-  if (error) {
-    throw new Error(`Error invoking remote method '${channel}': ${error}`);
+class IpcRenderer extends EventEmitter implements Electron.IpcRenderer {
+  send (channel: string, ...args: any[]) {
+    return ipc.send(internal, channel, args);
   }
-  return result;
-};
 
-ipcRenderer.postMessage = function (channel: string, message: any, transferables: any) {
-  return ipc.postMessage(channel, message, transferables);
-};
+  sendSync (channel: string, ...args: any[]) {
+    return ipc.sendSync(internal, channel, args);
+  }
 
-export default ipcRenderer;
+  sendToHost (channel: string, ...args: any[]) {
+    return ipc.sendToHost(channel, args);
+  }
+
+  async invoke (channel: string, ...args: any[]) {
+    const { error, result } = await ipc.invoke(internal, channel, args);
+    if (error) {
+      throw new Error(`Error invoking remote method '${channel}': ${error}`);
+    }
+    return result;
+  }
+
+  postMessage (channel: string, message: any, transferables: any) {
+    return ipc.postMessage(channel, message, transferables);
+  }
+}
+
+export default new IpcRenderer();

lib/renderer/api/module-list.ts

@@ -4,5 +4,6 @@ export const rendererModuleList: ElectronInternal.ModuleEntry[] = [
   { name: 'contextBridge', loader: () => require('./context-bridge') },
   { name: 'crashReporter', loader: () => require('./crash-reporter') },
   { name: 'ipcRenderer', loader: () => require('./ipc-renderer') },
-  { name: 'webFrame', loader: () => require('./web-frame') }
+  { name: 'webFrame', loader: () => require('./web-frame') },
+  { name: 'webUtils', loader: () => require('./web-utils') }
 ];

lib/renderer/api/web-utils.ts

@@ -0,0 +1,3 @@
+const binding = process._linkedBinding('electron_renderer_web_utils');
+
+export const getPathForFile = binding.getPathForFile;

lib/renderer/init.ts

@@ -7,6 +7,16 @@ import type * as ipcRendererUtilsModule from '@electron/internal/renderer/ipc-re
 
 const Module = require('module') as NodeJS.ModuleInternal;
 
+// We do not want to allow use of the VM module in the renderer process as
+// it conflicts with Blink's V8::Context internal logic.
+const originalModuleLoad = Module._load;
+Module._load = function (request: string) {
+  if (request === 'vm') {
+    console.warn('The vm module of Node.js is deprecated in the renderer process and will be removed.');
+  }
+  return originalModuleLoad.apply(this, arguments as any);
+};
+
 // Make sure globals like "process" and "global" are always available in preload
 // scripts even after they are deleted in "loaded" script.
 //
@@ -33,9 +43,6 @@ Module.wrapper = [
 // init.js, we need to restore it here.
 process.argv.splice(1, 1);
 
-// Clear search paths.
-require('../common/reset-search-paths');
-
 // Import common settings.
 require('@electron/internal/common/init');
 
@@ -58,7 +65,7 @@ require('@electron/internal/renderer/common-init');
 
 if (nodeIntegration) {
   // Export node bindings to global.
-  const { makeRequireFunction } = __non_webpack_require__('internal/modules/cjs/helpers');
+  const { makeRequireFunction } = __non_webpack_require__('internal/modules/helpers');
   global.module = new Module('electron/js2c/renderer_init');
   global.require = makeRequireFunction(global.module);
 

lib/renderer/ipc-renderer-internal.ts

@@ -4,20 +4,22 @@ const { ipc } = process._linkedBinding('electron_renderer_ipc');
 
 const internal = true;
 
-export const ipcRendererInternal = new EventEmitter() as any as ElectronInternal.IpcRendererInternal;
-
-ipcRendererInternal.send = function (channel, ...args) {
-  return ipc.send(internal, channel, args);
-};
-
-ipcRendererInternal.sendSync = function (channel, ...args) {
-  return ipc.sendSync(internal, channel, args);
-};
-
-ipcRendererInternal.invoke = async function<T> (channel: string, ...args: any[]) {
-  const { error, result } = await ipc.invoke<T>(internal, channel, args);
-  if (error) {
-    throw new Error(`Error invoking remote method '${channel}': ${error}`);
+class IpcRendererInternal extends EventEmitter implements ElectronInternal.IpcRendererInternal {
+  send (channel: string, ...args: any[]) {
+    return ipc.send(internal, channel, args);
   }
-  return result;
-};
+
+  sendSync (channel: string, ...args: any[]) {
+    return ipc.sendSync(internal, channel, args);
+  }
+
+  async invoke<T> (channel: string, ...args: any[]) {
+    const { error, result } = await ipc.invoke<T>(internal, channel, args);
+    if (error) {
+      throw new Error(`Error invoking remote method '${channel}': ${error}`);
+    }
+    return result;
+  };
+}
+
+export const ipcRendererInternal = new IpcRendererInternal();

lib/sandboxed_renderer/api/module-list.ts

@@ -18,5 +18,9 @@ export const moduleList: ElectronInternal.ModuleEntry[] = [
   {
     name: 'webFrame',
     loader: () => require('@electron/internal/renderer/api/web-frame')
+  },
+  {
+    name: 'webUtils',
+    loader: () => require('@electron/internal/renderer/api/web-utils')
   }
 ];

lib/sandboxed_renderer/init.ts

@@ -1,4 +1,5 @@
 import * as events from 'events';
+import { setImmediate, clearImmediate } from 'timers';
 import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
 
 import type * as ipcRendererUtilsModule from '@electron/internal/renderer/ipc-renderer-internal-utils';
@@ -126,7 +127,6 @@ function runPreloadScript (preloadSrc: string) {
 
   // eval in window scope
   const preloadFn = binding.createPreloadScript(preloadWrapperSrc);
-  const { setImmediate, clearImmediate } = require('timers');
   const exports = {};
 
   preloadFn(preloadRequire, preloadProcess, Buffer, global, setImmediate, clearImmediate, exports, { exports });

lib/utility/api/module-list.ts

@@ -1,2 +1,4 @@
 // Utility side modules, please sort alphabetically.
-export const utilityNodeModuleList: ElectronInternal.ModuleEntry[] = [];
+export const utilityNodeModuleList: ElectronInternal.ModuleEntry[] = [
+  { name: 'net', loader: () => require('./net') }
+];

lib/utility/api/net.ts

@@ -0,0 +1,22 @@
+import { IncomingMessage } from 'electron/utility';
+import type { ClientRequestConstructorOptions } from 'electron/utility';
+import { ClientRequest } from '@electron/internal/common/api/net-client-request';
+import { fetchWithSession } from '@electron/internal/browser/api/net-fetch';
+
+const { isOnline, resolveHost } = process._linkedBinding('electron_common_net');
+
+export function request (options: ClientRequestConstructorOptions | string, callback?: (message: IncomingMessage) => void) {
+  return new ClientRequest(options, callback);
+}
+
+export function fetch (input: RequestInfo, init?: RequestInit): Promise<Response> {
+  return fetchWithSession(input, init, undefined, request);
+}
+
+exports.resolveHost = resolveHost;
+
+exports.isOnline = isOnline;
+
+Object.defineProperty(exports, 'online', {
+  get: () => isOnline()
+});

lib/utility/init.ts

@@ -1,3 +1,4 @@
+import { EventEmitter } from 'events';
 import { pathToFileURL } from 'url';
 
 import { ParentPort } from '@electron/internal/utility/parent-port';
@@ -9,12 +10,11 @@ const entryScript: string = v8Util.getHiddenValue(process, '_serviceStartupScrip
 // we need to restore it here.
 process.argv.splice(1, 1, entryScript);
 
-// Clear search paths.
-require('../common/reset-search-paths');
-
 // Import common settings.
 require('@electron/internal/common/init');
 
+process._linkedBinding('electron_browser_event_emitter').setEventEmitterPrototype(EventEmitter.prototype);
+
 const parentPort: ParentPort = new ParentPort();
 Object.defineProperty(process, 'parentPort', {
   enumerable: true,

lib/utility/parent-port.ts

@@ -2,7 +2,7 @@ import { EventEmitter } from 'events';
 import { MessagePortMain } from '@electron/internal/browser/message-port-main';
 const { createParentPort } = process._linkedBinding('electron_utility_parent_port');
 
-export class ParentPort extends EventEmitter {
+export class ParentPort extends EventEmitter implements Electron.ParentPort {
   #port: ParentPort;
   constructor () {
     super();

lib/worker/init.ts

@@ -6,9 +6,6 @@ const Module = require('module') as NodeJS.ModuleInternal;
 // init.js, we need to restore it here.
 process.argv.splice(1, 1);
 
-// Clear search paths.
-require('../common/reset-search-paths');
-
 // Import common settings.
 require('@electron/internal/common/init');
 
@@ -16,7 +13,7 @@ require('@electron/internal/common/init');
 const { hasSwitch, getSwitchValue } = process._linkedBinding('electron_common_command_line');
 
 // Export node bindings to global.
-const { makeRequireFunction } = __non_webpack_require__('internal/modules/cjs/helpers');
+const { makeRequireFunction } = __non_webpack_require__('internal/modules/helpers');
 global.module = new Module('electron/js2c/worker_init');
 global.require = makeRequireFunction(global.module);