docs: tutorial/security.md - fixed linting issue

docs: security.md/session.md incorporated more review feedback
2026-02-19 03:14:51 -05:00 · 2025-02-25 06:34:42 +01:00 · 2025-02-14 09:28:11 +01:00 · 2025-02-14 06:17:56 +01:00 · 2025-02-13 09:35:03 +01:00 · 2025-02-13 06:41:04 +01:00
1101 changed files with 24485 additions and 20387 deletions
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -25,9 +25,19 @@ Codespaces doesn't lean very well into gclient based checkouts, the directory st
 /workspaces/electron
 ```

-## Goma
+## Reclient

-If you are a maintainer [with Goma access](../docs/development/goma.md) it should be automatically configured and authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d goma_auth info` or by checking that your build-tools configuration has a goma mode of `cluster`.
+If you are a maintainer [with Reclient access](../docs/development/reclient.md) you'll need to ensure you're authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d rbe info` - your build-tools configuration should have `Access` type `Cache & Execute`:
+
+```console
+Authentication Status: Authenticated
+Since:     2024-05-28 10:29:33 +0200 CEST
+Expires:   2024-08-26 10:29:33 +0200 CEST
+...
+Access:    Cache & Execute
+```
+
+To authenticate if you're not logged in, run `e d rbe login` and follow the link to authenticate.

 ## Running Electron

--- a/.devcontainer/on-create-command.sh
+++ b/.devcontainer/on-create-command.sh
@@ -59,7 +59,6 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
            \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
            \"configValidationLevel\": \"strict\",
            \"reclient\": \"$1\",
-            \"goma\": \"none\",
            \"preserveXcode\": 5
        }
    " >$buildtools/configs/evm.testing.json
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,4 @@
 # These env vars are only necessary for creating Electron releases.
 # See docs/development/releasing.md

-APPVEYOR_CLOUD_TOKEN=
 ELECTRON_GITHUB_TOKEN=
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,6 +1,9 @@
 # `git apply` and friends don't understand CRLF, even on windows. Force those
 # files to be checked out with LF endings even if core.autocrlf is true.
 *.patch text eol=lf
+DEPS text eol=lf
+yarn.lock text eol=lf
+script/zip_manifests/*.manifest text eol=lf
 patches/**/.patches merge=union

 # Source code and markdown files should always use LF as line ending.
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -11,12 +11,15 @@ DEPS                                    @electron/wg-upgrades
 /docs/breaking-changes.md               @electron/wg-releases
 /npm/                                   @electron/wg-releases
 /script/release                         @electron/wg-releases
-appveyor.yml                            @electron/wg-releases
-appveyor-bake.yml                       @electron/wg-releases
-appveyor-woa.yml                        @electron/wg-releases

 # Security WG
 /lib/browser/devtools.ts                @electron/wg-security
 /lib/browser/guest-view-manager.ts      @electron/wg-security
 /lib/browser/rpc-server.ts              @electron/wg-security
 /lib/renderer/security-warnings.ts      @electron/wg-security
+
+# Infra WG
+/.github/actions/                       @electron/wg-infra
+/.github/workflows/*-publish.yml        @electron/wg-infra
+/.github/workflows/build.yml            @electron/wg-infra
+/.github/workflows/pipeline-*.yml       @electron/wg-infra
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,6 +1,6 @@
 name: Bug Report
-description: Report an Electron bug
-title: "[Bug]: "
+description: Report a bug in Electron
+type: 'bug'
 labels: "bug :beetle:"
 body:
 - type: checkboxes
@@ -20,13 +20,14 @@ body:
    description: |
      What version of Electron are you using?

-      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/support#currently-supported-versions).
-    placeholder: 17.0.0
+      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline).
+    placeholder: 32.0.0
  validations:
    required: true
 - type: dropdown
  attributes:
-    label: What operating system are you using?
+    label: What operating system(s) are you using?
+    multiple: true
    options:
      - Windows
      - macOS
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,3 +1,4 @@
+blank_issues_enabled: false
 contact_links:
  - name: Discord Chat
    url: https://discord.gg/APGC3k5yaH
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -1,6 +1,6 @@
 name: Feature Request
 description: Suggest an idea for Electron
-title: "[Feature Request]: "
+type: 'enhancement'
 labels: "enhancement :sparkles:"
 body:
 - type: checkboxes
--- a/.github/ISSUE_TEMPLATE/maintainer_issue.yml
+++ b/.github/ISSUE_TEMPLATE/maintainer_issue.yml
@@ -0,0 +1,14 @@
+name: Maintainer Issue (not for public use)
+description: Only to be created by Electron maintainers
+body:
+- type: checkboxes
+  attributes:
+    label: Confirmation
+    options:
+      - label: I am a [maintainer](https://github.com/orgs/electron/people) of the Electron project. (If not, please create a [different issue type](https://github.com/electron/electron/issues/new/).)
+        required: true
+- type: textarea
+  attributes:
+    label: Description
+  validations:
+    required: true
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -5,10 +5,10 @@ inputs:
    description: 'Target arch'
    required: true
  target-platform:
-    description: 'Target platform'
+    description: 'Target platform, should be linux, win, macos'
    required: true
  artifact-platform:
-    description: 'Artifact platform, should be linux, darwin or mas'
+    description: 'Artifact platform, should be linux, win, darwin or mas'
    required: true
  step-suffix:
    description: 'Suffix for build steps'
@@ -69,9 +69,9 @@ runs:
      shell: bash
      run: |
        cd src
-        e build --target electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES -d explain
        if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'linux' && 'linux' || 'mac'}}
+          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
            target_os="${target_os}_mas"
          fi
@@ -82,7 +82,7 @@ runs:
      run: |
        cd src
        e build --target electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
-        gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
+        ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
        # Remove unused args from mksnapshot_args
        SEDOPTION="-i"
        if [ "`uname`" = "Darwin" ]; then
@@ -90,9 +90,8 @@ runs:
        fi
        sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
-        sed $SEDOPTION '/The gn arg use_goma=true .*/d' out/Default/mksnapshot_args

-        if [ "`uname`" = "Linux" ]; then
+        if [ "${{ inputs.target-platform }}" = "linux" ]; then
          if [ "${{ inputs.target-arch }}" = "arm" ]; then
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
@@ -106,7 +105,15 @@ runs:
        fi

        e build --target electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
-        (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
+        if [ "${{ inputs.target-platform }}" = "win" ]; then
+          cd out/Default
+          powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
+          powershell mkdir mktmp\\gen\\v8
+          powershell Copy-Item gen\\v8\\embedded.S mktmp\\gen\\v8
+          powershell Compress-Archive -update -Path mktmp\\gen mksnapshot.zip
+        else
+          (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
+        fi
    - name: Generate Cross-Arch Snapshot (arm/arm64)  ${{ inputs.step-suffix }}
      shell: bash
      if: ${{ (inputs.target-arch == 'arm' || inputs.target-arch == 'arm64') && inputs.target-platform == 'linux' }}
@@ -138,6 +145,25 @@ runs:
      run: |
        cd src
        e build --target electron:node_headers
+    - name: Create installed_software.json ${{ inputs.step-suffix }}
+      shell: powershell
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
+      run: |
+        cd src
+        Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
+    - name: Profile Windows Toolchain ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
+      run: |
+        cd src
+        python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
+    - name: Add msdia140.dll to Path ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
+      run: |
+        # Needed for msdia140.dll on 64-bit windows
+        cd src
+        export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
      shell: bash
      run: |
@@ -215,4 +241,4 @@ runs:
      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@@ -5,6 +5,10 @@ inputs:
    description: 'Whether to generate and persist a SAS token for the item in the cache'
    required: false
    default: 'false'
+  use-cache:
+    description: 'Whether to persist the cache to the shared drive'
+    required: false
+    default: 'true'
 runs:
  using: "composite"
  steps:
@@ -13,31 +17,29 @@ runs:
    run: |
      echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
  - name: Install Dependencies
-    shell: bash
-    run: |
-      cd src/electron
-      node script/yarn install --frozen-lockfile
+    uses: ./src/electron/.github/actions/install-dependencies
+  - name: Install Build Tools
+    uses: ./src/electron/.github/actions/install-build-tools
+  - name: Set Chromium Git Cookie
+    uses: ./src/electron/.github/actions/set-chromium-cookie
  - name: Get Depot Tools
    shell: bash
    run: |
-      git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+      if [[ ! -d depot_tools ]]; then
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git

-      sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
-      # Remove swift-format dep from cipd on macOS until we send a patch upstream.
-      cd depot_tools
-      git apply --3way ../src/electron/.github/workflows/config/gclient.diff
-
-      # Ensure depot_tools does not update.
-      test -d depot_tools && cd depot_tools
-      touch .disable_auto_update
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+      fi
  - name: Add Depot Tools to PATH
    shell: bash
    run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
  - name: Generate DEPS Hash
    shell: bash
    run: |
-      node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
-      echo "DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+      node src/electron/script/generate-deps-hash.js
+      echo "DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)" >> $GITHUB_ENV
  - name: Generate SAS Key
    if: ${{ inputs.generate-sas-token == 'true' }}
    shell: bash
@@ -45,7 +47,7 @@ runs:
      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$DEPSHASH.tar" > sas-token
  - name: Save SAS Key
    if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@v4
+    uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57
    with:
      path: |
        sas-token
@@ -54,24 +56,29 @@ runs:
    id: check-cache
    shell: bash
    run: |
-      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
-      echo "Using cache key: $DEPSHASH"
-      echo "Checking for cache in: $cache_path"
-      if [ ! -f "$cache_path" ] || [ `du $cache_path | cut -f1` = "0" ]; then
+      if [[ "${{ inputs.use-cache }}" == "false" ]]; then
+        echo "Not using cache this time..."
        echo "cache_exists=false" >> $GITHUB_OUTPUT
-        echo "Cache Does Not Exist for $DEPSHASH"
      else
-        echo "cache_exists=true" >> $GITHUB_OUTPUT
-        echo "Cache Already Exists for $DEPSHASH, Skipping.."
+        cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+        echo "Using cache key: $DEPSHASH"
+        echo "Checking for cache in: $cache_path"
+        if [ ! -f "$cache_path" ] || [ `du $cache_path | cut -f1` = "0" ]; then
+          echo "cache_exists=false" >> $GITHUB_OUTPUT
+          echo "Cache Does Not Exist for $DEPSHASH"
+        else
+          echo "cache_exists=true" >> $GITHUB_OUTPUT
+          echo "Cache Already Exists for $DEPSHASH, Skipping.."
+        fi
      fi
  - name: Check cross instance cache disk space
-    if: steps.check-cache.outputs.cache_exists == 'false'
+    if: steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache  == 'true'
    shell: bash
    run: |    
-      # if there is less than 20 GB free space then creating the cache might fail so exit early
+      # if there is less than 35 GB free space then creating the cache might fail so exit early
      freespace=`df -m /mnt/cross-instance-cache | grep -w /mnt/cross-instance-cache | awk '{print $4}'`
      freespace_human=`df -h /mnt/cross-instance-cache | grep -w /mnt/cross-instance-cache | awk '{print $4}'`
-      if [ $freespace -le 20000 ]; then
+      if [ $freespace -le 35000 ]; then
        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
        exit 1
      else
@@ -81,13 +88,17 @@ runs:
    if: steps.check-cache.outputs.cache_exists == 'false'
    shell: bash
    run: |
-      gclient config \
+      e d gclient config \
        --name "src/electron" \
        --unmanaged \
        ${GCLIENT_EXTRA_ARGS} \
        "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"

-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 gclient sync --with_branch_heads --with_tags -vvvvv
+      if [ "$TARGET_OS" != "" ]; then
+        echo "target_os=['$TARGET_OS']" >> ./.gclient
+      fi
+
+      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags -vv
      if [ "${{ inputs.is-release }}" != "true" && -n "${{ env.PATCH_UP_APP_CREDS }}" ]; then
        # Re-export all the patches to check if there were changes.
        python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
@@ -128,13 +139,13 @@ runs:
  # https://dawn-review.googlesource.com/c/dawn/+/83901
  # TODO: maybe better to always leave out */.git/HEAD file for all targets ?
  - name: Delete .git directories under src to free space
-    if: steps.check-cache.outputs.cache_exists == 'false'
+    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
    shell: bash
    run: |
      cd src
      ( find . -type d -name ".git" -not -path "./third_party/angle/*" -not -path "./third_party/dawn/*" -not -path "./electron/*" ) | xargs rm -rf
  - name: Minimize Cache Size for Upload
-    if: steps.check-cache.outputs.cache_exists == 'false'
+    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
    shell: bash
    run: |
      rm -rf src/android_webview
@@ -145,9 +156,12 @@ runs:
      rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
      rm -rf src/third_party/swift-toolchain
      rm -rf src/third_party/swiftshader/tests/regres/testlists
+      cp src/electron/.github/actions/checkout/action.yml ./
      rm -rf src/electron
+      mkdir -p src/electron/.github/actions/checkout
+      mv action.yml src/electron/.github/actions/checkout
  - name: Compress Src Directory
-    if: steps.check-cache.outputs.cache_exists == 'false'
+    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
    shell: bash
    run: |
      echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
@@ -155,7 +169,7 @@ runs:
      echo "Compressed src to $(du -sh $DEPSHASH.tar | cut -f1 -d' ')"
      cp ./$DEPSHASH.tar /mnt/cross-instance-cache/
  - name: Persist Src Cache
-    if: steps.check-cache.outputs.cache_exists == 'false'
+    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
    shell: bash
    run: |
      final_cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
--- a/.github/actions/fix-sync-macos/action.yml
+++ b/.github/actions/fix-sync-macos/action.yml
@@ -46,7 +46,7 @@ runs:
        fi
        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil

-        echo 'infra/3pp/build_support/ninja-1_11_1/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/third_party/ninja:infra/3pp/build_support/ninja-1_11_1/${platform}'` > ninja_ensure_file
+        echo 'infra/3pp/tools/ninja/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/third_party/ninja:infra/3pp/tools/ninja/${platform}'` > ninja_ensure_file
        sed $SEDOPTION "s/Updating depot_tools... //g" ninja_ensure_file
        cipd ensure --root src/third_party/ninja -ensure-file ninja_ensure_file

@@ -58,4 +58,4 @@ runs:
        cp .git/config .git/config.backup
        git remote remove origin
        mv .git/config.backup .git/config
-        git fetch
+        git fetch
--- a/.github/actions/install-build-tools/action.yml
+++ b/.github/actions/install-build-tools/action.yml
@@ -6,6 +6,15 @@ runs:
  - name: Install Build Tools
    shell: bash
    run: |
-      export BUILD_TOOLS_SHA=eeb1a11392e4cec08fd926c93b31ab556dc0c23b
+      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
+        git config --global core.filemode false
+        git config --global core.autocrlf false
+        git config --global branch.autosetuprebase always
+      fi
+      export BUILD_TOOLS_SHA=8246e57791b0af4ae5975eb96f09855f9269b1cd
      npm i -g @electron/build-tools
-      e auto-update disable
+      e auto-update disable
+      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
+        e d cipd.bat --version
+        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
+      fi
--- a/.github/actions/install-dependencies/action.yml
+++ b/.github/actions/install-dependencies/action.yml
@@ -0,0 +1,21 @@
+name: 'Install Dependencies'
+description: 'Installs yarn depdencies using cache when available'
+runs:
+  using: "composite"
+  steps:
+  - name: Get yarn cache directory path
+    shell: bash
+    id: yarn-cache-dir-path
+    run: echo "dir=$(node src/electron/script/yarn cache dir)" >> $GITHUB_OUTPUT
+  - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
+    id: yarn-cache
+    with:
+      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+      key: ${{ runner.os }}-yarn-${{ hashFiles('src/electron/yarn.lock') }}
+      restore-keys: |
+        ${{ runner.os }}-yarn-
+  - name: Install Dependencies
+    shell: bash
+    run: |
+      cd src/electron
+      node script/yarn install --frozen-lockfile --prefer-offline
--- a/.github/actions/restore-cache-aks/action.yml
+++ b/.github/actions/restore-cache-aks/action.yml
@@ -38,4 +38,4 @@ runs:
      fi

      echo "Wiping Electron Directory"
-      rm -rf src/electron
+      rm -rf src/electron
--- a/.github/actions/restore-cache-azcopy/action.yml
+++ b/.github/actions/restore-cache-azcopy/action.yml
@@ -5,14 +5,14 @@ runs:
  steps:
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
+    uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57
    with:
      path: |
        sas-token
      key: sas-key-${{ github.run_number }}-1
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
+    uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57
    with:
      path: |
        sas-token
--- a/.github/actions/set-chromium-cookie/action.yml
+++ b/.github/actions/set-chromium-cookie/action.yml
@@ -0,0 +1,26 @@
+name: 'Set Chromium Git Cookie'
+description: 'Sets an authenticated cookie from Chromium to allow for a higher request limit'
+runs:
+  using: "composite"
+  steps:
+  - name: Set the git cookie from chromium.googlesource.com (Unix)
+    if: ${{ runner.os != 'Windows' }}
+    shell: bash
+    run: |
+      eval 'set +o history' 2>/dev/null || setopt HIST_IGNORE_SPACE 2>/dev/null
+      touch ~/.gitcookies
+      chmod 0600 ~/.gitcookies
+
+      git config --global http.cookiefile ~/.gitcookies
+
+      tr , \\t <<\__END__ >>~/.gitcookies
+      ${{ env.CHROMIUM_GIT_COOKIE }}
+      __END__
+      eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
+  - name: Set the git cookie from chromium.googlesource.com (Windows)
+    if: ${{ runner.os == 'Windows' }}
+    shell: cmd
+    run: |
+      git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
+      powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
+
--- a/.github/config.yml
+++ b/.github/config.yml
@@ -2,6 +2,8 @@
 newPRWelcomeComment: |
  💖 Thanks for opening this pull request! 💖

+  ### Semantic PR titles
+
  We use [semantic commit messages](https://github.com/electron/electron/blob/main/docs/development/pull-requests.md#commit-message-guidelines) to streamline the release process. Before your pull request can be merged, you should **update your pull request title** to start with a semantic prefix.

  Examples of commit messages with semantic prefixes:
@@ -10,6 +12,13 @@ newPRWelcomeComment: |
  - `feat: add app.isPackaged() method`
  - `docs: app.isDefaultProtocolClient is now available on Linux`

+  ### Commit signing
+
+  This repo enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) for all incoming PRs.
+  To sign your commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+  
+  ### PR tips
+
  Things that will help get your PR across the finish line:

  - Follow the JavaScript, C++, and Python [coding style](https://github.com/electron/electron/blob/main/docs/development/coding-style.md).
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,3 +7,62 @@ updates:
    directory: /
    schedule:
      interval: weekly
+    labels:
+      - "no-backport"
+      - "semver/none"
+    target-branch: main
+  - package-ecosystem: npm
+    directories:
+      - /
+      - /spec
+      - /npm
+    schedule:
+      interval: daily
+    labels:
+      - "no-backport"
+    open-pull-requests-limit: 2
+    target-branch: main
+  - package-ecosystem: npm
+    directories:
+      - /
+      - /spec
+      - /npm
+    schedule:
+      interval: daily
+    labels:
+      - "backport-check-skip"
+    open-pull-requests-limit: 0
+    target-branch: 33-x-y
+  - package-ecosystem: npm
+    directories:
+      - /
+      - /spec
+      - /npm
+    schedule:
+      interval: daily
+    labels:
+      - "backport-check-skip"
+    open-pull-requests-limit: 0
+    target-branch: 32-x-y
+  - package-ecosystem: npm
+    directories:
+      - /
+      - /spec
+      - /npm
+    schedule:
+      interval: daily
+    labels:
+      - "backport-check-skip"
+    open-pull-requests-limit: 0
+    target-branch: 31-x-y
+  - package-ecosystem: npm
+    directories:
+      - /
+      - /spec
+      - /npm
+    schedule:
+      interval: daily
+    labels:
+      - "backport-check-skip"
+    open-pull-requests-limit: 0
+    target-branch: 30-x-y
--- a/.github/workflows/archaeologist-dig.yml
+++ b/.github/workflows/archaeologist-dig.yml
@@ -9,9 +9,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Electron
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
        with:
          fetch-depth: 0
+      - name: Setup Node.js/npm
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a
+        with:
+          node-version: 20.11.x
      - name: Setting Up Dig Site
        run: |
          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
@@ -37,7 +41,7 @@ jobs:
          sha-file: .dig-old
          filename: electron.old.d.ts
      - name: Upload artifacts
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.4.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0
        with:
          name: artifacts
          path: electron/artifacts
--- a/.github/workflows/branch-created.yml
+++ b/.github/workflows/branch-created.yml
@@ -23,11 +23,13 @@ jobs:
    steps:
      - name: Determine Major Version
        id: check-major-version
+        env:
+          BRANCH_NAME: ${{ github.event.inputs.branch-name || github.event.ref }}
        run: |
-          if [[ ${{ github.event.inputs.branch-name || github.event.ref }} =~ ^([0-9]+)-x-y$ ]]; then
+          if [[ "$BRANCH_NAME" =~ ^([0-9]+)-x-y$ ]]; then
            echo "MAJOR=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
          else
-            echo "Not a release branch: ${{ github.event.inputs.branch-name || github.event.ref }}"
+            echo "Not a release branch: $BRANCH_NAME"
          fi
      - name: New Release Branch Tasks
        if: ${{ steps.check-major-version.outputs.MAJOR }}
@@ -92,7 +94,7 @@ jobs:
            }))
      - name: Create Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/copy-project@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        id: create-release-board
        with:
          drafts: true
@@ -112,14 +114,14 @@ jobs:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
      - name: Find Previous Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/find-project@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        id: find-prev-release-board
        with:
          title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y
          token: ${{ steps.generate-token.outputs.token }}
      - name: Close Previous Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/close-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/close-project@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          project-number: ${{ steps.find-prev-release-board.outputs.number }}
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,6 +18,11 @@ on:
        description: 'Skip Linux builds'
        default: false
        required: false
+      skip-windows:
+        type: boolean
+        description: 'Skip Windows builds'
+        default: false
+        required: false
      skip-lint:
        type: boolean
        description: 'Skip lint check'
@@ -28,7 +33,11 @@ on:
      - main
      - '[1-9][0-9]-x-y'
  pull_request:
-      
+
+defaults:
+  run:
+    shell: bash
+
 jobs:
  setup:
    runs-on: ubuntu-latest
@@ -40,7 +49,9 @@ jobs:
        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
        docs-only: ${{ steps.set-output.outputs.docs-only }}
    steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
      id: filter
      with:
@@ -89,15 +100,17 @@ jobs:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
        - /var/run/sas:/var/run/sas
    env:
+      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
    outputs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Checkout & Sync & Save
      uses: ./src/electron/.github/actions/checkout
      with:
@@ -114,19 +127,81 @@ jobs:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
        - /var/run/sas:/var/run/sas
    env:
+      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
      PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
    outputs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Checkout & Sync & Save
      uses: ./src/electron/.github/actions/checkout

+  checkout-windows:
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+    env:
+      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
+      CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
+      TARGET_OS: 'win'
+      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
+    outputs:
+      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      with:
+        path: src/electron
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+
+  # GN Check Jobs
+  macos-gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    needs: checkout-macos
+    with:
+      target-platform: macos
+      target-archs: x64 arm64
+      check-runs-on: macos-14
+      gn-build-type: testing
+    secrets: inherit
+
+  linux-gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    needs: checkout-linux
+    with:
+      target-platform: linux
+      target-archs: x64 arm arm64
+      check-runs-on: electron-arc-linux-amd64-8core
+      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      gn-build-type: testing
+    secrets: inherit
+
+  windows-gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    needs: checkout-windows
+    with:
+      target-platform: win
+      target-archs: x64 x86 arm64
+      check-runs-on: electron-arc-linux-amd64-8core
+      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      gn-build-type: testing
+    secrets: inherit
+
  # Build Jobs - These cascade into testing jobs
  macos-x64:
    permissions:
@@ -137,7 +212,6 @@ jobs:
    needs: checkout-macos
    with:
      build-runs-on: macos-14-xlarge
-      check-runs-on: macos-14
      test-runs-on: macos-13
      target-platform: macos
      target-arch: x64
@@ -156,7 +230,6 @@ jobs:
    needs: checkout-macos
    with:
      build-runs-on: macos-14-xlarge
-      check-runs-on: macos-14
      test-runs-on: macos-14
      target-platform: macos
      target-arch: arm64
@@ -175,7 +248,6 @@ jobs:
    needs: checkout-linux
    with:
      build-runs-on: electron-arc-linux-amd64-32core
-      check-runs-on: electron-arc-linux-amd64-8core
      test-runs-on: electron-arc-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
@@ -196,7 +268,6 @@ jobs:
    needs: checkout-linux
    with:
      build-runs-on: electron-arc-linux-amd64-32core
-      check-runs-on: electron-arc-linux-amd64-8core
      test-runs-on: electron-arc-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
@@ -218,7 +289,6 @@ jobs:
    needs: checkout-linux
    with:
      build-runs-on: electron-arc-linux-amd64-32core
-      check-runs-on: electron-arc-linux-amd64-8core
      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
@@ -239,7 +309,6 @@ jobs:
    needs: checkout-linux
    with:
      build-runs-on: electron-arc-linux-amd64-32core
-      check-runs-on: electron-arc-linux-amd64-8core
      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
@@ -251,10 +320,67 @@ jobs:
      upload-to-storage: '0'
    secrets: inherit

+  windows-x64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    with:
+      build-runs-on: electron-arc-windows-amd64-16core
+      test-runs-on: windows-latest
+      target-platform: win
+      target-arch: x64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+
+  windows-x86:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    with:
+      build-runs-on: electron-arc-windows-amd64-16core
+      test-runs-on: windows-latest
+      target-platform: win
+      target-arch: x86
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+
+  windows-arm64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    with:
+      build-runs-on: electron-arc-windows-amd64-16core
+      test-runs-on: electron-hosted-windows-arm64-4core
+      target-platform: win
+      target-arch: arm64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+
  gha-done:
    name: GitHub Actions Completed
    runs-on: ubuntu-latest
-    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64]
+    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
    if: always() && !contains(needs.*.result, 'failure')
    steps: 
    - name: GitHub Actions Jobs Done
--- a/.github/workflows/config/gclient.diff
+++ b/.github/workflows/config/gclient.diff
@@ -1,14 +0,0 @@
-diff --git a/gclient.py b/gclient.py
-index 59e2b4c5197928bdba1ef69bdbe637d7dfe471c1..b4bae5e48c83c84bd867187afaf40eed16e69851 100755
--- a/gclient.py
-+++ b/gclient.py
-@@ -783,7 +783,8 @@ class Dependency(gclient_utils.WorkItem, DependencySettings):
-                         not condition or "non_git_source" not in condition):
-                     continue
-                 cipd_root = self.GetCipdRoot()
-                for package in dep_value.get('packages', []):
-+                packages = dep_value.get('packages', [])
-+                for package in (x for x in packages if "infra/3pp/tools/swift-format" not in x.get('package')):
-                     deps_to_add.append(
-                         CipdDependency(parent=self,
-                                        name=name,
--- a/.github/workflows/issue-commented.yml
+++ b/.github/workflows/issue-commented.yml
@@ -9,8 +9,8 @@ permissions: {}

 jobs:
  issue-commented:
-    name: Remove blocked/need-repro on comment
-    if: ${{ contains(github.event.issue.labels.*.name, 'blocked/need-repro') && !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
+    name: Remove blocked/{need-info,need-repro} on comment
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
@@ -23,4 +23,4 @@ jobs:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
          ISSUE_URL: ${{ github.event.issue.html_url }}
        run: |
-          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro'
+          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -20,12 +20,13 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/edit-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
          field: Status
          field-value: ✅ Triaged
+          fail-if-item-not-found: false
  issue-labeled-blocked:
    name: blocked/* label added
    if: startsWith(github.event.label.name, 'blocked/')
@@ -38,12 +39,13 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/edit-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
          field: Status
          field-value: 🛑 Blocked
+          fail-if-item-not-found: false
  issue-labeled-blocked-need-repro:
    name: blocked/need-repro label added
    if: github.event.label.name == 'blocked/need-repro'
--- a/.github/workflows/issue-opened.yml
+++ b/.github/workflows/issue-opened.yml
@@ -19,7 +19,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/add-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          field: Reporter
          field-value: ${{ github.event.issue.user.login }}
@@ -35,9 +35,10 @@ jobs:
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
-      - run: npm install mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
+      - run: npm install @electron/fiddle-core@1.3.3 mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
      - name: Add labels
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        id: add-labels
        env:
          ISSUE_BODY: ${{ github.event.issue.body }}
        with:
@@ -56,24 +57,63 @@ jobs:

            const electronVersion = select('heading:has(> text[value="Electron Version"]) + paragraph > text', tree)?.value.trim();
            if (electronVersion !== undefined) {
-              const major = semver.parse(electronVersion)?.major;
-              if (major) {
-                const versionLabel = `${major}-x-y`;
-                let labelExists = false;
+              // It's possible for multiple versions to be listed -
+              // for now check for comma or space separated version.
+              const versions = electronVersion.split(/, | /);
+              for (const version of versions) {
+                const major = semver.coerce(version, { loose: true })?.major;
+                if (major) {
+                  const versionLabel = `${major}-x-y`;
+                  let labelExists = false;

-                try {
-                  await github.rest.issues.getLabel({
-                    owner,
-                    repo,
-                    name: versionLabel,
-                  });
-                  labelExists = true;
-                } catch {}
+                  try {
+                    await github.rest.issues.getLabel({
+                      owner,
+                      repo,
+                      name: versionLabel,
+                    });
+                    labelExists = true;
+                  } catch {}

-                if (labelExists) {
-                  labels.push(versionLabel);
+                  if (labelExists) {
+                    // Check if it's an unsupported major
+                    const { ElectronVersions } = await import('${{ github.workspace }}/node_modules/@electron/fiddle-core/dist/index.js');
+                    const versions = await ElectronVersions.create(undefined, { ignoreCache: true });
+
+                    const validVersions = [...versions.supportedMajors, ...versions.prereleaseMajors];
+                    if (validVersions.includes(major)) {
+                      labels.push(versionLabel);
+                    }
+                  }
                }
              }
+              if (labels.length === 0) {
+                core.setOutput('unsupportedMajor', true);
+                labels.push('blocked/need-info ❌');
+              }
+            }
+
+            const operatingSystems = select('heading:has(> text[value="What operating system(s) are you using?"]) + paragraph > text', tree)?.value.trim().split(', ');
+            const platformLabels = new Set();
+            for (const operatingSystem of (operatingSystems ?? [])) {
+              switch (operatingSystem) {
+                case 'Windows':
+                  platformLabels.add('platform/windows');
+                  break;
+                case 'macOS':
+                  platformLabels.add('platform/macOS');
+                  break;
+                case 'Ubuntu':
+                case 'Other Linux':
+                  platformLabels.add('platform/linux');
+                  break;
+              }
+            }
+
+            if (platformLabels.size === 3) {
+              labels.push('platform/all');
+            } else {
+              labels.push(...platformLabels);
            }

            const gistUrl = select('heading:has(> text[value="Testcase Gist URL"]) + paragraph > text', tree)?.value.trim();
@@ -89,3 +129,17 @@ jobs:
                labels,
              });
            }
+      - name: Create unsupported major comment
+        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
+        with:
+          actions: 'create-comment'
+          token: ${{ steps.generate-token.outputs.token }}
+          body: |
+            <!-- end-of-life -->
+
+            Hello @${{ github.event.issue.user.login }}. Thanks for reporting this and helping to make Electron better!
+            
+            The version of Electron reported in this issue has reached end-of-life and is [no longer supported](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline). If you're still experiencing this issue on a [supported version](https://www.electronjs.org/releases/stable) of Electron, please update this issue to reflect that version of Electron.
+
+            Now adding the https://github.com/electron/electron/labels/blocked%2Fneed-info%20%E2%9D%8C label for this reason. This issue will be closed in 10 days if the above is not addressed.
--- a/.github/workflows/issue-transferred.yml
+++ b/.github/workflows/issue-transferred.yml
@@ -0,0 +1,27 @@
+name: Issue Transferred
+
+on:
+  issues:
+    types: [transferred]
+
+permissions: {}
+
+jobs:
+  issue-transferred:
+    name: Issue Transferred
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.changes.new_repository.private }}
+    steps:
+      - name: Generate GitHub App token
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+        id: generate-token
+        with:
+          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
+          org: electron
+      - name: Remove from issue triage
+        uses: dsanders11/project-actions/delete-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          project-number: 90
+          item: ${{ github.event.changes.new_issue.html_url }}
+          fail-if-item-not-found: false
--- a/.github/workflows/issue-unlabeled.yml
+++ b/.github/workflows/issue-unlabeled.yml
@@ -30,9 +30,10 @@ jobs:
          org: electron
      - name: Set status
        if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/edit-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
          field: Status
          field-value: 📥 Was Blocked
+          fail-if-item-not-found: false
--- a/.github/workflows/linux-publish.yml
+++ b/.github/workflows/linux-publish.yml
@@ -30,7 +30,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -83,4 +83,4 @@ jobs:
      generate-symbols: true
      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
+    secrets: inherit
--- a/.github/workflows/macos-publish.yml
+++ b/.github/workflows/macos-publish.yml
@@ -31,7 +31,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -98,4 +98,4 @@ jobs:
      gn-build-type: release
      generate-symbols: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
+    secrets: inherit
--- a/.github/workflows/non-maintainer-dependency-change.yml
+++ b/.github/workflows/non-maintainer-dependency-change.yml
@@ -0,0 +1,37 @@
+name: Check for Non-Maintainer Dependency Change
+
+on:
+  pull_request_target:
+    paths:
+      - 'yarn.lock'
+      - 'spec/yarn.lock'
+
+permissions: {}
+
+jobs:
+  check-for-non-maintainer-dependency-change:
+    name: Check for non-maintainer dependency change
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association) && github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for existing review
+        id: check-for-review
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          set -eo pipefail
+          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- no-dependency-change -->")) ] | length')
+          if [[ $REVIEW_COUNT -eq 0 ]]; then
+            echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Request changes
+        if: ${{ steps.check-for-review.outputs.SHOULD_REVIEW }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          printf "<!-- no-dependency-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -5,7 +5,7 @@ on:
    inputs:
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux.'
        required: true
      target-arch:
        type: string
@@ -15,10 +15,6 @@ on:
        type: string
        description: 'What host to run the build'
        required: true
-      check-runs-on:
-        type: string
-        description: 'What host to run the gn-check'
-        required: true
      test-runs-on:
        type: string
        description: 'What host to run the tests on'
@@ -60,8 +56,8 @@ on:
        default: false

 concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 jobs:
  build:
@@ -76,16 +72,6 @@ jobs:
      generate-symbols: ${{ inputs.generate-symbols }}
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit
-  gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    with:
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      check-runs-on: ${{ inputs.check-runs-on }}
-      check-container: ${{ inputs.build-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      is-asan: ${{ inputs.is-asan }}
-    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    needs: build
@@ -104,4 +90,4 @@ jobs:
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
      gn-build-type: ${{ inputs.gn-build-type }}
-    secrets: inherit
+    secrets: inherit
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -5,7 +5,7 @@ on:
    inputs:
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
@@ -15,10 +15,6 @@ on:
        type: string
        description: 'What host to run the build'
        required: true
-      check-runs-on:
-        type: string
-        description: 'What host to run the gn-check'
-        required: true
      test-runs-on:
        type: string
        description: 'What host to run the tests on'
@@ -60,8 +56,8 @@ on:
        default: false

 concurrency:
-  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 permissions:
  contents: read
@@ -82,16 +78,6 @@ jobs:
      upload-to-storage: ${{ inputs.upload-to-storage }}
      is-asan: ${{ inputs.is-asan}}
    secrets: inherit
-  gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    with:
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      check-runs-on: ${{ inputs.check-runs-on }}
-      check-container: ${{ inputs.build-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      is-asan: ${{ inputs.is-asan }}
-    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    needs: build
@@ -101,4 +87,4 @@ jobs:
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
      is-asan: ${{ inputs.is-asan}}
-    secrets: inherit
+    secrets: inherit
--- a/.github/workflows/pipeline-electron-docs-only.yml
+++ b/.github/workflows/pipeline-electron-docs-only.yml
@@ -20,14 +20,13 @@ jobs:
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
    - name: Run TS/JS compile
      shell: bash
      run: |
@@ -40,4 +39,4 @@ jobs:
            if [ "$out" != "base.js" ]; then
            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
            fi
-        done
+        done
--- a/.github/workflows/pipeline-electron-lint.yml
+++ b/.github/workflows/pipeline-electron-lint.yml
@@ -9,8 +9,8 @@ on:
        type: string

 concurrency:
-  group: electron-lint-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 jobs:
  lint:
@@ -20,14 +20,15 @@ jobs:
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
+    - name: Set Chromium Git Cookie
+      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Setup third_party Depot Tools
      shell: bash
      run: |
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -9,11 +9,11 @@ on:
        type: string
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
+        description: 'Arch to build for, can be x64, arm64, ia32 or arm'
        required: true
      target-variant:
        type: string
@@ -61,19 +61,24 @@ on:


 concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 env:
+  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
+  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
  ELECTRON_OUT_DIR: Default

 jobs:
  build:
+    defaults:
+      run:
+        shell: bash
    runs-on: ${{ inputs.build-runs-on }}
    container: ${{ fromJSON(inputs.build-container) }}
    environment: ${{ inputs.environment }}
@@ -81,12 +86,14 @@ jobs:
      TARGET_ARCH: ${{ inputs.target-arch }}
    steps:
    - name: Create src dir
-      run: mkdir src
+      run: |
+        mkdir src
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -95,15 +102,13 @@ jobs:
      run: df -h
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a
      with:
        node-version: 20.11.x
        cache: yarn
        cache-dependency-path: src/electron/yarn.lock
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
    - name: Install AZCopy
      if: ${{ inputs.target-platform == 'macos' }}
      run: brew install azcopy
@@ -122,6 +127,8 @@ jobs:
          GN_EXTRA_ARGS='is_asan=true'
        fi
        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
+    - name: Set Chromium Git Cookie
+      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Get Depot Tools
      timeout-minutes: 5
      run: |
@@ -137,16 +144,13 @@ jobs:

        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
-        if [ "`uname`" = "Linux" ]; then
-          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
-        fi
        touch .disable_auto_update
    - name: Add Depot Tools to PATH
      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
    - name: Generate DEPS Hash
      run: |
-        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
-        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
+        node src/electron/script/generate-deps-hash.js
+        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
    - name: Restore src cache via AZCopy
@@ -155,11 +159,17 @@ jobs:
    - name: Restore src cache via AKS
      if: ${{ inputs.target-platform == 'linux' }}
      uses: ./src/electron/.github/actions/restore-cache-aks
+    - name: Checkout src via gclient sync
+      if: ${{ inputs.target-platform == 'win' }}
+      uses: ./src/electron/.github/actions/checkout
+      with:
+        use-cache: 'false'
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Build Tools
      uses: ./src/electron/.github/actions/install-build-tools
    - name: Init Build Tools
@@ -167,11 +177,11 @@ jobs:
        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
    - name: Run Electron Only Hooks
      run: |
-        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+        e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
    - name: Regenerate DEPS Hash
      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
-        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
+        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Fix Sync (macOS)
@@ -179,7 +189,7 @@ jobs:
      uses: ./src/electron/.github/actions/fix-sync-macos
    - name: Setup Number of Ninja Processes
      run: |
-        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform == 'linux' && '300' || '200' }}" >> $GITHUB_ENV
+        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform != 'macos' && '300' || '200' }}" >> $GITHUB_ENV
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -189,7 +199,7 @@ jobs:
      with:
        target-arch: ${{ inputs.target-arch }}
        target-platform: ${{ inputs.target-platform }}
-        artifact-platform: ${{ inputs.target-platform == 'linux' && 'linux' || 'darwin' }}
+        artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
        is-release: '${{ inputs.is-release }}'
        generate-symbols: '${{ inputs.generate-symbols }}'
        strip-binaries: '${{ inputs.strip-binaries }}'
@@ -211,4 +221,4 @@ jobs:
        is-release: '${{ inputs.is-release }}'
        generate-symbols: '${{ inputs.generate-symbols }}'
        upload-to-storage: '${{ inputs.upload-to-storage }}'
-        step-suffix: '(mas)'
+        step-suffix: '(mas)'
--- a/.github/workflows/pipeline-segment-electron-gn-check.yml
+++ b/.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -5,11 +5,11 @@ on:
    inputs:
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux'
        required: true
-      target-arch:
+      target-archs:
        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
+        description: 'Archs to check for, can be x64, x86, arm64 or arm space separated'
        required: true
      check-runs-on:
        type: string
@@ -25,35 +25,30 @@ on:
        required: true
        type: string
        default: testing
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false

 concurrency:
-  group: electron-gn-check-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
+  group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
  cancel-in-progress: true

 env:
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
  ELECTRON_OUT_DIR: Default
-  TARGET_ARCH: ${{ inputs.target-arch }}

 jobs:
  gn-check:
-    # TODO(codebytere): Change this to medium VM
+    defaults:
+      run:
+        shell: bash
    runs-on: ${{ inputs.check-runs-on }}
    container: ${{ fromJSON(inputs.check-container) }}
-    env:
-      TARGET_ARCH: ${{ inputs.target-arch }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Cleanup disk space on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      shell: bash
@@ -73,90 +68,89 @@ jobs:
      run: df -h        
    - name: Install Build Tools
      uses: ./src/electron/.github/actions/install-build-tools
-    - name: Init Build Tools
+    - name: Enable windows toolchain
+      if: ${{ inputs.target-platform == 'win' }}
      run: |
-        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
-    - name: Get Depot Tools
-      timeout-minutes: 5
-      run: |
-        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-
-        SEDOPTION="-i"
-        if [ "`uname`" = "Darwin" ]; then
-          SEDOPTION="-i ''"
-        fi
-
-        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
-        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
-
-        # Ensure depot_tools does not update.
-        test -d depot_tools && cd depot_tools
-        if [ "`uname`" = "Linux" ]; then
-          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
-        fi
-        touch .disable_auto_update
-    - name: Add Depot Tools to PATH
-      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
-    - name: Set GN_EXTRA_ARGS for Linux
-      if: ${{ inputs.target-platform == 'linux' }}
-      run: |
-        if [ "${{ inputs.target-arch  }}" = "arm" ]; then
-          GN_EXTRA_ARGS='build_tflite_with_xnnpack=false'
-        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
-          GN_EXTRA_ARGS='fatal_linker_warnings=false enable_linux_installer=false'
-        fi
-        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
+        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
    - name: Generate DEPS Hash
      run: |
-        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
-        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
+        node src/electron/script/generate-deps-hash.js
+        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
    - name: Restore src cache via AZCopy
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/restore-cache-azcopy
    - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' }}
+      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
      uses: ./src/electron/.github/actions/restore-cache-aks
    - name: Run Electron Only Hooks
      run: |
-        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
+        if [ "${{ inputs.target-platform }}" = "win" ]; then
+          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
+          echo "target_os=['win']" >> tmpgclient
+        fi
+        e d gclient runhooks --gclientfile=tmpgclient
+
+        # Fix VS Toolchain
+        if [ "${{ inputs.target-platform }}" = "win" ]; then
+          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
+          e d python3 src/build/vs_toolchain.py update --force
+        fi
    - name: Regenerate DEPS Hash
      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
-        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
+        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
    - name: Default GN gen
      run: |
        cd src/electron
        git pack-refs
-        cd ..
-
-        e build --only-gen
-    - name: Run GN Check
+    - name: Run GN Check for ${{ inputs.target-archs }}
      run: |
-        cd src
-        gn check out/Default //electron:electron_lib
-        gn check out/Default //electron:electron_app
-        gn check out/Default //electron/shell/common/api:mojo
+        for target_cpu in ${{ inputs.target-archs }}
+        do
+          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu
+          cd src
+          export GN_EXTRA_ARGS="target_cpu=\"$target_cpu\""
+          if [ "${{ inputs.target-platform }}" = "linux" ]; then
+            if [ "$target_cpu" = "arm" ]; then
+              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS build_tflite_with_xnnpack=false"
+            elif [ "$target_cpu" = "arm64" ]; then
+              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS fatal_linker_warnings=false enable_linux_installer=false"
+            fi
+          fi
+          if [ "${{ inputs.target-platform }}" = "win" ]; then
+            export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
+          fi

-        # Check the hunspell filenames
-        node electron/script/gen-hunspell-filenames.js --check
-        node electron/script/gen-libc++-filenames.js --check
+          e build --only-gen
+
+          e d gn check out/Default //electron:electron_lib
+          e d gn check out/Default //electron:electron_app
+          e d gn check out/Default //electron/shell/common:mojo
+          e d gn check out/Default //electron/shell/common:plugin
+
+          # Check the hunspell filenames
+          node electron/script/gen-hunspell-filenames.js --check
+          node electron/script/gen-libc++-filenames.js --check
+          cd ..
+        done
    - name: Wait for active SSH sessions
      if: always() && !cancelled()
+      shell: bash
      run: |
        while [ -f /var/.ssh-lock ]
        do
          sleep 60
-        done
+        done
--- a/.github/workflows/pipeline-segment-electron-test.yml
+++ b/.github/workflows/pipeline-segment-electron-test.yml
@@ -5,7 +5,7 @@ on:
    inputs:
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
@@ -27,8 +27,8 @@ on:
        default: false

 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 permissions:
  contents: read
@@ -36,27 +36,52 @@ permissions:
  pull-requests: read

 env:
+  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
+  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  ELECTRON_OUT_DIR: Default
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}

 jobs:
  test:
+    defaults:
+      run:
+        shell: bash
    runs-on: ${{ inputs.test-runs-on }}
    container: ${{ fromJSON(inputs.test-container) }}
    strategy:
      fail-fast: false
      matrix:
-        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || fromJSON('["linux"]') }}
-        shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1, 2]') || fromJSON('[1, 2, 3]') }}
+        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
+        shard: ${{ inputs.target-platform == 'linux' && fromJSON('[1, 2, 3]') || fromJSON('[1, 2]') }}
    env:
      BUILD_TYPE: ${{ matrix.build-type }}
      TARGET_ARCH: ${{ inputs.target-arch }}
      ARTIFACT_KEY: ${{ matrix.build-type }}_${{ inputs.target-arch }}
    steps:
    - name: Fix node20 on arm32 runners
-      if: ${{ inputs.target-arch == 'arm' }}
+      if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
      run: |
        cp $(which node) /mnt/runner-externals/node20/bin/
+    - name: Install Git on Windows arm64 runners
+      if: ${{ inputs.target-arch == 'arm64' && inputs.target-platform == 'win' }}
+      shell: powershell
+      run: |
+        Set-ExecutionPolicy Bypass -Scope Process -Force
+        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
+        iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
+        choco install -y --no-progress git.install --params "'/GitAndUnixToolsOnPath'"
+        choco install -y --no-progress git
+        choco install -y --no-progress python --version 3.11.9
+        choco install -y --no-progress visualstudio2022-workload-vctools --package-parameters "--add Microsoft.VisualStudio.Component.VC.Tools.ARM64"
+        echo "C:\Program Files\Git\cmd" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        echo "C:\Program Files\Git\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        echo "C:\Python311" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
+    - name: Setup Node.js/npm
+      if: ${{ inputs.target-platform == 'win' }}
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a
+      with:
+        node-version: 20.11.x
    - name: Add TCC permissions on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: |
@@ -90,29 +115,28 @@ jobs:
            configure_sys_tccdb "$values"
          fi
        done
+    - name: Turn off the unexpectedly quit dialog on macOS
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: defaults write com.apple.CrashReporter DialogType server
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
+    - name: Set Chromium Git Cookie
+      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Get Depot Tools
      timeout-minutes: 5
      run: |
+        git config --global core.filemode false
+        git config --global core.autocrlf false
+        git config --global branch.autosetuprebase always
        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
-        if [ "`uname`" = "Darwin" ]; then
-          # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
-          sed -i '' '/ninjalog_uploader_wrapper.py/d' ./autoninja
-        else
-          sed -i '/ninjalog_uploader_wrapper.py/d' ./autoninja
-          # Remove swift-format dep from cipd on macOS until we send a patch upstream.
-          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
-        fi
        touch .disable_auto_update
    - name: Add Depot Tools to PATH
      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
@@ -134,7 +158,17 @@ jobs:
        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Restore Generated Artifacts
      run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist, Mksnapshot & Chromedriver
+    - name: Unzip Dist, Mksnapshot & Chromedriver (win)
+      if: ${{ inputs.target-platform == 'win' }}
+      shell: powershell
+      run: |
+        Set-ExecutionPolicy Bypass -Scope Process -Force
+        cd src/out/Default
+        Expand-Archive -Force dist.zip -DestinationPath ./
+        Expand-Archive -Force chromedriver.zip -DestinationPath ./
+        Expand-Archive -Force mksnapshot.zip -DestinationPath ./
+    - name: Unzip Dist, Mksnapshot & Chromedriver (unix)
+      if: ${{ inputs.target-platform != 'win' }}
      run: |
        cd src/out/Default
        unzip -:o dist.zip
@@ -158,15 +192,24 @@ jobs:
        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
        DISPLAY: ':99.0'
+        NPM_CONFIG_MSVS_VERSION: '2022'
      run: |
        cd src/electron
        export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
        # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 2 || 3 }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'linux' && 3 || 2 }})

        # Run tests
-        if [ "`uname`" = "Darwin" ]; then
+        if [ "${{ inputs.target-platform }}" != "linux" ]; then
          echo "About to start tests"
+          if [ "${{ inputs.target-platform }}" = "win" ]; then
+            if [ "${{ inputs.target-arch }}" = "x86" ]; then
+              export npm_config_arch="ia32"
+            fi
+            if [ "${{ inputs.target-arch }}" = "arm64" ]; then
+              export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
+            fi
+          fi
          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
        else
          chown :builduser .. && chmod g+w ..
@@ -197,14 +240,23 @@ jobs:
        DD_CIVISIBILITY_LOGS_ENABLED: true
        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
      run: |
-        if ! [ -z $DD_API_KEY ]; then
-          datadog-ci junit upload src/electron/junit/test-results-main.xml
+        if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
+          export DATADOG_PATH=`node src/electron/script/yarn global bin`
+          $DATADOG_PATH/datadog-ci junit upload src/electron/junit/test-results-main.xml
        fi          
      if: always() && !cancelled()
+    - name: Upload Test Artifacts
+      if: always() && !cancelled()
+      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
+      with:
+        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
+        path: src/electron/spec/artifacts
+        if-no-files-found: ignore
    - name: Wait for active SSH sessions
      if: always() && !cancelled()
+      shell: bash
      run: |
        while [ -f /var/.ssh-lock ]
        do
          sleep 60
-        done
+        done
--- a/.github/workflows/pipeline-segment-node-nan-test.yml
+++ b/.github/workflows/pipeline-segment-node-nan-test.yml
@@ -5,7 +5,7 @@ on:
    inputs:
      target-platform:
        type: string
-        description: 'Platform to run on, can be macos or linux'
+        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
@@ -27,8 +27,8 @@ on:
        default: testing

 concurrency:
-  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}

 env:
  ELECTRON_OUT_DIR: Default
@@ -45,27 +45,26 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Build Tools
      uses: ./src/electron/.github/actions/install-build-tools
    - name: Init Build Tools
      run: |
        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
+    - name: Set Chromium Git Cookie
+      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Get Depot Tools
      timeout-minutes: 5
      run: |
        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
-        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
        touch .disable_auto_update
    - name: Add Depot Tools to PATH
      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
@@ -93,6 +92,7 @@ jobs:
        node electron/script/node-spec-runner.js --default --jUnitDir=junit
    - name: Wait for active SSH sessions
      if: always() && !cancelled()
+      shell: bash
      run: |
        while [ -f /var/.ssh-lock ]
        do
@@ -108,27 +108,26 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Build Tools
      uses: ./src/electron/.github/actions/install-build-tools
    - name: Init Build Tools
      run: |
        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
    - name: Install Dependencies
-      run: |
-        cd src/electron
-        node script/yarn install --frozen-lockfile
+      uses: ./src/electron/.github/actions/install-dependencies
+    - name: Set Chromium Git Cookie
+      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Get Depot Tools
      timeout-minutes: 5
      run: |
        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
-        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
        touch .disable_auto_update
    - name: Add Depot Tools to PATH
      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
@@ -150,14 +149,15 @@ jobs:
        unzip -:o dist.zip
    - name: Setup Linux for Headless Testing
      run: sh -e /etc/init.d/xvfb start
-    - name: Run Node.js Tests
+    - name: Run Nan Tests
      run: |
        cd src
        node electron/script/nan-spec-runner.js
    - name: Wait for active SSH sessions
+      shell: bash
      if: always() && !cancelled()
      run: |
        while [ -f /var/.ssh-lock ]
        do
          sleep 60
-        done
+        done
--- a/.github/workflows/pull-request-labeled.yml
+++ b/.github/workflows/pull-request-labeled.yml
@@ -13,14 +13,14 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
+        uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
        with:
+          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
+          webhook-type: webhook-trigger
          payload: |
            {
              "url": "${{ github.event.pull_request.html_url }}"
            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }}
  pull-request-labeled-deprecation-review-complete:
    name: deprecation-review/complete label added
    if: github.event.label.name == 'deprecation-review/complete ✅'
@@ -33,7 +33,7 @@ jobs:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/edit-item@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 94
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,7 +22,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

@@ -42,7 +42,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: SARIF file
          path: results.sarif
@@ -50,6 +50,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
        with:
          sarif_file: results.sarif
--- a/.github/workflows/stable-prep-items.yml
+++ b/.github/workflows/stable-prep-items.yml
@@ -27,7 +27,7 @@ jobs:
          PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
          echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
      - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        uses: dsanders11/project-actions/completed-by@9c80cd31f58599941c64f74636bea95ba5d46090 # v1.5.1
        with:
          field: Prep Status
          field-value: ✅ Complete
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -16,7 +16,7 @@ jobs:
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: 90
@@ -39,7 +39,7 @@ jobs:
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: -1
--- a/.github/workflows/update_appveyor_image.yml
+++ b/.github/workflows/update_appveyor_image.yml
@@ -1,73 +0,0 @@
-name: Update AppVeyor Image
-
-# Run chron daily Mon-Fri
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 8 * * 1-5' # runs 8:00 every business day (see https://crontab.guru)
-
-permissions: {}
-
-jobs:
-  bake-appveyor-image:
-    name: Bake AppVeyor Image
-    runs-on: ubuntu-latest
-    steps:
-    - name: Generate GitHub App token
-      uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
-      id: generate-token
-      with:
-        creds: ${{ secrets.APPVEYOR_UPDATER_GH_APP_CREDS }}
-    - name: Checkout
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      with:
-        fetch-depth: 0
-        token: ${{ steps.generate-token.outputs.token }}
-    - name: Yarn install
-      run: |
-        node script/yarn.js install --frozen-lockfile
-    - name: Set Repo for Commit
-      run: git config --global --add safe.directory $GITHUB_WORKSPACE
-    - name: Check AppVeyor Image
-      env:
-        APPVEYOR_TOKEN: ${{ secrets.APPVEYOR_TOKEN }}
-      run: |
-        node ./script/prepare-appveyor
-        if [ -f ./image_version.txt ]; then
-          echo "APPVEYOR_IMAGE_VERSION="$(cat image_version.txt)"" >> $GITHUB_ENV
-          rm image_version.txt
-        fi
-    - name: (Optionally) Update Appveyor Image
-      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4.44.3
-      with:
-        cmd: |
-          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml"
-          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor-woa.yml" > "appveyor-woa2.yml"
-    - name: (Optionally) Generate Commit Diff
-      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      run: |
-        diff -w -B appveyor.yml appveyor2.yml > appveyor.diff || true
-        patch -f appveyor.yml < appveyor.diff
-        rm appveyor2.yml appveyor.diff
-        git add appveyor.yml
-    - name: (Optionally) Generate Commit Diff for WOA
-      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      run: |
-        diff -w -B appveyor-woa.yml appveyor-woa2.yml > appveyor-woa.diff || true
-        patch -f appveyor-woa.yml < appveyor-woa.diff
-        rm appveyor-woa2.yml appveyor-woa.diff
-        git add appveyor-woa.yml
-    - name: (Optionally) Commit to Branch
-      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      uses: dsanders11/github-app-commit-action@43de6da2f4d927e997c0784c7a0b61bd19ad6aac # v1.5.0
-      with:
-        message: 'build: update appveyor image to latest version'
-        ref: bump-appveyor-image
-        token: ${{ steps.generate-token.outputs.token }}
-    - name: (Optionally) Create Pull Request
-      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      run: |
-        printf "This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.\n\nNotes: none" | gh pr create --head bump-appveyor-image --label no-backport --label semver/none --title 'build: update appveyor image to latest version' --body-file=-
-      env:
-        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/windows-publish.yml
+++ b/.github/workflows/windows-publish.yml
@@ -0,0 +1,84 @@
+name: Publish Windows
+
+on:
+  workflow_dispatch:
+    inputs:
+      build-image-sha:
+        type: string
+        description: 'SHA for electron/build image'
+        default: 'bc2f48b2415a670de18d13605b1cf0eb5fdbaae1'
+        required: true
+      upload-to-storage:
+        description: 'Uploads to Azure storage'
+        required: false
+        default: '1'
+        type: string
+      run-windows-publish:
+        description: 'Run the publish jobs vs just the build jobs'
+        type: boolean
+        default: false
+
+jobs:
+  checkout-windows:
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+    env:
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
+      TARGET_OS: 'win'
+      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
+    outputs:
+      build-image-sha: ${{ inputs.build-image-sha }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+
+  publish-x64-win:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-windows
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-windows-amd64-16core
+      target-platform: win
+      target-arch: x64
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-arm64-win:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-windows
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-windows-amd64-16core
+      target-platform: win
+      target-arch: arm64
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-x86-win:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-windows
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-windows-amd64-16core
+      target-platform: win
+      target-arch: x86
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
--- a/.gitignore
+++ b/.gitignore
@@ -48,7 +48,6 @@ ts-gen

 # Used to accelerate CI builds
 .depshash
-.depshash-target

 # Used to accelerate builds after sync
 patches/mtime-cache.json
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-16
+20
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -9,7 +9,7 @@ import("//pdf/features.gni")
 import("//ppapi/buildflags/buildflags.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//testing/test.gni")
-import("//third_party/electron_node/electron_node.gni")
+import("//third_party/electron_node/node.gni")
 import("//third_party/ffmpeg/ffmpeg_options.gni")
 import("//tools/generate_library_loader/generate_library_loader.gni")
 import("//tools/grit/grit_rule.gni")
@@ -38,7 +38,7 @@ if (is_mac) {
  import("build/rules.gni")

  assert(
-      mac_deployment_target == "10.15",
+      mac_deployment_target == "11.0",
      "Chromium has updated the mac_deployment_target, please update this assert, update the supported versions documentation (docs/tutorial/support.md) and flag this as a breaking change")
 }

@@ -84,7 +84,10 @@ if (is_linux) {
  # from the gtk library. Function signatures for which stubs are
  # required should be declared in the sig files.
  generate_stubs("electron_gtk_stubs") {
-    sigs = [ "shell/browser/ui/electron_gdk_pixbuf.sigs" ]
+    sigs = [
+      "shell/browser/ui/electron_gdk.sigs",
+      "shell/browser/ui/electron_gdk_pixbuf.sigs",
+    ]
    extra_header = "shell/browser/ui/electron_gtk.fragment"
    output_name = "electron_gtk_stubs"
    public_deps = [ "//ui/gtk:gtk_config" ]
@@ -221,11 +224,21 @@ webpack_build("electron_utility_bundle") {
  out_file = "$target_gen_dir/js2c/utility_init.js"
 }

+webpack_build("electron_preload_realm_bundle") {
+  deps = [ ":build_electron_definitions" ]
+
+  inputs = auto_filenames.preload_realm_bundle_deps
+
+  config_file = "//electron/build/webpack/webpack.config.preload_realm.js"
+  out_file = "$target_gen_dir/js2c/preload_realm_bundle.js"
+}
+
 action("electron_js2c") {
  deps = [
    ":electron_browser_bundle",
    ":electron_isolated_renderer_bundle",
    ":electron_node_bundle",
+    ":electron_preload_realm_bundle",
    ":electron_renderer_bundle",
    ":electron_sandboxed_renderer_bundle",
    ":electron_utility_bundle",
@@ -237,6 +250,7 @@ action("electron_js2c") {
    "$target_gen_dir/js2c/browser_init.js",
    "$target_gen_dir/js2c/isolated_bundle.js",
    "$target_gen_dir/js2c/node_init.js",
+    "$target_gen_dir/js2c/preload_realm_bundle.js",
    "$target_gen_dir/js2c/renderer_init.js",
    "$target_gen_dir/js2c/sandbox_bundle.js",
    "$target_gen_dir/js2c/utility_init.js",
@@ -408,7 +422,7 @@ action("electron_generate_node_defines") {
 source_set("electron_lib") {
  configs += [
    "//v8:external_startup_data",
-    "//third_party/electron_node:node_internals",
+    "//third_party/electron_node:node_external_config",
  ]

  public_configs = [
@@ -425,7 +439,9 @@ source_set("electron_lib") {
    "buildflags",
    "chromium_src:chrome",
    "chromium_src:chrome_spellchecker",
-    "shell/common/api:mojo",
+    "shell/common:mojo",
+    "shell/common:plugin",
+    "shell/common:web_contents_utility",
    "shell/services/node/public/mojom",
    "//base:base_static",
    "//base/allocator:buildflags",
@@ -482,7 +498,7 @@ source_set("electron_lib") {
    "//third_party/blink/public:blink_devtools_inspector_resources",
    "//third_party/blink/public/platform/media",
    "//third_party/boringssl",
-    "//third_party/electron_node:node_lib",
+    "//third_party/electron_node:libnode",
    "//third_party/inspector_protocol:crdtp",
    "//third_party/leveldatabase",
    "//third_party/libyuv",
@@ -517,7 +533,10 @@ source_set("electron_lib") {
    "//third_party/blink/renderer",
  ]

-  defines = [ "V8_DEPRECATION_WARNINGS" ]
+  defines = [
+    "BLINK_MOJO_IMPL=1",
+    "V8_DEPRECATION_WARNINGS",
+  ]
  libs = []

  if (is_linux) {
@@ -531,7 +550,7 @@ source_set("electron_lib") {
    ]
  }

-  configs += [ "//electron/build/config:mas_build" ]
+  deps += [ "//electron/build/config:generate_mas_config" ]

  sources = filenames.lib_sources
  if (is_win) {
@@ -672,22 +691,11 @@ source_set("electron_lib") {
  }

  if (enable_plugins) {
-    deps += [ "chromium_src:plugins" ]
    sources += [
+      "shell/browser/electron_plugin_info_host_impl.cc",
+      "shell/browser/electron_plugin_info_host_impl.h",
      "shell/common/plugin_info.cc",
      "shell/common/plugin_info.h",
-      "shell/renderer/electron_renderer_pepper_host_factory.cc",
-      "shell/renderer/electron_renderer_pepper_host_factory.h",
-      "shell/renderer/pepper_helper.cc",
-      "shell/renderer/pepper_helper.h",
-    ]
-  }
-
-  if (enable_ppapi) {
-    deps += [
-      "//ppapi/host",
-      "//ppapi/proxy",
-      "//ppapi/shared_impl",
    ]
  }

@@ -875,6 +883,7 @@ if (is_mac) {
      ":electron_framework_resources",
      ":electron_swiftshader_library",
      ":electron_xibs",
+      "//third_party/electron_node:libnode",
    ]
    if (!is_mas_build) {
      deps += [ ":electron_crashpad_helper" ]
@@ -918,17 +927,18 @@ if (is_mac) {
      assert(defined(invoker.helper_name_suffix))

      output_name = electron_helper_name + invoker.helper_name_suffix
-      deps = [ ":electron_framework+link" ]
+      deps = [
+        ":electron_framework+link",
+        "//electron/build/config:generate_mas_config",
+      ]
      if (!is_mas_build) {
        deps += [ "//sandbox/mac:seatbelt" ]
      }
      defines = [ "HELPER_EXECUTABLE" ]
-      configs += [ "//electron/build/config:mas_build" ]
      sources = [
        "shell/app/electron_main_mac.cc",
        "shell/app/uv_stdio_fix.cc",
        "shell/app/uv_stdio_fix.h",
-        "shell/common/electron_constants.cc",
      ]
      include_dirs = [ "." ]
      info_plist = "shell/renderer/resources/mac/Info.plist"
@@ -1079,6 +1089,7 @@ if (is_mac) {
      ":electron_app_plist",
      ":electron_app_resources",
      ":electron_fuses",
+      "//electron/build/config:generate_mas_config",
      "//electron/buildflags",
    ]
    if (is_mas_build) {
@@ -1093,7 +1104,6 @@ if (is_mac) {
      "-rpath",
      "@executable_path/../Frameworks",
    ]
-    configs += [ "//electron/build/config:mas_build" ]
  }

  if (enable_dsyms) {
@@ -1197,6 +1207,7 @@ if (is_mac) {
      "//components/crash/core/app",
      "//content:sandbox_helper_win",
      "//electron/buildflags",
+      "//third_party/electron_node:libnode",
      "//ui/strings",
    ]

@@ -1508,21 +1519,8 @@ group("electron") {
 ##### node_headers

 node_dir = "../third_party/electron_node"
-node_files = read_file("$node_dir/filenames.json", "json")
 node_headers_dir = "$root_gen_dir/node_headers"

-header_group_index = 0
-header_groups = []
-foreach(header_group, node_files.headers) {
-  copy("node_headers_${header_group_index}") {
-    sources = rebase_path(header_group.files, ".", node_dir)
-    outputs =
-        [ "$node_headers_dir/${header_group.dest_dir}/{{source_file_part}}" ]
-  }
-  header_groups += [ ":node_headers_${header_group_index}" ]
-  header_group_index += 1
-}
-
 copy("zlib_headers") {
  sources = [
    "$node_dir/deps/zlib/zconf.h",
@@ -1543,13 +1541,19 @@ copy("node_gypi_headers") {
 action("node_version_header") {
  inputs = [ "$node_dir/src/node_version.h" ]
  outputs = [ "$node_headers_dir/include/node/node_version.h" ]
-  script = "script/generate_node_version_header.py"
+  script = "script/node/generate_node_version_header.py"
  args = rebase_path(inputs) + rebase_path(outputs)
  if (node_module_version != "") {
    args += [ "$node_module_version" ]
  }
 }

+action("generate_node_headers") {
+  deps = [ ":generate_config_gypi" ]
+  script = "script/node/generate_node_headers.py"
+  outputs = [ "$root_gen_dir/node_headers.json" ]
+}
+
 action("tar_node_headers") {
  deps = [ ":copy_node_headers" ]
  outputs = [ "$root_gen_dir/node_headers.tar.gz" ]
@@ -1561,11 +1565,12 @@ action("tar_node_headers") {
 }

 group("copy_node_headers") {
-  public_deps = header_groups + [
-                  ":node_gypi_headers",
-                  ":node_version_header",
-                  ":zlib_headers",
-                ]
+  public_deps = [
+    ":generate_node_headers",
+    ":node_gypi_headers",
+    ":node_version_header",
+    ":zlib_headers",
+  ]
 }

 group("node_headers") {
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -12,7 +12,7 @@ propose changes to this document in a pull request.

 ## [Issues](https://electronjs.org/docs/development/issues)

-Issues are created [here](https://github.com/electron/electron/issues/new).
+Issues are created [here](https://github.com/electron/electron/issues/new/choose).

 * [How to Contribute in Issues](https://electronjs.org/docs/development/issues#how-to-contribute-in-issues)
 * [Asking for General Help](https://electronjs.org/docs/development/issues#asking-for-general-help)
--- a/10
+++ b/10
@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'

 vars = {
  'chromium_version':
-    '128.0.6613.186',
+    '134.0.6998.10',
  'node_version':
-    'v20.18.0',
+    'v22.13.1',
  'nan_version':
    'e14bdcd1f72d62bca1d541b66da43130384ec213',
  'squirrel.mac_version':
@@ -62,10 +62,6 @@ vars = {

  'checkout_nacl':
    False,
-  'checkout_libaom':
-    True,
-  'checkout_oculus_sdk':
-    False,
  'checkout_openxr':
    False,
  'build_with_chromium':
@@ -74,8 +70,6 @@ vars = {
    False,
  'checkout_android_native_support':
    False,
-  'checkout_google_benchmark':
-    False,
  'checkout_clang_tidy':
    True,
 }
--- a/README.md
+++ b/README.md
@@ -1,7 +1,6 @@
 [![Electron Logo](https://electronjs.org/images/electron-logo.svg)](https://electronjs.org)

 [![GitHub Actions Build Status](https://github.com/electron/electron/actions/workflows/build.yml/badge.svg)](https://github.com/electron/electron/actions/workflows/build.yml)
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/4lggi9dpjc1qob7k/branch/main?svg=true)](https://ci.appveyor.com/project/electron-bot/electron-ljo26/branch/main)
 [![Electron Discord Invite](https://img.shields.io/discord/745037351163527189?color=%237289DA&label=chat&logo=discord&logoColor=white)](https://discord.gg/electronjs)

 :memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪.
@@ -38,7 +37,7 @@ For more installation options and troubleshooting tips, see

 Each Electron release provides binaries for macOS, Windows, and Linux.

-* macOS (Catalina and up): Electron provides 64-bit Intel and ARM binaries for macOS. Apple Silicon support was added in Electron 11.
+* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
 * Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
 * Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
  * Ubuntu 18.04 and newer
--- a/appveyor-bake.yml
+++ b/appveyor-bake.yml
@@ -1,107 +0,0 @@
-# The config is used to bake appveyor images, not for running CI jobs.
-# The config expects the following environment variables to be set:
-#  - "APPVEYOR_BAKE_IMAGE" e.g. 'electron-99.0.4767.0'. Name of the image to be baked.
-#      Typically named after the Chromium version on which the image is built.
-#      This can be set dynamically in the prepare-appveyor script.
-
-version: 1.0.{build}
-build_cloud: electronhq-16-core
-image: base-bake-image
-environment:
-  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
-  ELECTRON_OUT_DIR: Default
-  ELECTRON_ENABLE_STACK_DUMPING: 1
-  MOCHA_REPORTER: mocha-multi-reporters
-  MOCHA_MULTI_REPORTERS: mocha-appveyor-reporter, tap
-  DEPOT_TOOLS_WIN_TOOLCHAIN: 0
-  PYTHONIOENCODING: UTF-8
-
-# The following lines are needed when baking from a completely new image (eg MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest via image: base-windows-server2019)
-# init:
-#   - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-#   - appveyor version
-#   - ps: $ErrorActionPreference = 'Stop'
-#   - ps: 'Write-Host "OS Build: $((Get-CimInstance Win32_OperatingSystem).BuildNumber)"'
-
-# clone_folder: '%USERPROFILE%\image-bake-scripts'
-
-# clone_script:  
-#   - ps: Invoke-WebRequest "https://github.com/appveyor/build-images/archive/1f90d94e74c8243c909a09b994e527584dfcb838.zip" -OutFile "$env:temp\scripts.zip"
-#   - ps: Expand-Archive -Path "$env:temp\scripts.zip" -DestinationPath "$env:temp\scripts" -Force
-#   - ps: Copy-Item -Path "$env:temp\scripts\build-images-1f90d94e74c8243c909a09b994e527584dfcb838\scripts\Windows\*" -Destination $env:APPVEYOR_BUILD_FOLDER -Recurse  
-
-build_script:
-# The following lines are needed when baking from a completely new image (eg MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest via image: base-windows-server2019)
-  # - ps: .\init_server.ps1
-  # - ps: .\extend_system_volume.ps1
-
-  # # Restart VM
-  # - ps: Start-Sleep -s 5; Restart-Computer
-  # - ps: Start-Sleep -s 5
-
-  # - appveyor version
-  # - ps: .\install_path_utils.ps1
-  # - ps: .\install_powershell_core.ps1
-  # - ps: .\install_powershell_get.ps1
-  # - ps: .\install_7zip.ps1
-  # - ps: .\install_chocolatey.ps1
-  # - ps: .\install_webpi.ps1
-  # - ps: .\install_nuget.ps1
-  # - ps: .\install_pstools.ps1
-
-  # - ps: .\install_git.ps1
-  # - ps: .\install_git_lfs.ps1
-
-  # # Restart VM
-  # - ps: Start-Sleep -s 5; Restart-Computer
-  # - ps: Start-Sleep -s 5
-# END LINES FOR COMPLETELY NEW IMAGE
-
-  - git config --global core.longpaths true
-  - ps: >-
-      if (-not (Test-Path -Path C:\projects\src)) {
-        New-Item -Path C:\projects\src -ItemType Directory
-      }
-  - cd C:\projects\
-  - git clone -q --branch=%APPVEYOR_REPO_BRANCH% https://github.com/electron/electron.git C:\projects\src\electron
-  - git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-  - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
-  - update_depot_tools.bat
-  # Uncomment the following line if windows deps change
-  # - src\electron\script\setup-win-for-dev.bat
-  - >-
-      gclient config
-      --name "src\electron"
-      --unmanaged
-      %GCLIENT_EXTRA_ARGS%
-      "https://github.com/electron/electron"
-  - ps: cd src\electron
-  - ps: node script\generate-deps-hash.js
-  - ps: $depshash = Get-Content .\.depshash -Raw
-  - ps: Copy-Item -path .\.depshash -destination ..\.depshash
-  - ps: cd ..\..
-  - gclient sync --with_branch_heads --with_tags --nohooks
-  - ps: regsvr32 /s "C:\Program Files\Microsoft Visual Studio\2022\Community\DIA SDK\bin\amd64\msdia140.dll"
-  - ps: set vs2022_install="C:\Program Files\Microsoft Visual Studio\2022\Community"
-
-# The following lines are needed when baking from a completely new image (eg MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest via image: base-windows-server2019)
-  # # Restart VM
-  # - ps: Start-Sleep -s 5; Restart-Computer 
-  # - ps: Start-Sleep -s 5
-
-  # - cd %USERPROFILE%\image-bake-scripts
-  # - appveyor version
-  # - ps: .\optimize_dotnet_runtime.ps1
-  # - ps: .\disable_windows_background_services.ps1
-  # - ps: .\enforce_windows_firewall.ps1
-  # - ps: .\cleanup_windows.ps1  
-# END LINES FOR COMPLETELY NEW IMAGE  
-on_image_bake:
-  - ps: >-
-      echo "Baking image: $env:APPVEYOR_BAKE_IMAGE at dir $PWD"
-  - ps: Remove-Item -Recurse -Force C:\projects\depot_tools
-  - ps: Remove-Item -Recurse -Force C:\projects\src\electron
-# Uncomment these lines and set APPVEYOR_RDP_PASSWORD in project settings to enable RDP after bake is done
-# # on_finish:
-#   - ps: >-
-#        $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
--- a/appveyor-woa.yml
+++ b/appveyor-woa.yml
@@ -1,342 +0,0 @@
-# NOTE IF CHANGING THIS FILE, ALSO APPLY THE CHANGE TO appveyor.yml
-# IF APPLICABLE!!!!
-#
-#
-# The config expects the following environment variables to be set:
-#  - "GN_CONFIG" Build type. One of {'testing', 'release'}.
-#  - "GN_EXTRA_ARGS" Additional gn arguments for a build config,
-#      e.g. 'target_cpu="x86"' to build for a 32bit platform.
-#      https://gn.googlesource.com/gn/+/main/docs/reference.md#var_target_cpu
-#      Don't forget to set up "NPM_CONFIG_ARCH" and "TARGET_ARCH" accordingly
-#      if you pass a custom value for 'target_cpu'.
-#  - "ELECTRON_RELEASE" Set it to '1' upload binaries on success.
-#  - "NPM_CONFIG_ARCH" E.g. 'x86'. Is used to build native Node.js modules.
-#      Must match 'target_cpu' passed to "GN_EXTRA_ARGS" and "TARGET_ARCH" value.
-#  - "TARGET_ARCH" Choose from {'ia32', 'x64', 'arm', 'arm64'}.
-#      Is used in some publishing scripts, but does NOT affect the Electron binary.
-#      Must match 'target_cpu' passed to "GN_EXTRA_ARGS" and "NPM_CONFIG_ARCH" value.
-#  - "UPLOAD_TO_STORAGE" Set it to '1' upload a release to the Azure bucket.
-#      Otherwise the release will be uploaded to the GitHub Releases.
-#      (The value is only checked if "ELECTRON_RELEASE" is defined.)
-#
-# The publishing scripts expect access tokens to be defined as env vars,
-# but those are not covered here.
-#
-# AppVeyor docs on variables:
-# https://www.appveyor.com/docs/environment-variables/
-# https://www.appveyor.com/docs/build-configuration/#secure-variables
-# https://www.appveyor.com/docs/build-configuration/#custom-environment-variables
-
-version: 1.0.{build}
-build_cloud: electronhq-16-core
-image: e-131.0.6734.0
-environment:
-  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
-  ELECTRON_OUT_DIR: Default
-  ELECTRON_ENABLE_STACK_DUMPING: 1
-  ELECTRON_ALSO_LOG_TO_STDERR: 1
-  MOCHA_REPORTER: mocha-multi-reporters
-  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
-  DEPOT_TOOLS_WIN_TOOLCHAIN: 1
-  DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
-  GYP_MSVS_HASH_7393122652: 3ba76c5c20
-  PYTHONIOENCODING: UTF-8
-
-  matrix:
-
-    - job_name: Build Arm on X64 Windows
-    - job_name: Test On Windows On Arm Hardware
-      job_depends_on: Build Arm on X64 Windows
-      APPVEYOR_BUILD_WORKER_IMAGE: base-woa
-      APPVEYOR_BUILD_WORKER_CLOUD: electronhq-woa
-
-clone_script:
- ps: git clone -q $("--branch=" + $Env:APPVEYOR_REPO_BRANCH) $("https://github.com/" + $Env:APPVEYOR_REPO_NAME + ".git") $Env:APPVEYOR_BUILD_FOLDER
- ps: if (!$Env:APPVEYOR_PULL_REQUEST_NUMBER) {$("git checkout -qf " + $Env:APPVEYOR_REPO_COMMIT)}
- ps: if ($Env:APPVEYOR_PULL_REQUEST_NUMBER) {git fetch -q origin +refs/pull/$($Env:APPVEYOR_PULL_REQUEST_NUMBER)/head; git checkout -qf FETCH_HEAD}
-
-clone_folder: C:\projects\src\electron
-
-skip_branch_with_pr: true
-
-# the first failed job cancels other jobs and fails entire build
-matrix:
-  fast_finish: true
-
-for:
-
-  - matrix:
-      only:
-        - job_name: Build Arm on X64 Windows
-
-    build_script:
-      # TODO: Remove --ignore-engines once WOA image is up to node 20
-      - ps: |
-          node script/yarn.js install --frozen-lockfile --ignore-engines
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
-          $env:SHOULD_SKIP_ARTIFACT_VALIDATION = "false"
-          if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc-only change"
-            $env:SHOULD_SKIP_ARTIFACT_VALIDATION = "true"
-            Exit-AppveyorBuild
-          } else {
-            $global:LASTEXITCODE = 0
-          }
-      - cd ..
-      - ps: Write-Host "Building $env:GN_CONFIG build"
-      - git config --global core.longpaths true
-      - ps: >-
-          if (Test-Path -Path "$pwd\depot_tools") {
-            Remove-Item -Recurse -Force $pwd\depot_tools
-          }
-      - ps: >-
-          if (Test-Path -Path "$pwd\build-tools") {
-            Remove-Item -Recurse -Force $pwd\build-tools
-          }
-      - git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-      - ps: New-Item -Name depot_tools\.disable_auto_update -ItemType File
-      - depot_tools\bootstrap\win_tools.bat
-      - ps: |
-          Set-Content -Path $pwd\depot_tools\build_telemetry.cfg -Value '{"user": "info@electronjs.org", "status": "opt-out", "countdown": 10, "version": 1}'
-      - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
-      - ps: >-
-          if (Test-Path -Path "$pwd\src\electron") {
-            Remove-Item -Recurse -Force $pwd\src\electron
-          }
-      - git clone https://github.com/electron/build-tools.git
-      - cd build-tools
-      - npx yarn --ignore-engines
-      - mkdir third_party
-      - ps: >-
-          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
-      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
-      - ps: >-
-          & $env:RECLIENT_HELPER login
-      - ps: >-
-          $env:RBE_service = node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"
-      - ps: >-
-          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
-      - ps: >-
-          $env:RBE_experimental_credentials_helper_args = "print"
-      - ps: >-
-          if ($env:ELECTRON_RBE_JWT -eq '') {
-            $env:RBE_fail_early_min_action_count = "0"
-            $env:RBE_fail_early_min_fallback_ratio = "0"
-          }
-      - cd ..\..
-      - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
-      - ps: >-
-          if ($env:GN_CONFIG -ne 'release') {
-            $env:NINJA_STATUS="[%r processes, %f/%t @ %o/s : %es] "
-          }
-      - gclient config --name "src\electron" --unmanaged %GCLIENT_EXTRA_ARGS% "https://github.com/electron/electron"
-      # Patches are applied in the image bake. Check depshash to see if patches have changed.
-      - ps: $env:RUN_GCLIENT_SYNC="false"
-      - ps: $depshash_baked = Get-Content .\src\.depshash -Raw
-      - ps: cd src\electron
-      - ps: node script\generate-deps-hash.js
-      - ps: $depshash = Get-Content .\.depshash -Raw
-      - ps: cd ..\..
-      - ps: >-
-          if ($depshash_baked -ne $depshash) {
-            $env:RUN_GCLIENT_SYNC="true"
-          }
-      - if "%RUN_GCLIENT_SYNC%"=="true" ( gclient sync --with_branch_heads --with_tags ) else ( gclient runhooks )
-      - cd src
-      - ps: $env:PATH="$pwd\third_party\ninja;$env:PATH"
-      - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn
-      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") use_remoteexec=true %GN_EXTRA_ARGS% "
-      - gn check out/Default //electron:electron_lib
-      - gn check out/Default //electron:electron_app
-      - gn check out/Default //electron/shell/common/api:mojo
-      - autoninja -j 300 -C out/Default electron:electron_app
-      - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
-      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
-      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
-      - autoninja -C out/Default electron:electron_dist_zip
-      - gn desc out/Default v8:run_mksnapshot_default args > out/Default/default_mksnapshot_args
-      # Remove unused args from mksnapshot_args
-      - ps: >-
-          Get-Content out/Default/default_mksnapshot_args | Where-Object { -not $_.Contains('--turbo-profiling-input') -And -not $_.Contains('builtins-pgo') -And -not $_.Contains('The gn arg use_goma=true') } | Set-Content out/Default/mksnapshot_args
-      - autoninja -C out/Default electron:electron_mksnapshot_zip
-      - cd out\Default
-      - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
-      - cd ..\..
-      - autoninja -C out/Default electron:hunspell_dictionaries_zip
-      - autoninja -C out/Default electron:electron_chromedriver_zip
-      - autoninja -C out/Default electron:node_headers
-      - ps: >-
-          Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
-      - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
-      - 7z a node_headers.zip out\Default\gen\node_headers
-      - 7z a nan.zip third_party\nan
-      - ps: >-
-          if ($env:GN_CONFIG -eq 'release') {
-            # Needed for msdia140.dll on 64-bit windows
-            $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-          }
-      - if "%GN_CONFIG%"=="release" ( autoninja -C out/Default electron:electron_symbols )
-      - ps: >-
-          if ($env:GN_CONFIG -eq 'release') {
-            python3 electron\script\zip-symbols.py
-            appveyor-retry appveyor PushArtifact out/Default/symbols.zip
-          } else {
-            # It's useful to have pdb files when debugging testing builds that are
-            # built on CI.
-            7z a pdb.zip out\Default\*.pdb
-          }
-      - ps: |
-          $manifest_file = "electron/script/zip_manifests/dist_zip.win.$env:TARGET_ARCH.manifest"
-          python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip $manifest_file
-          if ($LASTEXITCODE -ne 0) {
-            throw "Zip contains files not listed in the manifest $manifest_file"
-          }
-      - ps: |
-          cd C:\projects\src
-          $missing_artifacts = $false
-          if ($env:SHOULD_SKIP_ARTIFACT_VALIDATION -eq 'true') {
-            Write-warning "Skipping artifact validation for doc-only $env:APPVEYOR_PROJECT_NAME"
-          } else {
-            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip','nan.zip'
-            foreach($artifact_name in $artifacts_to_validate) {
-              if ($artifact_name -eq 'ffmpeg.zip') {
-                $artifact_file = "out\ffmpeg\ffmpeg.zip"
-              } elseif (
-                $artifact_name -eq 'node_headers.zip') {
-                $artifact_file = $artifact_name
-              } elseif (
-                $artifact_name -eq 'nan.zip') {
-                $artifact_file = $artifact_name
-              } else {
-                $artifact_file = "out\Default\$artifact_name"
-              }
-              if (-not(Test-Path $artifact_file)) {
-                Write-warning "$artifact_name is missing and cannot be added to artifacts"
-                $missing_artifacts = $true
-              }
-            }
-          }
-          if ($missing_artifacts) {
-            throw "Build failed due to missing artifacts"
-          }
-
-    deploy_script:
-      - cd electron
-      - ps: >-
-          if (Test-Path Env:\ELECTRON_RELEASE) {
-            if (Test-Path Env:\UPLOAD_TO_STORAGE) {
-              Write-Output "Uploading Electron release distribution to azure"
-              & python3 script\release\uploaders\upload.py --verbose --upload_to_storage
-            } else {
-              Write-Output "Uploading Electron release distribution to github releases"
-              & python3 script\release\uploaders\upload.py --verbose
-            }
-          }
-    on_finish:
-      # Uncomment this lines to enable RDP
-      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - cd C:\projects\src
-      - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
-      - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
-      - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
-      - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
-      - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
-      - if exist nan.zip (appveyor-retry appveyor PushArtifact nan.zip)
-      - if exist out\Default\mksnapshot.zip (appveyor-retry appveyor PushArtifact out\Default\mksnapshot.zip)
-      - if exist out\Default\hunspell_dictionaries.zip (appveyor-retry appveyor PushArtifact out\Default\hunspell_dictionaries.zip)
-      - if exist out\Default\electron.lib (appveyor-retry appveyor PushArtifact out\Default\electron.lib)        
-      - ps: >-
-          if ((Test-Path "pdb.zip") -And ($env:GN_CONFIG -ne 'release')) {
-            appveyor-retry appveyor PushArtifact pdb.zip
-          }
-  - matrix:
-      only:
-        - job_name: Test On Windows On Arm Hardware
-
-    environment:
-        IGNORE_YARN_INSTALL_ERROR: 1
-        ELECTRON_TEST_RESULTS_DIR: C:\projects\src\electron\junit
-        MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
-        MOCHA_REPORTER: mocha-multi-reporters
-        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
-        DD_ENV: ci
-        DD_SERVICE: electron
-        DD_CIVISIBILITY_LOGS_ENABLED: true
-        DD_GIT_REPOSITORY_URL: "https://github.com/electron/electron.git"
-
-    build_script:
-      - ps: |
-          node script/yarn.js install --frozen-lockfile --ignore-engines
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
-          if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"
-            Exit-AppveyorBuild
-          } else {
-            $global:LASTEXITCODE = 0
-          }
-      - ps: Invoke-WebRequest -Uri "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_win-x64" -OutFile "C:\projects\src\electron\datadog-ci.exe"
-      - cd ..
-      - mkdir out\Default
-      - cd ..
-      - ps: |
-          # Download build artifacts
-          $apiUrl = 'https://ci.appveyor.com/api'
-          $build_info = Invoke-RestMethod -Method Get -Uri "$apiUrl/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/builds/$env:APPVEYOR_BUILD_ID"
-          $artifacts_to_download = @('dist.zip','ffmpeg.zip','node_headers.zip','electron.lib', 'nan.zip')
-          foreach ($job in $build_info.build.jobs) {
-            if ($job.name -eq "Build Arm on X64 Windows") {
-              $jobId = $job.jobId
-              foreach($artifact_name in $artifacts_to_download) {
-                if ($artifact_name -eq 'electron.lib') {
-                  $outfile = "src\out\Default\$artifact_name"
-                } else {
-                  $outfile = $artifact_name
-                }
-                Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/$artifact_name" -OutFile $outfile
-              }
-              # Uncomment the following lines to download the pdb.zip to show real stacktraces when crashes happen during testing
-              Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/pdb.zip" -OutFile pdb.zip
-              7z x -y -osrc pdb.zip
-            }
-          }
-      - ps: |
-          $out_default_zips = @('dist.zip')
-          foreach($zip_name in $out_default_zips) {
-            7z x -y -osrc\out\Default $zip_name
-          }
-      - ps: 7z x -y -osrc\out\ffmpeg ffmpeg.zip
-      - ps: 7z x -y -osrc node_headers.zip
-      - ps: 7z x -y -osrc nan.zip
-
-    test_script:
-      # Workaround for https://github.com/appveyor/ci/issues/2420
-      - set "PATH=%PATH%;C:\Program Files\Git\mingw64\libexec\git-core"
-      - ps: |
-          cd src
-          New-Item .\out\Default\gen\node_headers\Release -Type directory
-          Copy-Item -path .\out\Default\electron.lib -destination .\out\Default\gen\node_headers\Release\node.lib
-      - set npm_config_nodedir=%cd%\out\Default\gen\node_headers
-      - set npm_config_arch=arm64
-      - cd electron
-      # Explicitly set npm_config_arch because the .env doesn't persist
-      - ps: >-
-          if ($env:TARGET_ARCH -eq 'ia32') {
-            $env:npm_config_arch = "ia32"
-          }
-      - echo Running main test suite & node script/yarn test  --runners=main --enable-logging --disable-features=CalculateNativeWinOcclusion
-      - cd ..
-      - echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg
-
-    on_finish:
-      # Uncomment these lines to enable RDP
-      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - if exist electron\junit\test-results-main.xml ( appveyor-retry appveyor PushArtifact electron\junit\test-results-main.xml )
-      - ps: |
-          if ($env:DD_API_KEY) {
-            $env:DD_GIT_COMMIT_SHA = $env:APPVEYOR_REPO_COMMIT
-            $env:DD_GIT_BRANCH = $env:APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH
-            $env:DD_TAGS = "os.architecture:$env:TARGET_ARCH,os.family:windows,os.platform:win32"
-            if (Test-Path -Path "C:\projects\src\electron\junit\test-results-main.xml") {
-              C:\projects\src\electron\datadog-ci.exe junit upload --verbose C:\projects\src\electron\junit\test-results-main.xml
-            }
-          }
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,337 +0,0 @@
-# NOTE IF CHANGING THIS FILE, ALSO APPLY THE CHANGE TO appveyor-woa.yml
-# IF APPLICABLE!!!!
-#
-#
-# The config expects the following environment variables to be set:
-#  - "GN_CONFIG" Build type. One of {'testing', 'release'}.
-#  - "GN_EXTRA_ARGS" Additional gn arguments for a build config,
-#      e.g. 'target_cpu="x86"' to build for a 32bit platform.
-#      https://gn.googlesource.com/gn/+/main/docs/reference.md#var_target_cpu
-#      Don't forget to set up "NPM_CONFIG_ARCH" and "TARGET_ARCH" accordingly
-#      if you pass a custom value for 'target_cpu'.
-#  - "ELECTRON_RELEASE" Set it to '1' upload binaries on success.
-#  - "NPM_CONFIG_ARCH" E.g. 'x86'. Is used to build native Node.js modules.
-#      Must match 'target_cpu' passed to "GN_EXTRA_ARGS" and "TARGET_ARCH" value.
-#  - "TARGET_ARCH" Choose from {'ia32', 'x64', 'arm', 'arm64'}.
-#      Is used in some publishing scripts, but does NOT affect the Electron binary.
-#      Must match 'target_cpu' passed to "GN_EXTRA_ARGS" and "NPM_CONFIG_ARCH" value.
-#  - "UPLOAD_TO_STORAGE" Set it to '1' upload a release to the Azure bucket.
-#      Otherwise the release will be uploaded to the GitHub Releases.
-#      (The value is only checked if "ELECTRON_RELEASE" is defined.)
-#
-# The publishing scripts expect access tokens to be defined as env vars,
-# but those are not covered here.
-#
-# AppVeyor docs on variables:
-# https://www.appveyor.com/docs/environment-variables/
-# https://www.appveyor.com/docs/build-configuration/#secure-variables
-# https://www.appveyor.com/docs/build-configuration/#custom-environment-variables
-
-version: 1.0.{build}
-build_cloud: electronhq-16-core
-image: e-131.0.6734.0
-environment:
-  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
-  ELECTRON_OUT_DIR: Default
-  ELECTRON_ENABLE_STACK_DUMPING: 1
-  ELECTRON_ALSO_LOG_TO_STDERR: 1
-  MOCHA_REPORTER: mocha-multi-reporters
-  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
-  DEPOT_TOOLS_WIN_TOOLCHAIN: 1
-  DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
-  GYP_MSVS_HASH_7393122652: 3ba76c5c20
-  PYTHONIOENCODING: UTF-8
-
-  matrix:
-
-    - job_name: Build
-    - job_name: Test
-      job_depends_on: Build
-
-clone_script:
- ps: git clone -q $("--branch=" + $Env:APPVEYOR_REPO_BRANCH) $("https://github.com/" + $Env:APPVEYOR_REPO_NAME + ".git") $Env:APPVEYOR_BUILD_FOLDER
- ps: if (!$Env:APPVEYOR_PULL_REQUEST_NUMBER) {$("git checkout -qf " + $Env:APPVEYOR_REPO_COMMIT)}
- ps: if ($Env:APPVEYOR_PULL_REQUEST_NUMBER) {git fetch -q origin +refs/pull/$($Env:APPVEYOR_PULL_REQUEST_NUMBER)/head; git checkout -qf FETCH_HEAD}
-
-clone_folder: C:\projects\src\electron
-
-skip_branch_with_pr: true
-
-# the first failed job cancels other jobs and fails entire build
-matrix:
-  fast_finish: true
-
-for:
-
-  - matrix:
-      only:
-        - job_name: Build
-
-    build_script:
-      - ps: |
-          node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
-          $env:SHOULD_SKIP_ARTIFACT_VALIDATION = "false"
-          if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc-only change"
-            $env:SHOULD_SKIP_ARTIFACT_VALIDATION = "true"
-            Exit-AppveyorBuild
-          } else {
-            $global:LASTEXITCODE = 0
-          }
-      - cd ..
-      - ps: Write-Host "Building $env:GN_CONFIG build"
-      - git config --global core.longpaths true
-      - ps: >-
-          if (Test-Path -Path "$pwd\depot_tools") {
-            Remove-Item -Recurse -Force $pwd\depot_tools
-          }
-      - ps: >-
-          if (Test-Path -Path "$pwd\build-tools") {
-            Remove-Item -Recurse -Force $pwd\build-tools
-          }
-      - git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
-      - ps: New-Item -Name depot_tools\.disable_auto_update -ItemType File
-      - depot_tools\bootstrap\win_tools.bat
-      - ps: |
-          Set-Content -Path $pwd\depot_tools\build_telemetry.cfg -Value '{"user": "info@electronjs.org", "status": "opt-out", "countdown": 10, "version": 1}'
-      - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
-      - ps: >-
-          if (Test-Path -Path "$pwd\src\electron") {
-            Remove-Item -Recurse -Force $pwd\src\electron
-          }
-      - git clone https://github.com/electron/build-tools.git
-      - cd build-tools
-      - npx yarn --ignore-engines
-      - mkdir third_party
-      - ps: >-
-          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
-      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
-      - ps: >-
-          & $env:RECLIENT_HELPER login
-      - ps: >-
-          $env:RBE_service = node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"
-      - ps: >-
-          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
-      - ps: >-
-          $env:RBE_experimental_credentials_helper_args = "print"
-      - ps: >-
-          if ($env:ELECTRON_RBE_JWT -eq '') {
-            $env:RBE_fail_early_min_action_count = "0"
-            $env:RBE_fail_early_min_fallback_ratio = "0"
-          }
-      - cd ..\..
-      - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
-      - ps: >-
-          if ($env:GN_CONFIG -ne 'release') {
-            $env:NINJA_STATUS="[%r processes, %f/%t @ %o/s : %es] "
-          }
-      - gclient config --name "src\electron" --unmanaged %GCLIENT_EXTRA_ARGS% "https://github.com/electron/electron"
-      # Patches are applied in the image bake. Check depshash to see if patches have changed.
-      - ps: $env:RUN_GCLIENT_SYNC="false"
-      - ps: $depshash_baked = Get-Content .\src\.depshash -Raw
-      - ps: cd src\electron
-      - ps: node script\generate-deps-hash.js
-      - ps: $depshash = Get-Content .\.depshash -Raw
-      - ps: cd ..\..
-      - ps: >-
-          if ($depshash_baked -ne $depshash) {
-            $env:RUN_GCLIENT_SYNC="true"
-          }
-      - if "%RUN_GCLIENT_SYNC%"=="true" ( gclient sync --with_branch_heads --with_tags ) else ( gclient runhooks )
-      - cd src
-      - ps: $env:PATH="$pwd\third_party\ninja;$env:PATH"
-      - set BUILD_CONFIG_PATH=//electron/build/args/%GN_CONFIG%.gn
-      - gn gen out/Default "--args=import(\"%BUILD_CONFIG_PATH%\") use_remoteexec=true %GN_EXTRA_ARGS% "
-      - gn check out/Default //electron:electron_lib
-      - gn check out/Default //electron:electron_app
-      - gn check out/Default //electron/shell/common/api:mojo
-      - autoninja -j 300 -C out/Default electron:electron_app
-      - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
-      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
-      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
-      - autoninja -C out/Default electron:electron_dist_zip
-      - gn desc out/Default v8:run_mksnapshot_default args > out/Default/default_mksnapshot_args
-      # Remove unused args from mksnapshot_args
-      - ps: >-
-          Get-Content out/Default/default_mksnapshot_args | Where-Object { -not $_.Contains('--turbo-profiling-input') -And -not $_.Contains('builtins-pgo') -And -not $_.Contains('The gn arg use_goma=true') } | Set-Content out/Default/mksnapshot_args
-      - autoninja -C out/Default electron:electron_mksnapshot_zip
-      - cd out\Default
-      - 7z a mksnapshot.zip mksnapshot_args gen\v8\embedded.S
-      - cd ..\..
-      - autoninja -C out/Default electron:hunspell_dictionaries_zip
-      - autoninja -C out/Default electron:electron_chromedriver_zip
-      - autoninja -C out/Default electron:node_headers
-      - ps: >-
-          Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
-      - python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
-      - 7z a node_headers.zip out\Default\gen\node_headers
-      - ps: >-
-          if ($env:GN_CONFIG -eq 'release') {
-            # Needed for msdia140.dll on 64-bit windows
-            $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-          }
-      - if "%GN_CONFIG%"=="release" ( autoninja -C out/Default electron:electron_symbols )
-      - ps: >-
-          if ($env:GN_CONFIG -eq 'release') {
-            python3 electron\script\zip-symbols.py
-            appveyor-retry appveyor PushArtifact out/Default/symbols.zip
-          } else {
-            # It's useful to have pdb files when debugging testing builds that are
-            # built on CI.
-            7z a pdb.zip out\Default\*.pdb
-          }
-      - ps: |
-          $manifest_file = "electron/script/zip_manifests/dist_zip.win.$env:TARGET_ARCH.manifest"
-          python3 electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip $manifest_file
-          if ($LASTEXITCODE -ne 0) {
-            throw "Zip contains files not listed in the manifest $manifest_file"
-          }
-      - ps: |
-          cd C:\projects\src
-          $missing_artifacts = $false
-          if ($env:SHOULD_SKIP_ARTIFACT_VALIDATION -eq 'true') {
-            Write-warning "Skipping artifact validation for doc-only $env:APPVEYOR_PROJECT_NAME"
-          } else {
-            $artifacts_to_validate = 'dist.zip','windows_toolchain_profile.json','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib','hunspell_dictionaries.zip'
-            foreach($artifact_name in $artifacts_to_validate) {
-              if ($artifact_name -eq 'ffmpeg.zip') {
-                $artifact_file = "out\ffmpeg\ffmpeg.zip"
-              } elseif (
-                $artifact_name -eq 'node_headers.zip') {
-                $artifact_file = $artifact_name
-              } else {
-                $artifact_file = "out\Default\$artifact_name"
-              }
-              if (-not(Test-Path $artifact_file)) {
-                Write-warning "$artifact_name is missing and cannot be added to artifacts"
-                $missing_artifacts = $true
-              }
-            }
-          }
-          if ($missing_artifacts) {
-            throw "Build failed due to missing artifacts"
-          }
-
-    deploy_script:
-      - cd electron
-      - ps: >-
-          if (Test-Path Env:\ELECTRON_RELEASE) {
-            if (Test-Path Env:\UPLOAD_TO_STORAGE) {
-              Write-Output "Uploading Electron release distribution to azure"
-              & python3 script\release\uploaders\upload.py --verbose --upload_to_storage
-            } else {
-              Write-Output "Uploading Electron release distribution to github releases"
-              & python3 script\release\uploaders\upload.py --verbose
-            }
-          }
-    on_finish:
-      # Uncomment this lines to enable RDP
-      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - cd C:\projects\src
-      - if exist out\Default\windows_toolchain_profile.json ( appveyor-retry appveyor PushArtifact out\Default\windows_toolchain_profile.json )
-      - if exist out\Default\dist.zip (appveyor-retry appveyor PushArtifact out\Default\dist.zip)
-      - if exist out\Default\chromedriver.zip (appveyor-retry appveyor PushArtifact out\Default\chromedriver.zip)
-      - if exist out\ffmpeg\ffmpeg.zip (appveyor-retry appveyor PushArtifact out\ffmpeg\ffmpeg.zip)
-      - if exist node_headers.zip (appveyor-retry appveyor PushArtifact node_headers.zip)
-      - if exist out\Default\mksnapshot.zip (appveyor-retry appveyor PushArtifact out\Default\mksnapshot.zip)
-      - if exist out\Default\hunspell_dictionaries.zip (appveyor-retry appveyor PushArtifact out\Default\hunspell_dictionaries.zip)
-      - if exist out\Default\electron.lib (appveyor-retry appveyor PushArtifact out\Default\electron.lib)        
-      - ps: >-
-          if ((Test-Path "pdb.zip") -And ($env:GN_CONFIG -ne 'release')) {
-            appveyor-retry appveyor PushArtifact pdb.zip
-          }
-  - matrix:
-      only:
-        - job_name: Test
-
-    environment:
-        DD_ENV: ci
-        DD_SERVICE: electron
-        DD_CIVISIBILITY_LOGS_ENABLED: true
-        DD_GIT_REPOSITORY_URL: "https://github.com/electron/electron.git"
-        ELECTRON_TEST_RESULTS_DIR: C:\projects\src\electron\junit
-
-    init:
-      - ps: |
-          if ($env:RUN_TESTS -ne 'true') {
-            Write-warning "Skipping tests for $env:APPVEYOR_PROJECT_NAME"; Exit-AppveyorBuild
-          }
-    build_script:
-      - ps: |
-          node script/yarn.js install --frozen-lockfile
-          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
-          if ($LASTEXITCODE -eq 0) {
-            Write-warning "Skipping build for doc only change"
-            Exit-AppveyorBuild
-          } else {
-            $global:LASTEXITCODE = 0
-          }
-      - npm install -g @datadog/datadog-ci
-      - cd ..
-      - mkdir out\Default
-      - cd ..
-      - ps: |
-          # Download build artifacts
-          $apiUrl = 'https://ci.appveyor.com/api'
-          $build_info = Invoke-RestMethod -Method Get -Uri "$apiUrl/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/builds/$env:APPVEYOR_BUILD_ID"
-          $artifacts_to_download = @('dist.zip','chromedriver.zip','ffmpeg.zip','node_headers.zip','mksnapshot.zip','electron.lib')
-          foreach ($job in $build_info.build.jobs) {
-            if ($job.name -eq "Build") {
-              $jobId = $job.jobId
-              foreach($artifact_name in $artifacts_to_download) {
-                if ($artifact_name -eq 'electron.lib') {
-                  $outfile = "src\out\Default\$artifact_name"
-                } else {
-                  $outfile = $artifact_name
-                }
-                Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/$artifact_name" -OutFile $outfile
-              }
-              # Uncomment the following lines to download the pdb.zip to show real stacktraces when crashes happen during testing
-              Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/pdb.zip" -OutFile pdb.zip
-              7z x -y -osrc pdb.zip
-            }
-          }
-      - ps: |
-          $out_default_zips = @('dist.zip','chromedriver.zip','mksnapshot.zip')
-          foreach($zip_name in $out_default_zips) {
-            7z x -y -osrc\out\Default $zip_name
-          }
-      - ps: 7z x -y -osrc\out\ffmpeg ffmpeg.zip
-      - ps: 7z x -y -osrc node_headers.zip
-
-    test_script:
-      # Workaround for https://github.com/appveyor/ci/issues/2420
-      - set "PATH=%PATH%;C:\Program Files\Git\mingw64\libexec\git-core"
-      - ps: |
-          cd src
-          New-Item .\out\Default\gen\node_headers\Release -Type directory
-          Copy-Item -path .\out\Default\electron.lib -destination .\out\Default\gen\node_headers\Release\node.lib
-      - cd electron
-      # Explicitly set npm_config_arch because the .env doesn't persist
-      - ps: >-
-          if ($env:TARGET_ARCH -eq 'ia32') {
-            $env:npm_config_arch = "ia32"
-          }
-      - echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging
-      - cd ..
-      - echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg
-      - echo "About to verify mksnapshot"
-      - echo Verifying mksnapshot & python electron\script\verify-mksnapshot.py --build-dir out\Default --source-root %cd%
-      - echo "Done verifying mksnapshot"
-      - echo Verifying chromedriver & python electron\script\verify-chromedriver.py --build-dir out\Default --source-root %cd%
-      - echo "Done verifying chromedriver"
-
-    on_finish:
-      # Uncomment these lines to enable RDP
-      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - if exist electron\junit\test-results-main.xml ( appveyor-retry appveyor PushArtifact electron\junit\test-results-main.xml )
-      - ps: |
-          if ($env:RUN_TESTS -eq 'true' -And $env:DD_API_KEY) {
-            $env:DD_GIT_COMMIT_SHA = $env:APPVEYOR_REPO_COMMIT
-            $env:DD_GIT_BRANCH = $env:APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH
-            $env:DD_TAGS = "os.architecture:$env:TARGET_ARCH,os.family:windows,os.platform:win32"
-            if (Test-Path -Path "C:\projects\src\electron\junit\test-results-main.xml") {
-              C:\Users\appveyor\AppData\Roaming\npm\datadog-ci.ps1 junit upload --verbose C:\projects\src\electron\junit\test-results-main.xml
-            }
-          }
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]

 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 128
+node_module_version = 133

 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -14,8 +14,8 @@ v8_enable_snapshot_native_code_counters = false
 v8_enable_javascript_promise_hooks = true

 enable_cdm_host_verification = false
-proprietary_codecs = true
 ffmpeg_branding = "Chrome"
+proprietary_codecs = true

 enable_printing = true

@@ -48,7 +48,8 @@ enable_cet_shadow_stack = false
 is_cfi = false

 # TODO: fix this once sysroots have been updated.
-use_qt = false
+use_qt5 = false
+use_qt6 = false

 # Disables the builtins PGO for V8
 v8_builtins_profiling_log_file = ""
@@ -65,11 +66,18 @@ v8_enable_private_mapping_fork_optimization = true
 # Expose public V8 symbols for native modules.
 v8_expose_public_symbols = true

+# Disable snapshotting a page when printing for its content to be analyzed for
+# sensitive content by enterprise users.
+enterprise_cloud_content_analysis = false
+
+# TODO: remove dependency on legacy ipc
+# https://issues.chromium.org/issues/40943039
+content_enable_legacy_ipc = true
+
+# Electron has its own unsafe-buffers enforcement directories.
+# TODO: clang_unsafe_buffers_paths = "//electron/electron_unsafe_buffers_paths.txt"
+#
 # Disables unsafe-buffers-usage plugin due to incompatibilities with our reclient implementation
 # Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5426599
 # Ref: https://github.com/electron/electron/commit/8e20f16ea35eeaeb149ae63bad3703d782665f6a
 clang_unsafe_buffers_paths = ""
-
-# Disable snapshotting a page when printing for its content to be analyzed for
-# sensitive content by enterprise users.
-enterprise_cloud_content_analysis = false
--- a/build/args/ffmpeg.gn
+++ b/build/args/ffmpeg.gn
@@ -1,7 +1,7 @@
-import("all.gn")
+import("//electron/build/args/all.gn")
 is_component_build = false
 is_component_ffmpeg = true
 is_official_build = true
-proprietary_codecs = false
 ffmpeg_branding = "Chromium"
 enable_dsyms = false
+proprietary_codecs = false
--- a/build/args/release.gn
+++ b/build/args/release.gn
@@ -1,14 +1,7 @@
-import("all.gn")
+import("//electron/build/args/all.gn")
 is_component_build = false
 is_official_build = true

-# This may be guarded behind is_chrome_branded alongside
-# proprietary_codecs https://webrtc-review.googlesource.com/c/src/+/36321,
-# explicitly override here to build OpenH264 encoder/FFmpeg decoder.
-# The initialization of the decoder depends on whether ffmpeg has
-# been built with H.264 support.
-rtc_use_h264 = proprietary_codecs
-
 # By default, Electron builds ffmpeg with proprietary codecs enabled. In order
 # to facilitate users who don't want to ship proprietary codecs in ffmpeg, or
 # who have an LGPL requirement to ship ffmpeg as a dynamically linked library,
--- a/build/args/testing.gn
+++ b/build/args/testing.gn
@@ -1,14 +1,7 @@
-import("all.gn")
+import("//electron/build/args/all.gn")
 is_debug = false
 is_component_build = false
 is_component_ffmpeg = true
 is_official_build = false
 dcheck_always_on = true
 symbol_level = 1
-
-# This may be guarded behind is_chrome_branded alongside
-# proprietary_codecs https://webrtc-review.googlesource.com/c/src/+/36321,
-# explicitly override here to build OpenH264 encoder/FFmpeg decoder.
-# The initialization of the decoder depends on whether ffmpeg has
-# been built with H.264 support.
-rtc_use_h264 = proprietary_codecs
--- a/build/config/BUILD.gn
+++ b/build/config/BUILD.gn
@@ -1,8 +1,11 @@
-# For MAS build, we force defining "MAS_BUILD".
-config("mas_build") {
+action("generate_mas_config") {
+  outputs = [ "$target_gen_dir/../../mas.h" ]
+  script = "../../script/generate-mas-config.py"
  if (is_mas_build) {
-    defines = [ "IS_MAS_BUILD()=1" ]
+    args = [ "true" ]
  } else {
-    defines = [ "IS_MAS_BUILD()=0" ]
+    args = [ "false" ]
  }
+
+  args += rebase_path(outputs)
 }
--- a/build/fuses/build.py
+++ b/build/fuses/build.py
@@ -36,7 +36,6 @@ TEMPLATE_CC = """

 #if DCHECK_IS_ON()
 #include "base/command_line.h"
-#include "base/strings/string_util.h"
 #include <string>
 #endif

--- a/build/generate_node_defines.py
+++ b/build/generate_node_defines.py
@@ -2,7 +2,7 @@ import os
 import re
 import sys

-DEFINE_EXTRACT_REGEX = re.compile('^ *# *define (\w*)', re.MULTILINE)
+DEFINE_EXTRACT_REGEX = re.compile(r'^ *# *define (\w*)', re.MULTILINE)

 def main(out_dir, headers):
  defines = []
--- a/build/rules.gni
+++ b/build/rules.gni
@@ -29,7 +29,7 @@ template("compile_ib_files") {

    _output_extension = invoker.output_extension

-    script = "//build/config/ios/compile_ib_files.py"
+    script = "//build/config/apple/compile_ib_files.py"
    sources = invoker.sources
    outputs = [
      "$target_gen_dir/$target_name/{{source_name_part}}.$_output_extension",
--- a/build/webpack/webpack.config.preload_realm.js
+++ b/build/webpack/webpack.config.preload_realm.js
@@ -0,0 +1,6 @@
+module.exports = require('./webpack.config.base')({
+  target: 'preload_realm',
+  alwaysHasNode: false,
+  wrapInitWithProfilingTimeout: true,
+  wrapInitWithTryCatch: true
+});
--- a/build/zip.py
+++ b/build/zip.py
@@ -59,7 +59,7 @@ def skip_path(dep, dist_zip, target_cpu):
      and dep == "snapshot_blob.bin"
    )
  )
-  if should_skip:
+  if should_skip and os.environ.get('ELECTRON_DEBUG_ZIP_SKIP') == '1':
    print("Skipping {}".format(dep))
  return should_skip

--- a/chromium_src/BUILD.gn
+++ b/chromium_src/BUILD.gn
@@ -6,7 +6,6 @@ import("//build/config/ozone.gni")
 import("//build/config/ui.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//electron/buildflags/buildflags.gni")
-import("//ppapi/buildflags/buildflags.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//third_party/widevine/cdm/widevine.gni")

@@ -14,6 +13,8 @@ import("//third_party/widevine/cdm/widevine.gni")
 static_library("chrome") {
  visibility = [ "//electron:electron_lib" ]
  sources = [
+    "//ash/style/rounded_rect_cutout_path_builder.cc",
+    "//ash/style/rounded_rect_cutout_path_builder.h",
    "//chrome/browser/app_mode/app_mode_utils.cc",
    "//chrome/browser/app_mode/app_mode_utils.h",
    "//chrome/browser/browser_features.cc",
@@ -29,16 +30,18 @@ static_library("chrome") {
    "//chrome/browser/devtools/devtools_file_system_indexer.cc",
    "//chrome/browser/devtools/devtools_file_system_indexer.h",
    "//chrome/browser/devtools/devtools_settings.h",
+    "//chrome/browser/devtools/features.cc",
+    "//chrome/browser/devtools/features.h",
    "//chrome/browser/devtools/visual_logging.cc",
    "//chrome/browser/devtools/visual_logging.h",
-    "//chrome/browser/extensions/global_shortcut_listener.cc",
-    "//chrome/browser/extensions/global_shortcut_listener.h",
    "//chrome/browser/file_system_access/file_system_access_features.cc",
    "//chrome/browser/file_system_access/file_system_access_features.h",
    "//chrome/browser/icon_loader.cc",
    "//chrome/browser/icon_loader.h",
    "//chrome/browser/icon_manager.cc",
    "//chrome/browser/icon_manager.h",
+    "//chrome/browser/media/webrtc/delegated_source_list_capturer.cc",
+    "//chrome/browser/media/webrtc/delegated_source_list_capturer.h",
    "//chrome/browser/media/webrtc/desktop_capturer_wrapper.cc",
    "//chrome/browser/media/webrtc/desktop_capturer_wrapper.h",
    "//chrome/browser/media/webrtc/desktop_media_list.cc",
@@ -65,6 +68,8 @@ static_library("chrome") {
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
+    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager_uma_helper.cc",
+    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager_uma_helper.h",
    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.cc",
    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.h",
    "//chrome/browser/platform_util.cc",
@@ -111,6 +116,8 @@ static_library("chrome") {
    "//chrome/browser/ui/view_ids.h",
    "//chrome/browser/ui/views/eye_dropper/eye_dropper.cc",
    "//chrome/browser/ui/views/eye_dropper/eye_dropper.h",
+    "//chrome/browser/ui/views/overlay/back_to_tab_button.cc",
+    "//chrome/browser/ui/views/overlay/back_to_tab_button.h",
    "//chrome/browser/ui/views/overlay/back_to_tab_label_button.cc",
    "//chrome/browser/ui/views/overlay/close_image_button.cc",
    "//chrome/browser/ui/views/overlay/close_image_button.h",
@@ -139,6 +146,8 @@ static_library("chrome") {
    "//chrome/browser/ui/webui/accessibility/accessibility_ui.h",
    "//extensions/browser/app_window/size_constraints.cc",
    "//extensions/browser/app_window/size_constraints.h",
+    "//ui/base/accelerators/global_accelerator_listener/global_accelerator_listener.cc",
+    "//ui/base/accelerators/global_accelerator_listener/global_accelerator_listener.h",
    "//ui/views/native_window_tracker.h",
  ]

@@ -148,19 +157,15 @@ static_library("chrome") {

  if (is_win) {
    sources += [
-      "//chrome/browser/extensions/global_shortcut_listener_win.cc",
-      "//chrome/browser/extensions/global_shortcut_listener_win.h",
      "//chrome/browser/icon_loader_win.cc",
      "//chrome/browser/media/webrtc/window_icon_util_win.cc",
      "//chrome/browser/process_singleton_win.cc",
-      "//chrome/browser/ui/frame/window_frame_util.h",
      "//chrome/browser/win/chrome_process_finder.cc",
      "//chrome/browser/win/chrome_process_finder.h",
      "//chrome/browser/win/chrome_select_file_dialog_factory.cc",
      "//chrome/browser/win/chrome_select_file_dialog_factory.h",
      "//chrome/browser/win/titlebar_config.cc",
      "//chrome/browser/win/titlebar_config.h",
-      "//chrome/browser/win/titlebar_config.h",
      "//chrome/browser/win/util_win_service.cc",
      "//chrome/browser/win/util_win_service.h",
      "//chrome/child/v8_crashpad_support_win.cc",
@@ -173,15 +178,15 @@ static_library("chrome") {
  }

  public_deps = [
-    "//chrome/browser:dev_ui_browser_resources",
    "//chrome/browser/resources/accessibility:resources",
+    "//chrome/browser/ui/color:color_headers",
    "//chrome/browser/ui/color:mixers",
    "//chrome/common",
    "//chrome/common:version_header",
+    "//components/global_media_controls",
    "//components/keyed_service/content",
    "//components/paint_preview/buildflags",
    "//components/proxy_config",
-    "//components/services/language_detection/public/mojom",
    "//content/public/browser",
    "//services/strings",
  ]
@@ -190,11 +195,16 @@ static_library("chrome") {
    "//chrome/app/vector_icons",
    "//chrome/browser:resource_prefetch_predictor_proto",
    "//chrome/browser/resource_coordinator:mojo_bindings",
+    "//chrome/browser/task_manager/common:impl",
+    "//chrome/browser/ui/webui/tab_search:mojo_bindings",
    "//chrome/browser/web_applications/mojom:mojom_web_apps_enum",
    "//components/enterprise/buildflags",
+    "//components/enterprise/common/proto:browser_events_proto",
    "//components/enterprise/common/proto:connectors_proto",
+    "//components/enterprise/obfuscation/core:enterprise_obfuscation",
    "//components/safe_browsing/core/browser/db:safebrowsing_proto",
    "//components/vector_icons:vector_icons",
+    "//ui/base/accelerators/global_accelerator_listener",
    "//ui/snapshot",
    "//ui/views/controls/webview",
  ]
@@ -210,14 +220,11 @@ static_library("chrome") {
  }

  if (is_linux) {
-    sources += [ "//chrome/browser/icon_loader_auralinux.cc" ]
-    if (use_ozone) {
-      deps += [ "//ui/ozone" ]
-      sources += [
-        "//chrome/browser/extensions/global_shortcut_listener_ozone.cc",
-        "//chrome/browser/extensions/global_shortcut_listener_ozone.h",
-      ]
-    }
+    sources += [
+      "//chrome/browser/icon_loader_auralinux.cc",
+      "//ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_linux.cc",
+      "//ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_linux.h",
+    ]
    sources += [
      "//chrome/browser/ui/views/status_icons/concat_menu_model.cc",
      "//chrome/browser/ui/views/status_icons/concat_menu_model.h",
@@ -228,10 +235,7 @@ static_library("chrome") {
      "//chrome/browser/ui/views/dark_mode_manager_linux.cc",
      "//chrome/browser/ui/views/dark_mode_manager_linux.h",
    ]
-    public_deps += [
-      "//components/dbus/menu",
-      "//components/dbus/thread_linux",
-    ]
+    public_deps += [ "//components/dbus" ]
  }

  if (is_win) {
@@ -253,8 +257,6 @@ static_library("chrome") {

  if (is_mac) {
    sources += [
-      "//chrome/browser/extensions/global_shortcut_listener_mac.h",
-      "//chrome/browser/extensions/global_shortcut_listener_mac.mm",
      "//chrome/browser/icon_loader_mac.mm",
      "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.h",
      "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.mm",
@@ -263,11 +265,13 @@ static_library("chrome") {
      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.h",
      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.mm",
      "//chrome/browser/media/webrtc/window_icon_util_mac.mm",
+      "//chrome/browser/permissions/system/media_authorization_wrapper_mac.h",
      "//chrome/browser/platform_util_mac.mm",
      "//chrome/browser/process_singleton_mac.mm",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.h",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.mm",
    ]
+    deps += [ ":system_media_capture_permissions_mac_conflict" ]
  }

  if (enable_widevine) {
@@ -419,46 +423,6 @@ static_library("chrome") {
  }
 }

-source_set("plugins") {
-  sources = []
-  deps = []
-  frameworks = []
-
-  # browser side
-  sources += [
-    "//chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.cc",
-    "//chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.h",
-    "//chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.cc",
-    "//chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h",
-  ]
-
-  # renderer side
-  sources += [
-    "//chrome/renderer/pepper/chrome_renderer_pepper_host_factory.cc",
-    "//chrome/renderer/pepper/chrome_renderer_pepper_host_factory.h",
-    "//chrome/renderer/pepper/pepper_shared_memory_message_filter.cc",
-    "//chrome/renderer/pepper/pepper_shared_memory_message_filter.h",
-  ]
-
-  deps += [
-    "//components/strings",
-    "//media:media_buildflags",
-    "//services/device/public/mojom",
-    "//skia",
-    "//storage/browser",
-  ]
-
-  if (enable_ppapi) {
-    deps += [
-      "//ppapi/buildflags",
-      "//ppapi/host",
-      "//ppapi/proxy",
-      "//ppapi/proxy:ipc",
-      "//ppapi/shared_impl",
-    ]
-  }
-}
-
 # This source set is just so we don't have to depend on all of //chrome/browser
 # You may have to add new files here during the upgrade if //chrome/browser/spellchecker
 # gets more files
@@ -527,3 +491,16 @@ source_set("chrome_spellchecker") {
    "//components/spellcheck/renderer",
  ]
 }
+
+# These sources create an object file conflict with one in |:chrome|, so they
+# must live in a separate target.
+# Conflicting sources:
+#   //chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm
+#   //chrome/browser/permissions/system/system_media_capture_permissions_mac.mm
+source_set("system_media_capture_permissions_mac_conflict") {
+  sources = [
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.h",
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.mm",
+  ]
+  deps = [ "//chrome/common" ]
+}
--- a/default_app/main.ts
+++ b/default_app/main.ts
@@ -93,9 +93,7 @@ async function loadApplicationPackage (packagePath: string) {
      try {
        process.emitWarning = () => {};
        packageJson = (await import(url.pathToFileURL(packageJsonPath).toString(), {
-          assert: {
-            type: 'json'
-          }
+          with: { type: 'json' }
        })).default;
      } catch (e) {
        showErrorMessage(`Unable to parse ${packageJsonPath}\n\n${(e as Error).message}`);
--- a/docs/README.md
+++ b/docs/README.md
@@ -21,7 +21,6 @@ an issue:
 ### Getting started

 * [Introduction](tutorial/introduction.md)
-* [Quick Start](tutorial/quick-start.md)
 * [Process Model](tutorial/process-model.md)

 ### Learning the basics
@@ -37,6 +36,7 @@ an issue:
  * [Offline/Online Detection](tutorial/online-offline-events.md)
  * [Represented File for macOS BrowserWindows](tutorial/represented-file.md)
  * [Native File Drag & Drop](tutorial/native-file-drag-drop.md)
+  * [Navigation History](tutorial/navigation-history.md)
  * [Offscreen Rendering](tutorial/offscreen-rendering.md)
  * [Dark Mode](tutorial/dark-mode.md)
  * [Web embeds in Electron](tutorial/web-embeds.md)
@@ -127,6 +127,7 @@ These individual tutorials expand on topics discussed in the guide above.
 * [pushNotifications](api/push-notifications.md)
 * [safeStorage](api/safe-storage.md)
 * [screen](api/screen.md)
+* [ServiceWorkerMain](api/service-worker-main.md)
 * [session](api/session.md)
 * [ShareMenu](api/share-menu.md)
 * [systemPreferences](api/system-preferences.md)
--- a/docs/api/app.md
+++ b/docs/api/app.md
@@ -514,20 +514,20 @@ and `will-quit` events will not be emitted.
  * `args` string[] (optional)
  * `execPath` string (optional)

-Relaunches the app when current instance exits.
+Relaunches the app when the current instance exits.

 By default, the new instance will use the same working directory and command line
-arguments with current instance. When `args` is specified, the `args` will be
-passed as command line arguments instead. When `execPath` is specified, the
-`execPath` will be executed for relaunch instead of current app.
+arguments as the current instance. When `args` is specified, the `args` will be
+passed as the command line arguments instead. When `execPath` is specified, the
+`execPath` will be executed for the relaunch instead of the current app.

-Note that this method does not quit the app when executed, you have to call
+Note that this method does not quit the app when executed. You have to call
 `app.quit` or `app.exit` after calling `app.relaunch` to make the app restart.

-When `app.relaunch` is called for multiple times, multiple instances will be
-started after current instance exited.
+When `app.relaunch` is called multiple times, multiple instances will be
+started after the current instance exits.

-An example of restarting current instance immediately and adding a new command
+An example of restarting the current instance immediately and adding a new command
 line argument to the new instance:

 ```js
@@ -1302,23 +1302,24 @@ Returns `Object`:
 Set the app's login item settings.

 To work with Electron's `autoUpdater` on Windows, which uses [Squirrel][Squirrel-Windows],
-you'll want to set the launch path to Update.exe, and pass arguments that specify your
-application name. For example:
+you'll want to set the launch path to your executable's name but a directory up, which is
+a stub application automatically generated by Squirrel which will automatically launch the
+latest version.

 ``` js
 const { app } = require('electron')
 const path = require('node:path')

 const appFolder = path.dirname(process.execPath)
-const updateExe = path.resolve(appFolder, '..', 'Update.exe')
-const exeName = path.basename(process.execPath)
+const ourExeName = path.basename(process.execPath)
+const stubLauncher = path.resolve(appFolder, '..', ourExeName)

 app.setLoginItemSettings({
  openAtLogin: true,
-  path: updateExe,
+  path: stubLauncher,
  args: [
-    '--processStart', `"${exeName}"`,
-    '--process-start-args', '"--hidden"'
+    // You might want to pass a parameter here indicating that this
+    // app was launched via login, but you don't have to
  ]
 })
 ```
@@ -1490,6 +1491,38 @@ This method can only be called after app is ready.

 Returns `Promise<string>` - Resolves with the proxy information for `url` that will be used when attempting to make requests using [Net](net.md) in the [utility process](../glossary.md#utility-process).

+### `app.setClientCertRequestPasswordHandler(handler)`  _Linux_
+
+* `handler` Function\<Promise\<string\>\>
+  * `clientCertRequestParams` Object
+    * `hostname` string - the hostname of the site requiring a client certificate
+    * `tokenName` string - the token (or slot) name of the cryptographic device
+    * `isRetry` boolean - whether there have been previous failed attempts at prompting the password
+
+  Returns `Promise<string>` - Resolves with the password
+
+The handler is called when a password is needed to unlock a client certificate for
+`hostname`.
+
+```js
+const { app } = require('electron')
+
+async function passwordPromptUI (text) {
+  return new Promise((resolve, reject) => {
+    // display UI to prompt user for password
+    // ...
+    // ...
+    resolve('the password')
+  })
+}
+
+app.setClientCertRequestPasswordHandler(async ({ hostname, tokenName, isRetry }) => {
+  const text = `Please sign in to ${tokenName} to authenticate to ${hostname} with your certificate`
+  const password = await passwordPromptUI(text)
+  return password
+})
+```
+
 ## Properties

 ### `app.accessibilitySupportEnabled` _macOS_ _Windows_
--- a/docs/api/auto-updater.md
+++ b/docs/api/auto-updater.md
@@ -68,7 +68,7 @@ Emitted when there is an error while updating.

 ### Event: 'checking-for-update'

-Emitted when checking if an update has started.
+Emitted when checking for an available update has started.

 ### Event: 'update-available'

--- a/docs/api/base-window.md
+++ b/docs/api/base-window.md
@@ -64,6 +64,31 @@ const child = new BaseWindow({ parent, modal: true })
 * On Linux the type of modal windows will be changed to `dialog`.
 * On Linux many desktop environments do not support hiding a modal window.

+## Resource management
+
+When you add a [`WebContentsView`](web-contents-view.md) to a `BaseWindow` and the `BaseWindow`
+is closed, the [`webContents`](web-contents.md) of the `WebContentsView` are not destroyed
+automatically.
+
+It is your responsibility to close the `webContents` when you no longer need them, e.g. when
+the `BaseWindow` is closed:
+
+```js
+const { BaseWindow, WebContentsView } = require('electron')
+
+const win = new BaseWindow({ width: 800, height: 600 })
+
+const view = new WebContentsView()
+win.contentView.addChildView(view)
+
+win.on('closed', () => {
+  view.webContents.close()
+})
+```
+
+Unlike with a [`BrowserWindow`](browser-window.md), if you don't explicitly close the
+`webContents`, you'll encounter memory leaks.
+
 ## Class: BaseWindow

 > Create and control windows.
@@ -119,10 +144,24 @@ _**Note**: There is a subtle difference between the behaviors of `window.onbefor
 Emitted when the window is closed. After you have received this event you should
 remove the reference to the window and avoid using it any more.

+#### Event: 'query-session-end' _Windows_
+
+Returns:
+
+* `event` [WindowSessionEndEvent][window-session-end-event]
+
+Emitted when a session is about to end due to a shutdown, machine restart, or user log-off.
+Calling `event.preventDefault()` can delay the system shutdown, though it’s generally best
+to respect the user’s choice to end the session. However, you may choose to use it if
+ending the session puts the user at risk of losing data.
+
 #### Event: 'session-end' _Windows_

-Emitted when window session is going to end due to force shutdown or machine restart
-or session log off.
+Returns:
+
+* `event` [WindowSessionEndEvent][window-session-end-event]
+
+Emitted when a session is about to end due to a shutdown, machine restart, or user log-off. Once this event fires, there is no way to prevent the session from ending.

 #### Event: 'blur'

@@ -1404,3 +1443,4 @@ On Linux, the `symbolColor` is automatically calculated to have minimum accessib
 [vibrancy-docs]: https://developer.apple.com/documentation/appkit/nsvisualeffectview?preferredLanguage=objc
 [window-levels]: https://developer.apple.com/documentation/appkit/nswindow/level
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
+[window-session-end-event]:../api/structures/window-session-end-event.md
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -207,10 +207,24 @@ _**Note**: There is a subtle difference between the behaviors of `window.onbefor
 Emitted when the window is closed. After you have received this event you should
 remove the reference to the window and avoid using it any more.

+#### Event: 'query-session-end' _Windows_
+
+Returns:
+
+* `event` [WindowSessionEndEvent][window-session-end-event]
+
+Emitted when a session is about to end due to a shutdown, machine restart, or user log-off.
+Calling `event.preventDefault()` can delay the system shutdown, though it’s generally best
+to respect the user’s choice to end the session. However, you may choose to use it if
+ending the session puts the user at risk of losing data.
+
 #### Event: 'session-end' _Windows_

-Emitted when window session is going to end due to force shutdown or machine restart
-or session log off.
+Returns:
+
+* `event` [WindowSessionEndEvent][window-session-end-event]
+
+Emitted when a session is about to end due to a shutdown, machine restart, or user log-off. Once this event fires, there is no way to prevent the session from ending.

 #### Event: 'unresponsive'

@@ -1549,13 +1563,17 @@ there is only one tab in the current window.

 Adds a window as a tab on this window, after the tab for the window instance.

-#### `win.setVibrancy(type)` _macOS_
+#### `win.setVibrancy(type[, options])` _macOS_

 * `type` string | null - Can be `titlebar`, `selection`, `menu`, `popover`, `sidebar`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`, `tooltip`, `content`, `under-window`, or `under-page`. See
  the [macOS documentation][vibrancy-docs] for more details.
+* `options` Object (optional)
+  * `animationDuration` number (optional) - if greater than zero, the change to vibrancy will be animated over the given duration (in milliseconds).

 Adds a vibrancy effect to the browser window. Passing `null` or an empty string
-will remove the vibrancy effect on the window.
+will remove the vibrancy effect on the window. The `animationDuration` parameter only
+ animates fading in or fading out the vibrancy effect. Animating between
+ different types of vibrancy is not supported.

 #### `win.setBackgroundMaterial(material)` _Windows_

@@ -1668,3 +1686,4 @@ On Linux, the `symbolColor` is automatically calculated to have minimum accessib
 [vibrancy-docs]: https://developer.apple.com/documentation/appkit/nsvisualeffectview?preferredLanguage=objc
 [window-levels]: https://developer.apple.com/documentation/appkit/nswindow/level
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
+[window-session-end-event]:../api/structures/window-session-end-event.md
--- a/docs/api/command-line-switches.md
+++ b/docs/api/command-line-switches.md
@@ -241,6 +241,13 @@ Force using discrete GPU when there are multiple GPUs available.

 Force using integrated GPU when there are multiple GPUs available.

+### --xdg-portal-required-version=`version`
+
+Sets the minimum required version of XDG portal implementation to `version`
+in order to use the portal backend for file dialogs on linux. File dialogs
+will fallback to using gtk or kde depending on the desktop environment when
+the required version is unavailable. Current default is set to `3`.
+
 ## Node.js Flags

 Electron supports some of the [CLI flags][node-cli] supported by Node.js.
--- a/docs/api/context-bridge.md
+++ b/docs/api/context-bridge.md
@@ -61,6 +61,20 @@ The `contextBridge` module has the following methods:
 * `apiKey` string - The key to inject the API onto `window` with.  The API will be accessible on `window[apiKey]`.
 * `api` any - Your API, more information on what this API can be and how it works is available below.

+### `contextBridge.executeInMainWorld(executionScript)` _Experimental_
+
+<!-- TODO(samuelmaddock): add generics to map the `args` types to the `func` params  -->
+
+* `executionScript` Object
+  * `func` (...args: any[]) => any - A JavaScript function to execute. This function will be serialized which means
+      that any bound parameters and execution context will be lost.
+  * `args` any[] (optional) - An array of arguments to pass to the provided function. These
+      arguments will be copied between worlds in accordance with
+      [the table of supported types.](#parameter--error--return-type-support)
+
+Returns `any` - A copy of the resulting value from executing the function in the main world.
+[Refer to the table](#parameter--error--return-type-support) on how values are copied between worlds.
+
 ## Usage

 ### API
--- a/docs/api/dialog.md
+++ b/docs/api/dialog.md
@@ -78,6 +78,11 @@ dialog.showOpenDialogSync(mainWindow, {
 })
 ```

+**Note:** On Linux `defaultPath` is not supported when using portal file chooser
+dialogs unless the portal backend is version 4 or higher. You can use `--xdg-portal-required-version`
+[command-line switch](./command-line-switches.md#--xdg-portal-required-versionversion)
+to force gtk or kde dialogs.
+
 ### `dialog.showOpenDialog([window, ]options)`

 * `window` [BaseWindow](base-window.md) (optional)
@@ -150,6 +155,11 @@ dialog.showOpenDialog(mainWindow, {
 })
 ```

+**Note:** On Linux `defaultPath` is not supported when using portal file chooser
+dialogs unless the portal backend is version 4 or higher. You can use `--xdg-portal-required-version`
+[command-line switch](./command-line-switches.md#--xdg-portal-required-versionversion)
+to force gtk or kde dialogs.
+
 ### `dialog.showSaveDialogSync([window, ]options)`

 * `window` [BaseWindow](base-window.md) (optional)
@@ -350,7 +360,7 @@ On Windows the options are more limited, due to the Win32 APIs used:

 ## Bookmarks array

-`showOpenDialog`, `showOpenDialogSync`, `showSaveDialog`, and `showSaveDialogSync` will return a `bookmarks` array.
+`showOpenDialog` and `showSaveDialog` resolve to an object with a `bookmarks` field. This field is an array of Base64 encoded strings that contain the [security scoped bookmark](https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW16) data for the saved file. The `securityScopedBookmarks` option must be enabled for this to be present.

 | Build Type | securityScopedBookmarks boolean | Return Type | Return Value                   |
 |------------|---------------------------------|:-----------:|--------------------------------|
--- a/docs/api/dock.md
+++ b/docs/api/dock.md
@@ -80,4 +80,4 @@ Returns `Menu | null` - The application's [dock menu][dock-menu].

 Sets the `image` associated with this dock icon.

-[dock-menu]: https://developer.apple.com/macos/human-interface-guidelines/menus/dock-menus/
+[dock-menu]: https://developer.apple.com/design/human-interface-guidelines/dock-menus
--- a/docs/api/global-shortcut.md
+++ b/docs/api/global-shortcut.md
@@ -12,9 +12,17 @@ shortcuts.
 not have the keyboard focus. This module cannot be used before the `ready`
 event of the app module is emitted.

+Please also note that it is also possible to use Chromium's
+`GlobalShortcutsPortal` implementation, which allows apps to bind global
+shortcuts when running within a Wayland session.
+
 ```js
 const { app, globalShortcut } = require('electron')

+// Enable usage of Portal's globalShortcuts. This is essential for cases when
+// the app runs in a Wayland session.
+app.commandLine.appendSwitch('enable-features', 'GlobalShortcutsPortal')
+
 app.whenReady().then(() => {
  // Register a 'CommandOrControl+X' shortcut listener.
  const ret = globalShortcut.register('CommandOrControl+X', () => {
--- a/docs/api/in-app-purchase.md
+++ b/docs/api/in-app-purchase.md
@@ -10,13 +10,13 @@ The `inAppPurchase` module emits the following events:

 ### Event: 'transactions-updated'

-Emitted when one or more transactions have been updated.
-
 Returns:

 * `event` Event
 * `transactions` Transaction[] - Array of [`Transaction`](structures/transaction.md) objects.

+Emitted when one or more transactions have been updated.
+
 ## Methods

 The `inAppPurchase` module has the following methods:
--- a/docs/api/ipc-main-service-worker.md
+++ b/docs/api/ipc-main-service-worker.md
@@ -0,0 +1,75 @@
+## Class: IpcMainServiceWorker
+
+> Communicate asynchronously from the main process to service workers.
+
+Process: [Main](../glossary.md#main-process)
+
+> [!NOTE]
+> This API is a subtle variation of [`IpcMain`](ipc-main.md)—targeted for
+> communicating with service workers. For communicating with web frames,
+> consult the `IpcMain` documentation.
+
+<!-- TODO(samuelmaddock): refactor doc gen to allow generics to reduce duplication -->
+
+### Instance Methods
+
+#### `ipcMainServiceWorker.on(channel, listener)`
+
+* `channel` string
+* `listener` Function
+  * `event` [IpcMainServiceWorkerEvent][ipc-main-service-worker-event]
+  * `...args` any[]
+
+Listens to `channel`, when a new message arrives `listener` would be called with
+`listener(event, args...)`.
+
+#### `ipcMainServiceWorker.once(channel, listener)`
+
+* `channel` string
+* `listener` Function
+  * `event` [IpcMainServiceWorkerEvent][ipc-main-service-worker-event]
+  * `...args` any[]
+
+Adds a one time `listener` function for the event. This `listener` is invoked
+only the next time a message is sent to `channel`, after which it is removed.
+
+#### `ipcMainServiceWorker.removeListener(channel, listener)`
+
+* `channel` string
+* `listener` Function
+  * `...args` any[]
+
+Removes the specified `listener` from the listener array for the specified
+`channel`.
+
+#### `ipcMainServiceWorker.removeAllListeners([channel])`
+
+* `channel` string (optional)
+
+Removes listeners of the specified `channel`.
+
+#### `ipcMainServiceWorker.handle(channel, listener)`
+
+* `channel` string
+* `listener` Function\<Promise\<any\> | any\>
+  * `event` [IpcMainServiceWorkerInvokeEvent][ipc-main-service-worker-invoke-event]
+  * `...args` any[]
+
+#### `ipcMainServiceWorker.handleOnce(channel, listener)`
+
+* `channel` string
+* `listener` Function\<Promise\<any\> | any\>
+  * `event` [IpcMainServiceWorkerInvokeEvent][ipc-main-service-worker-invoke-event]
+  * `...args` any[]
+
+Handles a single `invoke`able IPC message, then removes the listener. See
+`ipcMainServiceWorker.handle(channel, listener)`.
+
+#### `ipcMainServiceWorker.removeHandler(channel)`
+
+* `channel` string
+
+Removes any handler for `channel`, if present.
+
+[ipc-main-service-worker-event]:../api/structures/ipc-main-service-worker-event.md
+[ipc-main-service-worker-invoke-event]:../api/structures/ipc-main-service-worker-invoke-event.md
--- a/docs/api/ipc-main.md
+++ b/docs/api/ipc-main.md
@@ -32,7 +32,7 @@ process, see [webContents.send][web-contents-send] for more information.

 ## Methods

-The `ipcMain` module has the following method to listen for events:
+The `ipcMain` module has the following methods to listen for events:

 ### `ipcMain.on(channel, listener)`

@@ -44,6 +44,16 @@ The `ipcMain` module has the following method to listen for events:
 Listens to `channel`, when a new message arrives `listener` would be called with
 `listener(event, args...)`.

+### `ipcMain.off(channel, listener)`
+
+* `channel` string
+* `listener` Function
+  * `event` [IpcMainEvent][ipc-main-event]
+  * `...args` any[]
+
+Removes the specified `listener` from the listener array for the specified
+`channel`.
+
 ### `ipcMain.once(channel, listener)`

 * `channel` string
@@ -54,20 +64,28 @@ Listens to `channel`, when a new message arrives `listener` would be called with
 Adds a one time `listener` function for the event. This `listener` is invoked
 only the next time a message is sent to `channel`, after which it is removed.

+### `ipcMain.addListener(channel, listener)`
+
+* `channel` string
+* `listener` Function
+  * `event` [IpcMainEvent][ipc-main-event]
+  * `...args` any[]
+
+Alias for [`ipcMain.on`](#ipcmainonchannel-listener).
+
 ### `ipcMain.removeListener(channel, listener)`

 * `channel` string
 * `listener` Function
  * `...args` any[]

-Removes the specified `listener` from the listener array for the specified
-`channel`.
+Alias for [`ipcMain.off`](#ipcmainoffchannel-listener).

 ### `ipcMain.removeAllListeners([channel])`

 * `channel` string (optional)

-Removes listeners of the specified `channel`.
+Removes all listeners from the specified `channel`. Removes all listeners from all channels if no channel is specified.

 ### `ipcMain.handle(channel, listener)`

--- a/docs/api/ipc-renderer.md
+++ b/docs/api/ipc-renderer.md
@@ -41,6 +41,16 @@ The `ipcRenderer` module has the following method to listen for events and send
 Listens to `channel`, when a new message arrives `listener` would be called with
 `listener(event, args...)`.

+:::warning
+Do not expose the `event` argument to the renderer for security reasons! Wrap any
+callback that you receive from the renderer in another function like this:
+`ipcRenderer.on('my-channel', (event, ...args) => callback(...args))`.
+Not wrapping the callback in such a function would expose dangerous Electron APIs
+to the renderer process. See the
+[security guide](../tutorial/security.md#20-do-not-expose-electron-apis-to-untrusted-web-content)
+for more info.
+:::
+
 ### `ipcRenderer.off(channel, listener)`

 * `channel` string
@@ -48,7 +58,8 @@ Listens to `channel`, when a new message arrives `listener` would be called with
  * `event` [IpcRendererEvent][ipc-renderer-event]
  * `...args` any[]

-Alias for [`ipcRenderer.removeListener`](#ipcrendererremovelistenerchannel-listener).
+Removes the specified `listener` from the listener array for the specified
+`channel`.

 ### `ipcRenderer.once(channel, listener)`

@@ -76,14 +87,13 @@ Alias for [`ipcRenderer.on`](#ipcrendereronchannel-listener).
  * `event` [IpcRendererEvent][ipc-renderer-event]
  * `...args` any[]

-Removes the specified `listener` from the listener array for the specified
-`channel`.
+Alias for [`ipcRenderer.off`](#ipcrendereroffchannel-listener).

-### `ipcRenderer.removeAllListeners(channel)`
+### `ipcRenderer.removeAllListeners([channel])`

-* `channel` string
+* `channel` string (optional)

-Removes all listeners, or those of the specified `channel`.
+Removes all listeners from the specified `channel`. Removes all listeners from all channels if no channel is specified.

 ### `ipcRenderer.send(channel, ...args)`

--- a/docs/api/menu.md
+++ b/docs/api/menu.md
@@ -72,7 +72,7 @@ The `menu` object has the following instance methods:
 #### `menu.popup([options])`

 * `options` Object (optional)
-  * `window` [BrowserWindow](browser-window.md) (optional) - Default is the focused window.
+  * `window` [BaseWindow](base-window.md) (optional) - Default is the focused window.
  * `x` number (optional) - Default is the current mouse cursor position.
    Must be declared if `y` is declared.
  * `y` number (optional) - Default is the current mouse cursor position.
@@ -86,13 +86,13 @@ The `menu` object has the following instance methods:
    Can be `none`, `mouse`, `keyboard`, `touch`, `touchMenu`, `longPress`, `longTap`, `touchHandle`, `stylus`, `adjustSelection`, or `adjustSelectionReset`.
  * `callback` Function (optional) - Called when menu is closed.

-Pops up this menu as a context menu in the [`BrowserWindow`](browser-window.md).
+Pops up this menu as a context menu in the [`BaseWindow`](base-window.md).

-#### `menu.closePopup([browserWindow])`
+#### `menu.closePopup([window])`

-* `browserWindow` [BrowserWindow](browser-window.md) (optional) - Default is the focused window.
+* `window` [BaseWindow](base-window.md) (optional) - Default is the focused window.

-Closes the context menu in the `browserWindow`.
+Closes the context menu in the `window`.

 #### `menu.append(menuItem)`

--- a/docs/api/navigation-history.md
+++ b/docs/api/navigation-history.md
@@ -35,10 +35,7 @@ Returns `Integer` - The index of the current page, from which we would go back/f

 * `index` Integer

-Returns `Object`:
-
-* `url` string - The URL of the navigation entry at the given index.
-* `title` string - The page title of the navigation entry at the given index.
+Returns [`NavigationEntry`](structures/navigation-entry.md) - Navigation entry at the given index.

 If index is out of bounds (greater than history length or less than 0), null will be returned.

@@ -65,3 +62,34 @@ Navigates to the specified offset from the current entry.
 #### `navigationHistory.length()`

 Returns `Integer` - History length.
+
+#### `navigationHistory.removeEntryAtIndex(index)`
+
+* `index` Integer
+
+Removes the navigation entry at the given index. Can't remove entry at the "current active index".
+
+Returns `boolean` - Whether the navigation entry was removed from the webContents history.
+
+#### `navigationHistory.getAllEntries()`
+
+Returns [`NavigationEntry[]`](structures/navigation-entry.md) - WebContents complete history.
+
+#### `navigationHistory.restore(options)`
+
+Restores navigation history and loads the given entry in the in stack. Will make a best effort
+to restore not just the navigation stack but also the state of the individual pages - for instance
+including HTML form values or the scroll position. It's recommended to call this API before any
+navigation entries are created, so ideally before you call `loadURL()` or `loadFile()` on the
+`webContents` object.
+
+This API allows you to create common flows that aim to restore, recreate, or clone other webContents.
+
+* `options` Object
+  * `entries` [NavigationEntry[]](structures/navigation-entry.md) - Result of a prior `getAllEntries()` call
+  * `index` Integer (optional) - Index of the stack that should be loaded. If you set it to `0`, the webContents will load the first (oldest) entry. If you leave it undefined, Electron will automatically load the last (newest) entry.
+
+Returns `Promise<void>` - the promise will resolve when the page has finished loading the selected navigation entry
+(see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
+if the page fails to load (see
+[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors.
--- a/docs/api/net.md
+++ b/docs/api/net.md
@@ -130,7 +130,7 @@ won't be able to connect to remote sites. However, a return value of
 whether a particular connection attempt to a particular remote site
 will be successful.

-#### `net.resolveHost(host, [options])`
+### `net.resolveHost(host, [options])`

 * `host` string - Hostname to resolve.
 * `options` Object (optional)
--- a/docs/api/power-monitor.md
+++ b/docs/api/power-monitor.md
@@ -26,7 +26,10 @@ Emitted when system changes to battery power.

 ### Event: 'thermal-state-change' _macOS_

-* `state` string - The system's new thermal state. Can be `unknown`, `nominal`, `fair`, `serious`, `critical`.
+Returns:
+
+* `details` Event\<\>
+  * `state` string - The system's new thermal state. Can be `unknown`, `nominal`, `fair`, `serious`, `critical`.

 Emitted when the thermal state of the system changes. Notification of a change
 in the thermal status of the system, such as entering a critical temperature
@@ -42,7 +45,10 @@ See https://developer.apple.com/library/archive/documentation/Performance/Concep

 ### Event: 'speed-limit-change' _macOS_ _Windows_

-* `limit` number - The operating system's advertised speed limit for CPUs, in percent.
+Returns:
+
+* `details` Event\<\>
+  * `limit` number - The operating system's advertised speed limit for CPUs, in percent.

 Notification of a change in the operating system's advertised speed limit for
 CPUs, in percent. Values below 100 indicate that the system is impairing
--- a/docs/api/process.md
+++ b/docs/api/process.md
@@ -114,6 +114,7 @@ A `string` representing the current process's type, can be:

 * `browser` - The main process
 * `renderer` - A renderer process
+* `service-worker` - In a service worker
 * `worker` - In a web worker
 * `utility` - In a node process launched as a service

--- a/docs/api/service-worker-main.md
+++ b/docs/api/service-worker-main.md
@@ -0,0 +1,54 @@
+# ServiceWorkerMain
+
+> An instance of a Service Worker representing a version of a script for a given scope.
+
+Process: [Main](../glossary.md#main-process)
+
+## Class: ServiceWorkerMain
+
+Process: [Main](../glossary.md#main-process)<br />
+_This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._
+
+### Instance Methods
+
+#### `serviceWorker.isDestroyed()` _Experimental_
+
+Returns `boolean` - Whether the service worker has been destroyed.
+
+#### `serviceWorker.send(channel, ...args)` _Experimental_
+
+- `channel` string
+- `...args` any[]
+
+Send an asynchronous message to the service worker process via `channel`, along with
+arguments. Arguments will be serialized with the [Structured Clone Algorithm][SCA],
+just like [`postMessage`][], so prototype chains will not be included.
+Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will throw an exception.
+
+The service worker process can handle the message by listening to `channel` with the
+[`ipcRenderer`](ipc-renderer.md) module.
+
+#### `serviceWorker.startTask()` _Experimental_
+
+Returns `Object`:
+
+- `end` Function - Method to call when the task has ended. If never called, the service won't terminate while otherwise idle.
+
+Initiate a task to keep the service worker alive until ended.
+
+### Instance Properties
+
+#### `serviceWorker.ipc` _Readonly_ _Experimental_
+
+An [`IpcMainServiceWorker`](ipc-main-service-worker.md) instance scoped to the service worker.
+
+#### `serviceWorker.scope` _Readonly_ _Experimental_
+
+A `string` representing the scope URL of the service worker.
+
+#### `serviceWorker.versionId` _Readonly_ _Experimental_
+
+A `number` representing the ID of the specific version of the service worker script in its scope.
+
+[SCA]: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm
+[`postMessage`]: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
--- a/docs/api/service-workers.md
+++ b/docs/api/service-workers.md
@@ -56,6 +56,17 @@ Returns:

 Emitted when a service worker has been registered. Can occur after a call to [`navigator.serviceWorker.register('/sw.js')`](https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerContainer/register) successfully resolves or when a Chrome extension is loaded.

+#### Event: 'running-status-changed' _Experimental_
+
+Returns:
+
+* `details` Event\<\>
+  * `versionId` number - ID of the updated service worker version
+  * `runningStatus` string - Running status.
+    Possible values include `starting`, `running`, `stopping`, or `stopped`.
+
+Emitted when a service worker's running status has changed.
+
 ### Instance Methods

 The following methods are available on instances of `ServiceWorkers`:
@@ -64,10 +75,55 @@ The following methods are available on instances of `ServiceWorkers`:

 Returns `Record<number, ServiceWorkerInfo>` - A [ServiceWorkerInfo](structures/service-worker-info.md) object where the keys are the service worker version ID and the values are the information about that service worker.

-#### `serviceWorkers.getFromVersionID(versionId)`
+#### `serviceWorkers.getInfoFromVersionID(versionId)`

-* `versionId` number
+* `versionId` number - ID of the service worker version

 Returns [`ServiceWorkerInfo`](structures/service-worker-info.md) - Information about this service worker

 If the service worker does not exist or is not running this method will throw an exception.
+
+#### `serviceWorkers.getFromVersionID(versionId)` _Deprecated_
+
+* `versionId` number - ID of the service worker version
+
+Returns [`ServiceWorkerInfo`](structures/service-worker-info.md) - Information about this service worker
+
+If the service worker does not exist or is not running this method will throw an exception.
+
+**Deprecated:** Use the new `serviceWorkers.getInfoFromVersionID` API.
+
+#### `serviceWorkers.getWorkerFromVersionID(versionId)` _Experimental_
+
+* `versionId` number - ID of the service worker version
+
+Returns [`ServiceWorkerMain | undefined`](service-worker-main.md) - Instance of the service worker associated with the given version ID. If there's no associated version, or its running status has changed to 'stopped', this will return `undefined`.
+
+#### `serviceWorkers.startWorkerForScope(scope)` _Experimental_
+
+* `scope` string - The scope of the service worker to start.
+
+Returns `Promise<ServiceWorkerMain>` - Resolves with the service worker when it's started.
+
+Starts the service worker or does nothing if already running.
+
+```js
+const { app, session } = require('electron')
+const { serviceWorkers } = session.defaultSession
+
+// Collect service workers scopes
+const workerScopes = Object.values(serviceWorkers.getAllRunning()).map((info) => info.scope)
+
+app.on('browser-window-created', async (event, window) => {
+  for (const scope of workerScopes) {
+    try {
+      // Ensure worker is started
+      const serviceWorker = await serviceWorkers.startWorkerForScope(scope)
+      serviceWorker.send('window-created', { windowId: window.id })
+    } catch (error) {
+      console.error(`Failed to start service worker for ${scope}`)
+      console.error(error)
+    }
+  }
+})
+```
--- a/docs/api/session.md
+++ b/docs/api/session.md
@@ -27,7 +27,8 @@ The `session` module has the following methods:

 * `partition` string
 * `options` Object (optional)
-  * `cache` boolean - Whether to enable cache.
+  * `cache` boolean - Whether to enable cache. Default is `true` unless the
+    [`--disable-http-cache` switch](command-line-switches.md#--disable-http-cache) is used.

 Returns `Session` - A session instance from `partition` string. When there is an existing
 `Session` with the same `partition`, it will be returned; otherwise a new
@@ -46,7 +47,8 @@ of an existing `Session` object.

 * `path` string
 * `options` Object (optional)
-  * `cache` boolean - Whether to enable cache.
+  * `cache` boolean - Whether to enable cache. Default is `true` unless the
+    [`--disable-http-cache` switch](command-line-switches.md#--disable-http-cache) is used.

 Returns `Session` - A session instance from the absolute path as specified by the `path`
 string. When there is an existing `Session` with the same absolute path, it
@@ -64,7 +66,7 @@ The `session` module has the following properties:

 ### `session.defaultSession`

-A `Session` object, the default session object of the app.
+A `Session` object, the default session object of the app, available after `app.whenReady` is called.

 ## Class: Session

@@ -268,7 +270,8 @@ Returns:
 * `event` Event
 * `details` Object
  * `deviceList` [HIDDevice[]](structures/hid-device.md)
-  * `frame` [WebFrameMain](web-frame-main.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
 * `callback` Function
  * `deviceId` string | null (optional)

@@ -332,7 +335,8 @@ Returns:
 * `event` Event
 * `details` Object
  * `device` [HIDDevice](structures/hid-device.md)
-  * `frame` [WebFrameMain](web-frame-main.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.

 Emitted after `navigator.hid.requestDevice` has been called and
 `select-hid-device` has fired if a new device becomes available before
@@ -347,7 +351,8 @@ Returns:
 * `event` Event
 * `details` Object
  * `device` [HIDDevice](structures/hid-device.md)
-  * `frame` [WebFrameMain](web-frame-main.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.

 Emitted after `navigator.hid.requestDevice` has been called and
 `select-hid-device` has fired if a device has been removed before the callback
@@ -473,7 +478,8 @@ Returns:
 * `event` Event
 * `details` Object
  * `port` [SerialPort](structures/serial-port.md)
-  * `frame` [WebFrameMain](web-frame-main.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
  * `origin` string - The origin that the device has been revoked from.

 Emitted after `SerialPort.forget()` has been called.  This event can be used
@@ -517,7 +523,8 @@ Returns:
 * `event` Event
 * `details` Object
  * `deviceList` [USBDevice[]](structures/usb-device.md)
-  * `frame` [WebFrameMain](web-frame-main.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
 * `callback` Function
  * `deviceId` string (optional)

@@ -926,6 +933,7 @@ session.fromPartition('some-partition').setPermissionRequestHandler((webContents
    * `storage-access` - Allows content loaded in a third-party context to request access to third-party cookies using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
    * `top-level-storage-access` -  Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
    * `usb` - Expose non-standard Universal Serial Bus (USB) compatible devices services to the web with the [WebUSB API](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API).
+    * `deprecated-sync-clipboard-read` _Deprecated_ - Request access to run `document.execCommand("paste")`
  * `requestingOrigin` string - The origin URL of the permission check
  * `details` Object - Some properties are only available on certain permission types.
    * `embeddingOrigin` string (optional) - The origin of the frame embedding the frame that made the permission check.  Only set for cross-origin sub frames making permission checks.
@@ -957,7 +965,8 @@ session.fromPartition('some-partition').setPermissionCheckHandler((webContents,

 * `handler` Function | null
  * `request` Object
-    * `frame` [WebFrameMain](web-frame-main.md) - Frame that is requesting access to media.
+    * `frame` [WebFrameMain](web-frame-main.md) | null - Frame that is requesting access to media.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
    * `securityOrigin` String - Origin of the page making the request.
    * `videoRequested` Boolean - true if the web content requested a video stream.
    * `audioRequested` Boolean - true if the web content requested an audio stream.
@@ -1158,7 +1167,8 @@ app.whenReady().then(() => {
        pin displayed on the device.
      * `providePin`
        This prompt is requesting that a pin be provided for the device.
-    * `frame` [WebFrameMain](web-frame-main.md)
+    * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this handler.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
    * `pin` string (optional) - The pin value to verify if `pairingKind` is `confirmPin`.
  * `callback` Function
    * `response` Object
@@ -1321,18 +1331,43 @@ the initial state will be `interrupted`. The download will start only when the

 Returns `Promise<void>` - resolves when the session’s HTTP authentication cache has been cleared.

-#### `ses.setPreloads(preloads)`
+#### `ses.setPreloads(preloads)` _Deprecated_

 * `preloads` string[] - An array of absolute path to preload scripts

 Adds scripts that will be executed on ALL web contents that are associated with
 this session just before normal `preload` scripts run.

-#### `ses.getPreloads()`
+**Deprecated:** Use the new `ses.registerPreloadScript` API.
+
+#### `ses.getPreloads()` _Deprecated_

 Returns `string[]` an array of paths to preload scripts that have been
 registered.

+**Deprecated:** Use the new `ses.getPreloadScripts` API. This will only return preload script paths
+for `frame` context types.
+
+#### `ses.registerPreloadScript(script)`
+
+* `script` [PreloadScriptRegistration](structures/preload-script-registration.md) - Preload script
+
+Registers preload script that will be executed in its associated context type in this session. For
+`frame` contexts, this will run prior to any preload defined in the web preferences of a
+WebContents.
+
+Returns `string` - The ID of the registered preload script.
+
+#### `ses.unregisterPreloadScript(id)`
+
+* `id` string - Preload script ID
+
+Unregisters script.
+
+#### `ses.getPreloadScripts()`
+
+Returns [`PreloadScript[]`](structures/preload-script.md): An array of paths to preload scripts that have been registered.
+
 #### `ses.setCodeCachePath(path)`

 * `path` String - Absolute path to store the v8 generated JS code cache from the renderer.
@@ -1351,6 +1386,36 @@ specified when registering the protocol.

 Returns `Promise<void>` - resolves when the code cache clear operation is complete.

+#### `ses.getSharedDictionaryUsageInfo()`
+
+Returns `Promise<SharedDictionaryUsageInfo[]>` - an array of shared dictionary information entries in Chromium's networking service's storage.
+
+Shared dictionaries are used to power advanced compression of data sent over the wire, specifically with Brotli and ZStandard. You don't need to call any of the shared dictionary APIs in Electron to make use of this advanced web feature, but if you do, they allow deeper control and inspection of the shared dictionaries used during decompression.
+
+To get detailed information about a specific shared dictionary entry, call `getSharedDictionaryInfo(options)`.
+
+#### `ses.getSharedDictionaryInfo(options)`
+
+* `options` Object
+  * `frameOrigin` string - The origin of the frame where the request originates. It’s specific to the individual frame making the request and is defined by its scheme, host, and port. In practice, will look like a URL.
+  * `topFrameSite` string - The site of the top-level browsing context (the main frame or tab that contains the request). It’s less granular than `frameOrigin` and focuses on the broader "site" scope. In practice, will look like a URL.
+
+Returns `Promise<SharedDictionaryInfo[]>` - an array of shared dictionary information entries in Chromium's networking service's storage.
+
+To get information about all present shared dictionaries, call `getSharedDictionaryUsageInfo()`.
+
+#### `ses.clearSharedDictionaryCache()`
+
+Returns `Promise<void>` - resolves when the dictionary cache has been cleared, both in memory and on disk.
+
+#### `ses.clearSharedDictionaryCacheForIsolationKey(options)`
+
+* `options` Object
+  * `frameOrigin` string - The origin of the frame where the request originates. It’s specific to the individual frame making the request and is defined by its scheme, host, and port. In practice, will look like a URL.
+  * `topFrameSite` string - The site of the top-level browsing context (the main frame or tab that contains the request). It’s less granular than `frameOrigin` and focuses on the broader "site" scope. In practice, will look like a URL.
+
+Returns `Promise<void>` - resolves when the dictionary cache has been cleared for the specified isolation key, both in memory and on disk.
+
 #### `ses.setSpellCheckerEnabled(enable)`

 * `enable` boolean
@@ -1500,9 +1565,11 @@ session is persisted on disk.  For in memory sessions this returns `null`.
 #### `ses.clearData([options])`

 * `options` Object (optional)
-  * `dataTypes` String[] (optional) - The types of data to clear. By default, this will clear all types of data.
+  * `dataTypes` String[] (optional) - The types of data to clear. By default, this will clear all types of data. This
+    can potentially include data types not explicitly listed here. (See Chromium's
+    [`BrowsingDataRemover`][browsing-data-remover] for the full list.)
    * `backgroundFetch` - Background Fetch
-    * `cache` - Cache
+    * `cache` - Cache (includes `cachestorage` and `shadercache`)
    * `cookies` - Cookies
    * `downloads` - Downloads
    * `fileSystems` - File Systems
@@ -1526,7 +1593,9 @@ This method clears more types of data and is more thorough than the

 **Note:** Cookies are stored at a broader scope than origins. When removing cookies and filtering by `origins` (or `excludeOrigins`), the cookies will be removed at the [registrable domain](https://url.spec.whatwg.org/#host-registrable-domain) level. For example, clearing cookies for the origin `https://really.specific.origin.example.com/` will end up clearing all cookies for `example.com`. Clearing cookies for the origin `https://my.website.example.co.uk/` will end up clearing all cookies for `example.co.uk`.

-For more information, refer to Chromium's [`BrowsingDataRemover` interface](https://source.chromium.org/chromium/chromium/src/+/main:content/public/browser/browsing_data_remover.h).
+**Note:** Clearing cache data will also clear the shared dictionary cache. This means that any dictionaries used for compression may be reloaded after clearing the cache. If you wish to clear the shared dictionary cache but leave other cached data intact, you may want to use the `clearSharedDictionaryCache` method.
+
+For more information, refer to Chromium's [`BrowsingDataRemover` interface][browsing-data-remover].

 ### Instance Properties

@@ -1592,3 +1661,5 @@ app.whenReady().then(async () => {
  console.log('Net-logs written to', path)
 })
 ```
+
+[browsing-data-remover]: https://source.chromium.org/chromium/chromium/src/+/main:content/public/browser/browsing_data_remover.h
--- a/docs/api/structures/base-window-options.md
+++ b/docs/api/structures/base-window-options.md
@@ -143,14 +143,13 @@ Possible values are:
    -webkit-app-region: drag. This type is commonly used for splash screens.
  * The `notification` type creates a window that behaves like a system notification.
 * On macOS, possible types are `desktop`, `textured`, `panel`.
-  * The `textured` type adds metal gradient appearance
-    (`NSWindowStyleMaskTexturedBackground`).
+  * The `textured` type adds metal gradient appearance. This option is **deprecated**.
  * The `desktop` type places the window at the desktop background window level
    (`kCGDesktopWindowLevel - 1`). Note that desktop window will not receive
    focus, keyboard or mouse events, but you can use `globalShortcut` to receive
    input sparingly.
  * The `panel` type enables the window to float on top of full-screened apps
-    by adding the `NSWindowStyleMaskNonactivatingPanel` style mask,normally
+    by adding the `NSWindowStyleMaskNonactivatingPanel` style mask, normally
    reserved for NSPanel, at runtime. Also, the window will appear on all
    spaces (desktops).
 * On Windows, possible type is `toolbar`.
--- a/docs/api/structures/display.md
+++ b/docs/api/structures/display.md
@@ -5,7 +5,7 @@
 * `colorDepth` number - The number of bits per pixel.
 * `colorSpace` string -  represent a color space (three-dimensional object which contains all realizable color combinations) for the purpose of color conversions.
 * `depthPerComponent` number - The number of bits per color component.
-* `detected` boolean - `true`` if the display is detected by the system.
+* `detected` boolean - `true` if the display is detected by the system.
 * `displayFrequency` number - The display refresh rate.
 * `id` number - Unique identifier associated with the display. A value of of -1 means the display is invalid or the correct `id` is not yet known, and a value of -10 means the display is a virtual display assigned to a unified desktop.
 * `internal` boolean - `true` for an internal display and `false` for an external display.
--- a/docs/api/structures/ipc-main-event.md
+++ b/docs/api/structures/ipc-main-event.md
@@ -1,10 +1,11 @@
 # IpcMainEvent Object extends `Event`

+* `type` String - Possible values include `frame`
 * `processId` Integer - The internal ID of the renderer process that sent this message
 * `frameId` Integer - The ID of the renderer frame that sent this message
 * `returnValue` any - Set this to the value to be returned in a synchronous message
 * `sender` [WebContents](../web-contents.md) - Returns the `webContents` that sent the message
-* `senderFrame` [WebFrameMain](../web-frame-main.md) _Readonly_ - The frame that sent this message
+* `senderFrame` [WebFrameMain](../web-frame-main.md) | null _Readonly_ - The frame that sent this message. May be `null` if accessed after the frame has either navigated or been destroyed.
 * `ports` [MessagePortMain](../message-port-main.md)[] - A list of MessagePorts that were transferred with this message
 * `reply` Function - A function that will send an IPC message to the renderer frame that sent the original message that you are currently handling.  You should use this method to "reply" to the sent message in order to guarantee the reply will go to the correct process and frame.
  * `channel` string
--- a/docs/api/structures/ipc-main-invoke-event.md
+++ b/docs/api/structures/ipc-main-invoke-event.md
@@ -1,6 +1,7 @@
 # IpcMainInvokeEvent Object extends `Event`

+* `type` String - Possible values include `frame`
 * `processId` Integer - The internal ID of the renderer process that sent this message
 * `frameId` Integer - The ID of the renderer frame that sent this message
 * `sender` [WebContents](../web-contents.md) - Returns the `webContents` that sent the message
-* `senderFrame` [WebFrameMain](../web-frame-main.md) _Readonly_ - The frame that sent this message
+* `senderFrame` [WebFrameMain](../web-frame-main.md) | null _Readonly_ - The frame that sent this message. May be `null` if accessed after the frame has either navigated or been destroyed.
--- a/docs/api/structures/ipc-main-service-worker-event.md
+++ b/docs/api/structures/ipc-main-service-worker-event.md
@@ -0,0 +1,11 @@
+# IpcMainServiceWorkerEvent Object extends `Event`
+
+* `type` String - Possible values include `service-worker`.
+* `serviceWorker` [ServiceWorkerMain](../service-worker-main.md) _Readonly_ - The service worker that sent this message
+* `versionId` Number - The service worker version ID.
+* `session` Session - The [`Session`](../session.md) instance with which the event is associated.
+* `returnValue` any - Set this to the value to be returned in a synchronous message
+* `ports` [MessagePortMain](../message-port-main.md)[] - A list of MessagePorts that were transferred with this message
+* `reply` Function - A function that will send an IPC message to the renderer frame that sent the original message that you are currently handling.  You should use this method to "reply" to the sent message in order to guarantee the reply will go to the correct process and frame.
+  * `channel` string
+  * `...args` any[]
--- a/docs/api/structures/ipc-main-service-worker-invoke-event.md
+++ b/docs/api/structures/ipc-main-service-worker-invoke-event.md
@@ -0,0 +1,6 @@
+# IpcMainServiceWorkerInvokeEvent Object extends `Event`
+
+* `type` String - Possible values include `service-worker`.
+* `serviceWorker` [ServiceWorkerMain](../service-worker-main.md) _Readonly_ - The service worker that sent this message
+* `versionId` Number - The service worker version ID.
+* `session` Session - The [`Session`](../session.md) instance with which the event is associated.
--- a/docs/api/structures/navigation-entry.md
+++ b/docs/api/structures/navigation-entry.md
@@ -0,0 +1,7 @@
+# NavigationEntry Object
+
+* `url` string
+* `title` string
+* `pageState` string (optional) - A base64 encoded data string containing Chromium page state
+  including information like the current scroll position or form values. It is committed by
+  Chromium before a navigation event and on a regular interval.
--- a/docs/api/structures/offscreen-shared-texture.md
+++ b/docs/api/structures/offscreen-shared-texture.md
@@ -0,0 +1,24 @@
+# OffscreenSharedTexture Object
+
+* `textureInfo` Object - The shared texture info.
+  * `widgetType` string - The widget type of the texture. Can be `popup` or `frame`.
+  * `pixelFormat` string - The pixel format of the texture. Can be `rgba` or `bgra`.
+  * `codedSize` [Size](size.md) - The full dimensions of the video frame.
+  * `visibleRect` [Rectangle](rectangle.md) - A subsection of [0, 0, codedSize.width(), codedSize.height()]. In OSR case, it is expected to have the full section area.
+  * `contentRect` [Rectangle](rectangle.md) - The region of the video frame that capturer would like to populate. In OSR case, it is the same with `dirtyRect` that needs to be painted.
+  * `timestamp` number - The time in microseconds since the capture start.
+  * `metadata` Object - Extra metadata. See comments in src\media\base\video_frame_metadata.h for accurate details.
+    * `captureUpdateRect` [Rectangle](rectangle.md) (optional) - Updated area of frame, can be considered as the `dirty` area.
+    * `regionCaptureRect` [Rectangle](rectangle.md) (optional) - May reflect the frame's contents origin if region capture is used internally.
+    * `sourceSize` [Rectangle](rectangle.md) (optional) - Full size of the source frame.
+    * `frameCount` number (optional) - The increasing count of captured frame. May contain gaps if frames are dropped between two consecutively received frames.
+  * `sharedTextureHandle` Buffer _Windows_ _macOS_ - The handle to the shared texture.
+  * `planes` Object[] _Linux_ - Each plane's info of the shared texture.
+    * `stride` number - The strides and offsets in bytes to be used when accessing the buffers via a memory mapping. One per plane per entry.
+    * `offset` number - The strides and offsets in bytes to be used when accessing the buffers via a memory mapping. One per plane per entry.
+    * `size` number - Size in bytes of the plane. This is necessary to map the buffers.
+    * `fd` number - File descriptor for the underlying memory object (usually dmabuf).
+  * `modifier` string _Linux_ - The modifier is retrieved from GBM library and passed to EGL driver.
+* `release` Function - Release the resources. The `texture` cannot be directly passed to another process, users need to maintain texture lifecycles in
+  main process, but it is safe to pass the `textureInfo` to another process. Only a limited number of textures can exist at the same time, so it's important
+  that you call `texture.release()` as soon as you're done with the texture.
--- a/docs/api/structures/preload-script-registration.md
+++ b/docs/api/structures/preload-script-registration.md
@@ -0,0 +1,6 @@
+# PreloadScriptRegistration Object
+
+* `type` string - Context type where the preload script will be executed.
+  Possible values include `frame` or `service-worker`.
+* `id` string (optional) - Unique ID of preload script. Defaults to a random UUID.
+* `filePath` string - Path of the script file. Must be an absolute path.
--- a/docs/api/structures/preload-script.md
+++ b/docs/api/structures/preload-script.md
@@ -0,0 +1,6 @@
+# PreloadScript Object
+
+* `type` string - Context type where the preload script will be executed.
+  Possible values include `frame` or `service-worker`.
+* `id` string - Unique ID of preload script.
+* `filePath` string - Path of the script file. Must be an absolute path.
--- a/docs/api/structures/service-worker-info.md
+++ b/docs/api/structures/service-worker-info.md
@@ -3,3 +3,4 @@
 * `scriptUrl` string - The full URL to the script that this service worker runs
 * `scope` string - The base URL that this service worker is active for.
 * `renderProcessId` number - The virtual ID of the process that this service worker is running in.  This is not an OS level PID.  This aligns with the ID set used for `webContents.getProcessId()`.
+* `versionId` number - ID of the service worker version
--- a/docs/api/structures/shared-dictionary-info.md
+++ b/docs/api/structures/shared-dictionary-info.md
@@ -0,0 +1,12 @@
+# SharedDictionaryInfo Object
+
+* `match` string - The matching path pattern for the dictionary which was declared in 'use-as-dictionary' response header's `match` option.
+* `matchDestinations` string[] - An array of matching destinations for the dictionary which was declared in 'use-as-dictionary' response header's `match-dest` option.
+* `id` string - The Id for the dictionary which was declared in 'use-as-dictionary' response header's `id` option.
+* `dictionaryUrl` string - URL of the dictionary.
+* `lastFetchTime` Date - The time of when the dictionary was received from the network layer.
+* `responseTime` Date - The time of when the dictionary was received from the server. For cached responses, this time could be "far" in the past.
+* `expirationDuration` number - The expiration time for the dictionary which was declared in 'use-as-dictionary' response header's `expires` option in seconds.
+* `lastUsedTime` Date - The time when the dictionary was last used.
+* `size` number - The amount of bytes stored for this shared dictionary information object in Chromium's internal storage (usually Sqlite).
+* `hash` string - The sha256 hash of the dictionary binary.
--- a/Show More
+++ b/Show More