fix: pdf download functionality

https://chromium-review.googlesource.com/c/chromium/src/+/6682424

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+    image: ghcr.io/electron/devcontainer:933c7d6ff6802706875270bec2e3c891cf8add3f
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.github/actions/build-electron/action.yml

@@ -60,24 +60,14 @@ runs:
           sudo launchctl limit maxfiles 65536 200000
         fi
 
-        if [ "${{ inputs.is-release }}" = "true" ]; then
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:release_build
-        else
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:testing_build
-        fi
+        NINJA_SUMMARIZE_BUILD=1 e build
         cp out/Default/.ninja_log out/electron_ninja_log
         node electron/script/check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ! [ -z $DD_API_KEY ]; then
-          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true
-        else
-          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        fi
-    - name: Verify dist.zip ${{ inputs.step-suffix }}
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |
-        cd src        
+        cd src
+        e build --target electron:electron_dist_zip
         if [ "${{ inputs.is-asan }}" != "true" ]; then
           target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
           if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
@@ -85,10 +75,11 @@ runs:
           fi
           electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
         fi
-    - name: Fixup Mksnapshot ${{ inputs.step-suffix }}
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
       shell: bash
       run: |
         cd src
+        e build --target electron:electron_mksnapshot
         ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
         # Remove unused args from mksnapshot_args
         SEDOPTION="-i"
@@ -98,6 +89,7 @@ runs:
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
 
+        e build --target electron:electron_mksnapshot_zip
         if [ "${{ inputs.target-platform }}" = "win" ]; then
           cd out/Default
           powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
@@ -131,6 +123,7 @@ runs:
       shell: bash
       run: |
         cd src
+        e build --target electron:electron_chromedriver
         e build --target electron:electron_chromedriver_zip
 
         if [ "${{ inputs.is-asan }}" != "true" ]; then
@@ -140,6 +133,11 @@ runs:
           fi
           electron/script/zip_manifests/check-zip-manifest.py out/Default/chromedriver.zip electron/script/zip_manifests/chromedriver_zip.$target_os.${{ inputs.target-arch }}.manifest
         fi
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:node_headers
     - name: Create installed_software.json ${{ inputs.step-suffix }}
       shell: powershell
       if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
@@ -159,11 +157,17 @@ runs:
         # Needed for msdia140.dll on 64-bit windows
         cd src
         export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
-    - name: Zip Symbols ${{ inputs.step-suffix }}
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
       shell: bash
       run: |
+        # Generate breakpad symbols on release builds
+        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
+          e build --target electron:electron_symbols
+        fi
         cd src
         export BUILD_PATH="$(pwd)/out/Default"
+        e build --target electron:licenses
+        e build --target electron:electron_version_file
         if [ "${{ inputs.is-release }}" = "true" ]; then
           DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
         else
@@ -176,6 +180,18 @@ runs:
         cd src
         gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
         e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
+    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:hunspell_dictionaries_zip
+    - name: Generate Libcxx ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:libcxx_headers_zip
+        e build --target electron:libcxxabi_headers_zip
+        e build --target electron:libcxx_objects_zip
     - name: Remove Clang problem matcher
       shell: bash
       run: echo "::remove-matcher owner=clang::"
@@ -184,11 +200,10 @@ runs:
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
     - name: Publish Electron Dist ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
-      id: github-upload
       run: |
         rm -rf src/out/Default/obj
         cd src/electron
@@ -199,11 +214,6 @@ runs:
           echo 'Uploading Electron release distribution to GitHub releases'
           script/release/uploaders/upload.py --verbose
         fi
-    - name: Generate artifact attestation
-      if: ${{ inputs.is-release == 'true' }}
-      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-      with:
-        subject-path: ${{ steps.github-upload.outputs.UPLOADED_PATHS }}
     - name: Generate siso report
       if: ${{ inputs.target-platform != 'win' && !cancelled() }}
       shell: bash

.github/actions/checkout/action.yml

@@ -143,17 +143,16 @@ runs:
           echo "No changes to patches detected"
         fi
       fi
-  - name: Remove patch conflict problem matchers
+  - name: Remove patch conflict problem matcher
     shell: bash
     run: |
       echo "::remove-matcher owner=merge-conflict::"
       echo "::remove-matcher owner=patch-conflict::"
-      echo "::remove-matcher owner=patch-needs-update::"
   - name: Upload patches stats
     if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
     shell: bash
     run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+      npx node src/electron/script/patches-stats.mjs --upload-stats || true
   # delete all .git directories under src/ except for
   # third_party/angle/ and third_party/dawn/ because of build time generation of files
   # gen/angle/commit.h depends on third_party/angle/.git/HEAD
@@ -173,6 +172,7 @@ runs:
     run: |
       rm -rf src/android_webview
       rm -rf src/ios/chrome
+      rm -rf src/third_party/blink/web_tests
       rm -rf src/third_party/blink/perf_tests
       rm -rf src/chrome/test/data/xr/webvr_info
       rm -rf src/third_party/angle/third_party/VK-GL-CTS/src

.github/actions/free-space-macos/action.yml

@@ -17,30 +17,28 @@ runs:
         }
 
         strip_universal_deep() {
-          if [ -d "$1" ]; then
-            opwd=$(pwd)
-            cd $1
-            f=$(find . -perm +111 -type f)
-            for fp in $f
-            do
-              if [[ $(file "$fp") == *"universal binary"* ]]; then
-                if [ "`arch`" == "arm64" ]; then
-                  if [[ $(file "$fp") == *"x86_64"* ]]; then
-                    sudo lipo -remove x86_64 "$fp" -o "$fp" || true
-                  fi
-                else
-                  if [[ $(file "$fp") == *"arm64e)"* ]]; then
-                    sudo lipo -remove arm64e "$fp" -o "$fp" || true
-                  fi
-                  if [[ $(file "$fp") == *"arm64)"* ]]; then
-                    sudo lipo -remove arm64 "$fp" -o "$fp" || true
-                  fi
+          opwd=$(pwd)
+          cd $1
+          f=$(find . -perm +111 -type f)
+          for fp in $f
+          do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
+              else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
                 fi
               fi
-            done
+            fi
+          done
 
-            cd $opwd
-          fi
+          cd $opwd
         }
 
         tmpify /Library/Developer/CoreSimulator
@@ -62,26 +60,18 @@ runs:
 
         sudo rm -rf /Applications/Safari.app
         sudo rm -rf /Applications/Xcode_16.1.app
-        sudo rm -rf /Applications/Xcode_16.2.app
         sudo rm -rf /Applications/Xcode_16.3.app
-        sudo rm -rf /Applications/Xcode_26*
+        sudo rm -rf /Applications/Xcode_16.2.app
         sudo rm -rf /Applications/Google Chrome.app
+        sudo rm -rf /Applications/Xcode_16.4.app
         sudo rm -rf /Applications/Google Chrome for Testing.app
-        sudo rm -rf /Applications/Firefox.app
-        sudo rm -rf /Applications/Microsoft Edge.app
+        sudo rm -rf	/Applications/Firefox.app
         sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
         sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
         sudo rm -rf /Users/runner/Library/Android
         sudo rm -rf $JAVA_HOME_11_arm64
         sudo rm -rf $JAVA_HOME_17_arm64
         sudo rm -rf $JAVA_HOME_21_arm64
-        sudo rm -rf $JAVA_HOME_25_arm64
-        sudo rm -rf /Users/runner/.dotnet/
-        sudo rm -rf /Users/runner/.rustup
-
-        # remove homebrew packages we don't need
-        brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
-        brew autoremove
 
         # lipo off some huge binaries arm64 versions to save space
         strip_universal_deep $(xcode-select -p)/../SharedFrameworks

.github/actions/generate-types/action.yml

@@ -13,16 +13,12 @@ runs:
   - name: Generating Types for SHA in ${{ inputs.sha-file }}
     shell: bash
     run: |
-      export ELECTRON_DIR=$(pwd)
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
-        cd /tmp
-        git clone https://github.com/electron/electron.git
-        cd electron
-      fi
-      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
-      node script/yarn.js install --immutable
+      git checkout $(cat ${{ inputs.sha-file }})
+      rm -rf node_modules
+      yarn install --frozen-lockfile --ignore-scripts
       echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
       node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
       node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
+      mv artifacts/electron.d.ts artifacts/${{ inputs.filename }}
+      git checkout .
     working-directory: ./electron

.github/actions/install-build-tools/action.yml

@@ -15,7 +15,7 @@ runs:
         git config --global core.preloadindex true
         git config --global core.longpaths true
       fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=c13f4bdb50e65da46a4703f8f882079dd21fd99e
       npm i -g @electron/build-tools
       # Update depot_tools to ensure python
       e d update_depot_tools

.github/actions/install-dependencies/action.yml

@@ -6,7 +6,7 @@ runs:
   - name: Get yarn cache directory path
     shell: bash
     id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
+    run: echo "dir=$(node src/electron/script/yarn cache dir)" >> $GITHUB_OUTPUT
   - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
     id: yarn-cache
     with:
@@ -18,14 +18,4 @@ runs:
     shell: bash
     run: |
       cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
-        export npm_config_arch="ia32"
-      fi
-      # if running on linux arm skip yarn Builds
-      ARCH=$(uname -m)
-      if [ "$ARCH" = "armv7l" ]; then
-        echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
-      else
-        node script/yarn.js install --immutable
-      fi
+      node script/yarn install --frozen-lockfile --prefer-offline

.github/copilot-instructions.md

@@ -1,122 +0,0 @@
-# Copilot Instructions for Electron
-
-## Build System
-
-Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
-
-```bash
-e sync              # Fetch sources and apply patches
-e build             # Build Electron (GN + Ninja)
-e build -k 999      # Build, continuing through errors
-e start             # Run built Electron
-e start --version   # Verify Electron launches
-e test              # Run full test suite
-e debug             # Run in debugger (lldb on macOS, gdb on Linux)
-```
-
-### Linting
-
-```bash
-npm run lint              # Run all linters (JS, C++, Python, GN, docs)
-npm run lint:js           # JavaScript/TypeScript only
-npm run lint:clang-format # C++ formatting only
-npm run lint:cpp          # C++ linting only
-npm run lint:docs         # Documentation only
-```
-
-### Running a Single Test
-
-```bash
-npm run test -- -g "pattern"   # Run tests matching a regex pattern
-# Example: npm run test -- -g "ipc"
-```
-
-### Running a Single Node.js Test
-
-```bash
-node script/node-spec-runner.js parallel/test-crypto-keygen
-```
-
-## Architecture
-
-Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
-
-### Process Model
-
-Electron has two primary process types, mirroring Chromium:
-
-- **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
-- **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
-
-### Native ↔ JavaScript Bridge
-
-Each API is implemented as a C++/JS pair:
-
-- C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
-- JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
-- Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
-- Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
-
-### Patches System
-
-Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
-
-```text
-patches/{target}/*.patch  →  [e sync]   →  target repo commits
-                          ←  [e patches] ←
-```
-
-Key rules:
-
-- Fix existing patches rather than creating new ones
-- Preserve original authorship in TODO comments — never change `TODO(name)` assignees
-- Each patch commit message must explain why the patch exists
-- After modifying patches, run `e patches {target}` to export
-
-When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
-
-## Conventions
-
-### File Naming
-
-- JS/TS files: kebab-case (`file-name.ts`)
-- C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
-- Test files: `api-{module-name}-spec.ts` in `spec/`
-- Source file lists are maintained in `filenames.gni` (with platform-specific sections)
-
-### JavaScript/TypeScript
-
-- Semicolons required (`"semi": ["error", "always"]`)
-- `const` and `let` only (no `var`)
-- Arrow functions preferred
-- Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
-- API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
-- Prefer getters/setters over jQuery-style `.text([text])` patterns
-
-### C++
-
-- Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
-- Uses Chromium abstractions (`base::`, `content::`, etc.)
-- Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
-- Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
-
-### Testing
-
-- Framework: Mocha + Chai + Sinon
-- Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
-- Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
-- Tests import from `electron/main` or `electron/renderer`
-
-### Documentation
-
-- API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
-- API history tracked via YAML blocks in HTML comments within doc files
-- Docs must pass `npm run lint:docs`
-
-### Build Configuration
-
-- `BUILD.gn`: Main GN build config
-- `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
-- `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
-- `DEPS`: Dependency versions and checkout paths
-- `chromium_src/`: Chromium source file overrides (compiled instead of originals)

.github/problem-matchers/markdownlint.json

@@ -1,16 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "markdownlint",
-      "pattern": [
-        {
-          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/patch-conflict.json

@@ -19,16 +19,6 @@
           "line": 3
         }
       ]
-    },
-    {
-      "owner": "patch-needs-update",
-      "pattern": [
-        {
-          "regexp": "^((patches\/.*): needs update)$",
-          "message": 1,
-          "file": 2
-        }
-      ]
     }
   ]
 }

.github/workflows/apply-patches.yml

@@ -1,73 +0,0 @@
-name: Apply Patches
-
-on:
-  pull_request:
-
-permissions: {}
-
-concurrency:
-  group: apply-patches-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      has-patches: ${{ steps.filter.outputs.patches }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.head.sha }}
-    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
-    # so that the output can be used to conditionally run the apply-patches job, which lets
-    # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-      id: filter
-      with:
-        filters: |
-          patches:
-            - DEPS
-            - 'patches/**'
-
-  apply-patches:
-    needs: setup
-    if: ${{ needs.setup.outputs.has-patches == 'true' }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.base.ref }}
-    - name: Merge PR HEAD
-      working-directory: src/electron
-      env:
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        git config user.email "electron@github.com"
-        git config user.name "Electron Bot"
-        git fetch origin refs/pull/${PR_NUMBER}/head
-        git merge --squash FETCH_HEAD
-        git commit -n -m "Squashed commits"
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux

.github/workflows/archaeologist-dig.yml

@@ -3,21 +3,17 @@ name: Archaeologist
 on:
   pull_request:
 
-permissions: {}
-
 jobs:
    archaeologist-dig:
     name: Archaeologist Dig
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Checkout Electron
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
         with:
           fetch-depth: 0
       - name: Setup Node.js/npm
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
         with:
           node-version: 20.19.x
       - name: Setting Up Dig Site

.github/workflows/audit-branch-ci.yml

@@ -16,7 +16,7 @@ jobs:
       contents: read
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: 22.17.x
       - run: npm install @actions/cache@4.0.3 @electron/fiddle-core@2.0.1

.github/workflows/build-git-cache.yml

@@ -6,15 +6,11 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
-permissions: {}
-
 jobs:
   build-git-cache-linux:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -34,10 +30,8 @@ jobs:
 
   build-git-cache-windows:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -58,12 +52,10 @@ jobs:
 
   build-git-cache-macos:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     # This job updates the same git cache as linux, so it needs to run after the linux one.
     needs: build-git-cache-linux
     container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/build.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       skip-macos:
         type: boolean
@@ -43,13 +43,10 @@ defaults:
   run:
     shell: bash
 
-permissions: {}
-
 jobs:
   setup:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
@@ -66,17 +63,13 @@ jobs:
         filters: |
           docs:
             - 'docs/**'
-            - README.md
-            - SECURITY.md
-            - CONTRIBUTING.md
-            - CODE_OF_CONDUCT.md
           src:
             - '!docs/**'
     - name: Set Outputs for Build Image SHA & Docs Only
       id: set-output
       run: |
         if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=933c7d6ff6802706875270bec2e3c891cf8add3f" >> "$GITHUB_OUTPUT"
         else
           echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
         fi
@@ -87,8 +80,6 @@ jobs:
     needs: setup
     if: ${{ !inputs.skip-lint }}
     uses: ./.github/workflows/pipeline-electron-lint.yml
-    permissions:
-      contents: read
     with:
       container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
@@ -98,8 +89,6 @@ jobs:
     needs: [setup, checkout-linux]
     if: ${{ needs.setup.outputs.docs-only == 'true' }}
     uses: ./.github/workflows/pipeline-electron-docs-only.yml
-    permissions:
-      contents: read
     with:
       container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
     secrets: inherit
@@ -109,8 +98,6 @@ jobs:
     needs: setup
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -139,8 +126,6 @@ jobs:
     needs: setup
     if: ${{ !inputs.skip-linux}}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -170,8 +155,6 @@ jobs:
     needs: setup
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -202,20 +185,16 @@ jobs:
   # GN Check Jobs
   macos-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-macos
     with:
       target-platform: macos
       target-archs: x64 arm64
-      check-runs-on: macos-15
+      check-runs-on: macos-14
       gn-build-type: testing
     secrets: inherit
 
   linux-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
     with:
@@ -228,8 +207,6 @@ jobs:
 
   windows-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-windows
     with:
       target-platform: win
@@ -248,7 +225,7 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       test-runs-on: macos-15-large
       target-platform: macos
       target-arch: x64
@@ -267,7 +244,7 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       test-runs-on: macos-15
       target-platform: macos
       target-arch: arm64
@@ -333,7 +310,7 @@ jobs:
       build-runs-on: electron-arc-centralus-linux-amd64-32core
       test-runs-on: electron-arc-centralus-linux-arm64-4core
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
       target-platform: linux
       target-arch: arm
       is-release: false
@@ -423,8 +400,6 @@ jobs:
   gha-done:
     name: GitHub Actions Completed
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
     if: always() && !contains(needs.*.result, 'failure')
     steps: 

.github/workflows/clean-src-cache.yml

@@ -1,20 +1,16 @@
 name: Clean Source Cache
 
-# Description:
-# This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
+description: |
+  This workflow cleans up the source cache on the cross-instance cache volume
+  to free up space. It runs daily at midnight and clears files older than 15 days.
 
 on:
   schedule:
     - cron: "0 0 * * *"
 
-permissions: {}
-
 jobs:
   clean-src-cache:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root

.github/workflows/issue-labeled.yml

@@ -4,15 +4,14 @@ on:
   issues:
     types: [labeled]
 
-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
 
 jobs:
   issue-labeled-with-status:
     name: status/{confirmed,reviewed} label added
     if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -32,8 +31,6 @@ jobs:
     name: blocked/* label added
     if: startsWith(github.event.label.name, 'blocked/')
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1

.github/workflows/issue-opened.yml

@@ -11,7 +11,6 @@ jobs:
   add-to-issue-triage:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -29,7 +28,6 @@ jobs:
   set-labels:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1

.github/workflows/issue-transferred.yml

@@ -10,7 +10,6 @@ jobs:
   issue-transferred:
     name: Issue Transferred
     runs-on: ubuntu-latest
-    permissions: {}
     if: ${{ !github.event.changes.new_repository.private }}
     steps:
       - name: Generate GitHub App token

.github/workflows/issue-unlabeled.yml

@@ -4,15 +4,14 @@ on:
   issues:
     types: [unlabeled]
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   issue-unlabeled-blocked:
     name: All blocked/* labels removed
     if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels

.github/workflows/linux-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -17,13 +17,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-linux:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -43,12 +39,7 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
 
   publish-x64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
@@ -63,12 +54,7 @@ jobs:
     secrets: inherit
 
   publish-arm:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
@@ -83,12 +69,7 @@ jobs:
     secrets: inherit
 
   publish-arm64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release

.github/workflows/macos-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,13 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-macos:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -47,16 +43,11 @@ jobs:
         target-platform: macos
 
   publish-x64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: x64
       target-variant: darwin
@@ -67,16 +58,11 @@ jobs:
     secrets: inherit
 
   publish-x64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: x64
       target-variant: mas
@@ -87,16 +73,11 @@ jobs:
     secrets: inherit
 
   publish-arm64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: arm64
       target-variant: darwin
@@ -107,16 +88,11 @@ jobs:
     secrets: inherit
 
   publish-arm64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: arm64
       target-variant: mas

.github/workflows/non-maintainer-dependency-change.yml

@@ -7,8 +7,6 @@ on:
       - 'spec/yarn.lock'
       - '.github/workflows/**'
       - '.github/actions/**'
-      - '.yarn/**'
-      - '.yarnrc.yml'
 
 permissions: {}
 

.github/workflows/pipeline-electron-build-and-test-and-nan.yml

@@ -55,8 +55,6 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 concurrency:
   group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -64,8 +62,6 @@ concurrency:
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -78,10 +74,6 @@ jobs:
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
@@ -91,8 +83,6 @@ jobs:
     secrets: inherit
   nn-test:
     uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-build-and-test.yml

@@ -64,13 +64,14 @@ concurrency:
   group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -85,10 +86,6 @@ jobs:
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-docs-only.yml

@@ -8,8 +8,6 @@ on:
         description: 'Container to run the docs-only ts compile in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-docs-only-${{ github.ref }}
   cancel-in-progress: true
@@ -21,8 +19,6 @@ jobs:
   docs-only:
     name: Docs Only Compile
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
@@ -54,12 +50,12 @@ jobs:
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
         for f in build/webpack/*.js
         do
             out="${f:29}"
             if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
             fi
         done

.github/workflows/pipeline-electron-lint.yml

@@ -8,8 +8,6 @@ on:
         description: 'Container to run lint in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -21,8 +19,6 @@ jobs:
   lint:
     name: Lint
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
@@ -65,11 +61,9 @@ jobs:
         curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
 
         gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
+    - name: Add ESLint problem matcher
       shell: bash
-      run: |
-        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
-        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
+      run: echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
     - name: Run Lint
       shell: bash
       run: |
@@ -80,15 +74,11 @@ jobs:
         # but then we would lint its contents (at least gn format), and it doesn't pass it.
 
         cd src/electron
-        node script/yarn.js install --immutable
-        node script/yarn.js lint
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
     - name: Run Script Typechecker
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
-    - name: Check GHA Workflows
-      shell: bash
-      run: |
-        cd src/electron
-        node script/copy-pipeline-segment-publish.js --check
+        node script/yarn tsc -p tsconfig.script.json
+    

.github/workflows/pipeline-segment-electron-build.yml

@@ -59,8 +59,6 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 concurrency:
   group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -68,7 +66,6 @@ concurrency:
 env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
@@ -83,13 +80,10 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.build-container) }}
     environment: ${{ inputs.environment }}
     env:
       TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
     steps:
     - name: Create src dir
       run: |
@@ -119,7 +113,7 @@ jobs:
       run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
       with:
         node-version: 20.19.x
         cache: yarn

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -26,8 +26,6 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
   group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
   cancel-in-progress: true
@@ -43,8 +41,6 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.check-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.check-container) }}
     steps:
     - name: Checkout Electron

.github/workflows/pipeline-segment-electron-publish.yml

@@ -1,237 +0,0 @@
-# AUTOGENERATED FILE - DO NOT EDIT MANUALLY
-# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
-
-name: Pipeline Segment - Electron Build
-on:
-  workflow_call:
-    inputs:
-      environment:
-        description: using the production or testing environment
-        required: false
-        type: string
-      target-platform:
-        type: string
-        description: Platform to run on, can be macos, win or linux
-        required: true
-      target-arch:
-        type: string
-        description: Arch to build for, can be x64, arm64, ia32 or arm
-        required: true
-      target-variant:
-        type: string
-        description: Variant to build for, no effect on non-macOS target platforms. Can
-          be darwin, mas or all.
-        default: all
-      build-runs-on:
-        type: string
-        description: What host to run the build
-        required: true
-      build-container:
-        type: string
-        description: JSON container information for aks runs-on
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: Whether this build job is a release job
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: The gn build type - testing or release
-        required: true
-        type: string
-        default: testing
-      generate-symbols:
-        description: Whether or not to generate symbols
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage:
-        description: Whether or not to upload build artifacts to external storage
-        required: true
-        type: string
-        default: "0"
-      is-asan:
-        description: Building the Address Sanitizer (ASan) Linux build
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: Enable SSH debugging
-        required: false
-        type: boolean
-        default: false
-permissions: {}
-concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
-    }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
-    github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
-  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
-  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
-    '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
-    inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
-    '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
-  ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
-jobs:
-  build:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    container: ${{ fromJSON(inputs.build-container) }}
-    environment: ${{ inputs.environment }}
-    env:
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-    steps:
-      - name: Create src dir
-        run: |
-          mkdir src
-      - name: Checkout Electron
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Setup SSH Debugging
-        if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
-          env.ACTIONS_STEP_DEBUG == 'true') }}
-        uses: ./src/electron/.github/actions/ssh-debug
-        with:
-          tunnel: "true"
-        env:
-          CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-          CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-          CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-          AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Check disk space after freeing up space
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: df -h
-      - name: Setup Node.js/npm
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
-        with:
-          node-version: 20.19.x
-          cache: yarn
-          cache-dependency-path: src/electron/yarn.lock
-      - name: Install Dependencies
-        uses: ./src/electron/.github/actions/install-dependencies
-      - name: Install AZCopy
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: brew install azcopy
-      - name: Set GN_EXTRA_ARGS for Linux
-        if: ${{ inputs.target-platform == 'linux' }}
-        run: >
-          if [ "${{ inputs.target-arch  }}" = "arm" ]; then
-            if [ "${{ inputs.is-release  }}" = true ]; then
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
-            else
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
-            fi
-          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
-            GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
-          elif [ "${{ inputs.is-asan }}" = true ]; then
-            GN_EXTRA_ARGS='is_asan=true'
-          fi
-
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Set Chromium Git Cookie
-        uses: ./src/electron/.github/actions/set-chromium-cookie
-      - name: Install Build Tools
-        uses: ./src/electron/.github/actions/install-build-tools
-      - name: Generate DEPS Hash
-        run: |
-          node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-          echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-          echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-      - name: Restore src cache via AZCopy
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-azcopy
-        with:
-          target-platform: ${{ inputs.target-platform }}
-      - name: Restore src cache via AKS
-        if: ${{ inputs.target-platform == 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-aks
-      - name: Checkout Electron
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Fix Sync
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/fix-sync
-        with:
-          target-platform: ${{ inputs.target-platform }}
-        env:
-          ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
-      - name: Init Build Tools
-        run: >
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
-          --import ${{ inputs.gn-build-type }} --target-cpu ${{
-          inputs.target-arch }} --remote-build siso
-      - name: Run Electron Only Hooks
-        run: |
-          e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
-      - name: Regenerate DEPS Hash
-        run: >
-          (cd src/electron && git checkout .) && node
-          src/electron/script/generate-deps-hash.js
-
-          echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-      - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-        run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Build Electron
-        if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'darwin') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
-            inputs.target-platform }}
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          is-asan: ${{ inputs.is-asan }}
-      - name: Set GN_EXTRA_ARGS for MAS Build
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        run: |
-          echo "MAS_BUILD=true" >> $GITHUB_ENV
-          GN_EXTRA_ARGS='is_mas_build=true'
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Build Electron (MAS)
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: mas
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          step-suffix: (mas)

.github/workflows/pipeline-segment-electron-test.yml

@@ -35,7 +35,10 @@ concurrency:
   group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
 
 env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
@@ -50,10 +53,6 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     container: ${{ fromJSON(inputs.test-container) }}
     strategy:
       fail-fast: false
@@ -71,7 +70,7 @@ jobs:
         cp $(which node) /mnt/runner-externals/node20/bin/
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
       with:
         node-version: 20.19.x
     - name: Add TCC permissions on macOS
@@ -111,6 +110,11 @@ jobs:
             configure_sys_tccdb "$values"
           fi
         done
+
+        # Ref: https://github.com/getsentry/sentry-cocoa/blob/main/scripts/ci-enable-permissions.sh
+        if [ "$OSTYPE" = "darwin24" ]; then
+          defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
+        fi
     - name: Turn off the unexpectedly quit dialog on macOS
       if: ${{ inputs.target-platform == 'macos' }}
       run: defaults write com.apple.CrashReporter DialogType server
@@ -123,12 +127,6 @@ jobs:
         path: src/electron
         fetch-depth: 0
         ref: ${{ github.event.pull_request.head.sha }}
-    - name: Turn off screenshot nag on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: |
-        defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
-        src/electron/script/actions/screencapture-nag-remover.sh -a $(which bash)
-        src/electron/script/actions/screencapture-nag-remover.sh -a /opt/hca/hosted-compute-agent
     - name: Setup SSH Debugging
       if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
       uses: ./src/electron/.github/actions/ssh-debug
@@ -178,25 +176,32 @@ jobs:
         path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Restore Generated Artifacts
       run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist (win)
+    - name: Unzip Dist, Mksnapshot & Chromedriver (win)
       if: ${{ inputs.target-platform == 'win' }}
       shell: powershell
       run: |
         Set-ExecutionPolicy Bypass -Scope Process -Force
         cd src/out/Default
         Expand-Archive -Force dist.zip -DestinationPath ./
-    - name: Unzip Dist (unix)
+        Expand-Archive -Force chromedriver.zip -DestinationPath ./
+        Expand-Archive -Force mksnapshot.zip -DestinationPath ./
+    - name: Unzip Dist, Mksnapshot & Chromedriver (unix)
       if: ${{ inputs.target-platform != 'win' }}
       run: |
         cd src/out/Default
         unzip -:o dist.zip
+        unzip -:o chromedriver.zip
+        unzip -:o mksnapshot.zip
     #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
     #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
     #  run: |
     #    sudo security authorizationdb write com.apple.trust-settings.admin allow
     #    cd src/electron
     #    ./script/codesign/generate-identity.sh
-
+    - name: Install Datadog CLI
+      run: |
+        cd src/electron
+        node script/yarn global add @datadog/datadog-ci
     - name: Run Electron Tests
       shell: bash
       env:
@@ -222,7 +227,7 @@ jobs:
               export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
             fi
           fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
         else
           chown :builduser .. && chmod g+w ..
           chown -R :builduser . && chmod -R g+w .
@@ -239,14 +244,9 @@ jobs:
             export MOCHA_TIMEOUT=180000
             echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
             cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
           else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            else 
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            fi
-            
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
           fi
         fi
     - name: Upload Test results to Datadog
@@ -258,10 +258,9 @@ jobs:
         DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
       run: |
         if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
-          $DATADOG_PATH junit upload junit/test-results-main.xml
-        fi
+          export DATADOG_PATH=`node src/electron/script/yarn global bin`
+          $DATADOG_PATH/datadog-ci junit upload src/electron/junit/test-results-main.xml
+        fi          
       if: always() && !cancelled()
     - name: Upload Test Artifacts
       if: always() && !cancelled()

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -26,8 +26,6 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
   group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -41,8 +39,6 @@ jobs:
   node-tests:
     name: Run Node.js Tests
     runs-on: electron-arc-centralus-linux-amd64-8core
-    permissions:
-      contents: read
     timeout-minutes: 30
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -97,8 +93,6 @@ jobs:
   nan-tests:
     name: Run Nan Tests
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 30
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -138,16 +132,10 @@ jobs:
         unzip -:o dist.zip
     - name: Setup Linux for Headless Testing
       run: sh -e /etc/init.d/xvfb start
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Run Nan Tests
       run: |
         cd src
         node electron/script/nan-spec-runner.js
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
     - name: Wait for active SSH sessions
       shell: bash
       if: always() && !cancelled()

.github/workflows/pull-request-labeled.yml

@@ -11,7 +11,6 @@ jobs:
     name: backport/requested label added
     if: github.event.label.name == 'backport/requested 🗳'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Trigger Slack workflow
         uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
@@ -20,16 +19,12 @@ jobs:
           webhook-type: webhook-trigger
           payload: |
             {
-              "base_ref": ${{ toJSON(github.event.pull_request.base.ref) }},
-              "title": ${{ toJSON(github.event.pull_request.title) }},
-              "url": ${{ toJSON(github.event.pull_request.html_url) }},
-              "user": ${{ toJSON(github.event.pull_request.user.login) }}
+              "url": "${{ github.event.pull_request.html_url }}"
             }
   pull-request-labeled-deprecation-review-complete:
     name: deprecation-review/complete label added
     if: github.event.label.name == 'deprecation-review/complete ✅'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1

.github/workflows/rerun-apply-patches.yml

@@ -1,71 +0,0 @@
-name: Rerun PR Apply Patches
-
-on:
-  push:
-    branches:
-      - main
-      - '[1-9][0-9]-x-y'
-    paths:
-      - 'DEPS'
-      - 'patches/**'
-
-permissions: {}
-
-jobs:
-  rerun-apply-patches:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      checks: read
-      contents: read
-      pull-requests: read
-    steps:
-      - name: Find PRs and Rerun Apply Patches
-        env:
-          GH_REPO: ${{ github.repository }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          BRANCH="${GITHUB_REF#refs/heads/}"
-
-          # Find all open PRs targeting this branch
-          PRS=$(gh pr list --base "$BRANCH" --state open --limit 250 --json number)
-
-          echo "$PRS" | jq -c '.[]' | while read -r pr; do
-            PR_NUMBER=$(echo "$pr" | jq -r '.number')
-            echo "Processing PR #${PR_NUMBER}"
-
-            # Find the Apply Patches workflow check for this PR
-            CHECK=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '[.statusCheckRollup[] | select(.workflowName == "Apply Patches" and .name == "apply-patches")] | first')
-
-            if [ -z "$CHECK" ] || [ "$CHECK" = "null" ]; then
-              echo "  No Apply Patches workflow found for PR #${PR_NUMBER}"
-              continue
-            fi
-
-            CONCLUSION=$(echo "$CHECK" | jq -r '.conclusion')
-            if [ "$CONCLUSION" = "SKIPPED" ]; then
-              echo "  apply-patches job was skipped for PR #${PR_NUMBER} (no patches)"
-              continue
-            fi
-
-            LINK=$(echo "$CHECK" | jq -r '.detailsUrl')
-
-            # Extract the run ID from the link (format: .../runs/RUN_ID/job/JOB_ID)
-            RUN_ID=$(echo "$LINK" | grep -oE 'runs/[0-9]+' | cut -d'/' -f2)
-
-            if [ -z "$RUN_ID" ]; then
-              echo "  Could not extract run ID from link: ${LINK}"
-              continue
-            fi
-
-            # Check if the workflow is currently in progress
-            RUN_STATUS=$(gh run view "$RUN_ID" --json status --jq '.status')
-
-            if [ "$RUN_STATUS" = "in_progress" ] || [ "$RUN_STATUS" = "queued" ] || [ "$RUN_STATUS" = "waiting" ]; then
-              echo "  Workflow run ${RUN_ID} is ${RUN_STATUS}, cancelling..."
-              gh run cancel "$RUN_ID" --force
-              gh run watch "$RUN_ID"
-            fi
-
-            gh run rerun "$RUN_ID"
-          done

.github/workflows/scorecards.yml

@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
+        uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -7,7 +7,8 @@ on:
       - edited
       - synchronize
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   main:

.github/workflows/stable-prep-items.yml

@@ -11,7 +11,6 @@ jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1

.github/workflows/stale.yml

@@ -10,7 +10,6 @@ permissions: {}
 jobs:
   stale:
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -32,7 +31,6 @@ jobs:
           only-pr-labels: not-a-real-label
   pending-repro:
     runs-on: ubuntu-latest
-    permissions: {}
     if: ${{ always() }}
     needs: stale
     steps:

.github/workflows/windows-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,13 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-windows:
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -51,12 +47,7 @@ jobs:
         target-platform: win
 
   publish-x64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release
@@ -70,12 +61,7 @@ jobs:
     secrets: inherit
 
   publish-arm64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release
@@ -89,12 +75,7 @@ jobs:
     secrets: inherit
 
   publish-x86-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release

.gitignore

@@ -53,5 +53,3 @@ ts-gen
 patches/mtime-cache.json
 
 spec/fixtures/logo.png
-
-.yarn/install-state.gz

.nvmrc

@@ -1 +1 @@
-22
+20

.yarnrc.yml

@@ -1,12 +0,0 @@
-enableScripts: false
-
-nmHoistingLimits: workspaces
-
-nodeLinker: node-modules
-
-npmMinimalAgeGate: 10080
-
-npmPreapprovedPackages:
-  - "@electron/*"
-
-yarnPath: .yarn/releases/yarn-4.12.0.cjs

BUILD.gn

@@ -586,11 +586,6 @@ source_set("electron_lib") {
   }
 
   if (is_mac) {
-    # Disable C++ modules to resolve linking error when including MacOS SDK
-    # headers from third_party/electron_node/deps/uv/include/uv/darwin.h
-    # TODO(samuelmaddock): consider revisiting this in the future
-    use_libcxx_modules = false
-
     deps += [
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
@@ -1624,29 +1619,6 @@ group("node_headers") {
   public_deps = [ ":tar_node_headers" ]
 }
 
-group("testing_build") {
-  public_deps = [
-    ":electron_dist_zip",
-    ":electron_mksnapshot_zip",
-    ":node_headers",
-  ]
-}
-
-group("release_build") {
-  public_deps = [ ":testing_build" ]
-  if (is_official_build) {
-    public_deps += [ ":electron_symbols" ]
-  }
-  if (is_linux) {
-    public_deps += [
-      ":hunspell_dictionaries_zip",
-      ":libcxx_headers_zip",
-      ":libcxx_objects_zip",
-      ":libcxxabi_headers_zip",
-    ]
-  }
-}
-
 if (is_linux && is_official_build) {
   strip_binary("strip_electron_binary") {
     binary_input = "$root_out_dir/$electron_project_name"

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '142.0.7444.265',
+    '141.0.7390.7',
   'node_version':
-    'v22.22.0',
+    'v22.19.0',
   'nan_version':
     'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':
@@ -30,6 +30,9 @@ vars = {
   # The path of the sysroots.json file.
   'sysroots_json_path': 'electron/script/sysroots.json',
 
+  # KEEP IN SYNC WITH utils.js FILE
+  'yarn_version': '1.22.22',
+
   # To be able to build clean Chromium from sources.
   'apply_patches': True,
 
@@ -152,7 +155,7 @@ hooks = [
     'action': [
       'python3',
       '-c',
-      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["node", ".yarn/releases/yarn-4.12.0.cjs", "install", "--immutable"]);',
+      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["python3", "script/lib/npx.py", "yarn@' + (Var("yarn_version")) + '", "install", "--frozen-lockfile"]);',
     ],
   },
   {

README.md

@@ -37,9 +37,9 @@ For more installation options and troubleshooting tips, see
 
 Each Electron release provides binaries for macOS, Windows, and Linux.
 
-* macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
+* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
 * Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
-* Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
+* Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
   * Ubuntu 18.04 and newer
   * Fedora 32 and newer
   * Debian 10 and newer

build/args/all.gn

@@ -19,15 +19,15 @@ proprietary_codecs = true
 
 enable_printing = true
 
-# Refs https://chromium-review.googlesource.com/c/chromium/src/+/6986517
-# CI is using MacOS 15.5 which doesn't have the required modulemaps.
-use_clang_modules = false
-
 # Removes DLLs from the build, which are only meant to be used for Chromium development.
 # See https://github.com/electron/electron/pull/17985
 angle_enable_vulkan_validation_layers = false
 dawn_enable_vulkan_validation_layers = false
 
+# Removes dxc dll's that are only used experimentally.
+# See https://bugs.chromium.org/p/chromium/issues/detail?id=1474897
+dawn_use_built_dxc = false
+
 # These are disabled because they cause the zip manifest to differ between
 # testing and release builds.
 # See https://chromium-review.googlesource.com/c/chromium/src/+/2774898.
@@ -72,6 +72,3 @@ enterprise_cloud_content_analysis = false
 
 # We don't use anything from here, and it causes target collisions
 enable_linux_installer = false
-
-# Disable "Save to Drive" feature in PDF viewer
-enable_pdf_save_to_drive = false

docs/api/app.md

@@ -250,9 +250,7 @@ Returns:
 
 Emitted when the user clicks the native macOS new tab button. The new
 tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+`tabbingIdentifier`
 
 ### Event: 'browser-window-blur'
 
@@ -423,7 +421,6 @@ Returns:
     * `oom` - Process ran out of memory
     * `launch-failed` - Process never successfully launched
     * `integrity-failure` - Windows code integrity checks failed
-    * `memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
   * `exitCode` number - The exit code for the process
       (e.g. status from waitpid if on POSIX, from GetExitCodeProcess on Windows).
   * `serviceName` string (optional) - The non-localized name of the process.
@@ -567,9 +564,8 @@ and subscribing to the `ready` event if the app is not ready yet.
   * `steal` boolean _macOS_ - Make the receiver the active app even if another app is
   currently active.
 
-On macOS, makes the application the active app. On Windows, focuses on the application's
-first window. On Linux, either focuses on the first visible window (X11) or requests
-focus but may instead show a notification or flash the app icon (Wayland).
+On Linux, focuses on the first visible window. On macOS, makes the application
+the active app. On Windows, focuses on the application's first window.
 
 You should seek to use the `steal` option as sparingly as possible.
 
@@ -1218,13 +1214,6 @@ Disables hardware acceleration for current app.
 
 This method can only be called before app is ready.
 
-### `app.isHardwareAccelerationEnabled()`
-
-Returns `boolean` - whether hardware acceleration is currently enabled.
-
- > [!NOTE]
- > This information is only usable after the `gpu-info-update` event is emitted.
-
 ### `app.disableDomainBlockingFor3DAPIs()`
 
 By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
@@ -1317,7 +1306,7 @@ Returns `boolean` - Whether the current desktop environment is Unity launcher.
 ### `app.getLoginItemSettings([options])` _macOS_ _Windows_
 
 * `options` Object (optional)
-  * `type` string (optional) _macOS_ - Can be `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
+  * `type` string (optional) _macOS_ - Can be one of `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
   * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
   * `path` string (optional) _Windows_ - The executable path to compare against. Defaults to `process.execPath`.
   * `args` string[] (optional) _Windows_ - The command-line arguments to compare against. Defaults to an empty array.
@@ -1332,13 +1321,13 @@ Returns `Object`:
 * `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login automatically.
 * `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
-* `status` string _macOS_ - can be `not-registered`, `enabled`, `requires-approval`, or `not-found`.
+* `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
 * `executableWillLaunchAtLogin` boolean _Windows_ - `true` if app is set to open at login and its run key is not deactivated. This differs from `openAtLogin` as it ignores the `args` option, this property will be true if the given executable would be launched at login with **any** arguments.
 * `launchItems` Object[] _Windows_
   * `name` string _Windows_ - name value of a registry entry.
   * `path` string _Windows_ - The executable to an app that corresponds to a registry entry.
   * `args` string[] _Windows_ - the command-line arguments to pass to the executable.
-  * `scope` string _Windows_ - can be `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
+  * `scope` string _Windows_ - one of `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
   * `enabled` boolean _Windows_ - `true` if the app registry key is startup approved and therefore shows as `enabled` in Task Manager and Windows settings.
 
 ### `app.setLoginItemSettings(settings)` _macOS_ _Windows_
@@ -1408,75 +1397,7 @@ details. Disabled by default.
 This API must be called after the `ready` event is emitted.
 
 > [!NOTE]
-> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default. Calling this method will enable the following accessibility support features: `nativeAPIs`, `webContents`, `inlineTextBoxes`, and `extendedProperties`.
-
-### `app.getAccessibilitySupportFeatures()` _macOS_ _Windows_
-
-Returns `string[]` - Array of strings naming currently enabled accessibility support components. Possible values:
-
-* `nativeAPIs` - Native OS accessibility APIs integration enabled.
-* `webContents` - Web contents accessibility tree exposure enabled.
-* `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
-* `extendedProperties` - Extended accessibility properties enabled.
-* `screenReader` - Screen reader specific mode enabled.
-* `html` - HTML accessibility tree construction enabled.
-* `labelImages` - Accessibility support for automatic image annotations.
-* `pdfPrinting` - Accessibility support for PDF printing enabled.
-
-Notes:
-
-* The array may be empty if no accessibility modes are active.
-* Use `app.isAccessibilitySupportEnabled()` for the legacy boolean check;
-  prefer this method for granular diagnostics or telemetry.
-
-Example:
-
-```js
-const { app } = require('electron')
-
-app.whenReady().then(() => {
-  if (app.getAccessibilitySupportFeatures().includes('screenReader')) {
-    // Change some app UI to better work with Screen Readers.
-  }
-})
-```
-
-### `app.setAccessibilitySupportFeatures(features)` _macOS_ _Windows_
-
-* `features` string[] - An array of the accessibility features to enable.
-
-Possible values are:
-
-* `nativeAPIs` - Native OS accessibility APIs integration enabled.
-* `webContents` - Web contents accessibility tree exposure enabled.
-* `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
-* `extendedProperties` - Extended accessibility properties enabled.
-* `screenReader` - Screen reader specific mode enabled.
-* `html` - HTML accessibility tree construction enabled.
-* `labelImages` - Accessibility support for automatic image annotations.
-* `pdfPrinting` - Accessibility support for PDF printing enabled.
-
-To disable all supported features, pass an empty array `[]`.
-
-Example:
-
-```js
-const { app } = require('electron')
-
-app.whenReady().then(() => {
-  // Enable a subset of features:
-  app.setAccessibilitySupportFeatures([
-    'screenReader',
-    'pdfPrinting',
-    'webContents'
-  ])
-
-  // Other logic
-
-  // Some time later, disable all features:
-  app.setAccessibilitySupportFeatures([])
-})
-```
+> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default.
 
 ### `app.showAboutPanel()`
 

docs/api/auto-updater.md

@@ -32,19 +32,9 @@ update process. Apps that need to disable ATS can add the
 
 ### Windows
 
-On Windows, the `autoUpdater` module automatically selects the appropriate update mechanism
-based on how your app is packaged:
-
-* **MSIX packages**: If your app is running as an MSIX package (created with [electron-windows-msix][msix-lib] and detected via [`process.windowsStore`](process.md#processwindowsstore-readonly)),
-  the module uses the MSIX updater, which supports direct MSIX file links and JSON update feeds.
-* **Squirrel.Windows**: For apps installed via traditional installers (created with
-  [electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib]),
-  the module uses Squirrel.Windows for updates.
-
-You don't need to configure which updater to use; Electron automatically detects the packaging
-format and uses the appropriate one.
-
-#### Squirrel.Windows
+On Windows, you have to install your app into a user's machine before you can
+use the `autoUpdater`, so it is recommended that you use
+[electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib] to generate a Windows installer.
 
 Apps built with Squirrel.Windows will trigger [custom launch events](https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/docs/using/custom-squirrel-events-non-cs.md#application-startup-commands)
 that must be handled by your Electron application to ensure proper setup and teardown.
@@ -65,14 +55,6 @@ The installer generated with Squirrel.Windows will create a shortcut icon with a
 same ID for your app with `app.setAppUserModelId` API, otherwise Windows will
 not be able to pin your app properly in task bar.
 
-#### MSIX Packages
-
-When your app is packaged as an MSIX, the `autoUpdater` module provides additional
-functionality:
-
-* Use the `allowAnyVersion` option in `setFeedURL()` to allow updates to older versions (downgrades)
-* Support for direct MSIX file links or JSON update feeds (similar to Squirrel.Mac format)
-
 ## Events
 
 The `autoUpdater` object emits the following events:
@@ -110,7 +92,7 @@ Returns:
 
 Emitted when an update has been downloaded.
 
-With Squirrel.Windows only `releaseName` is available.
+On Windows only `releaseName` is available.
 
 > [!NOTE]
 > It is not strictly necessary to handle this event. A successfully
@@ -129,12 +111,10 @@ The `autoUpdater` object has the following methods:
 ### `autoUpdater.setFeedURL(options)`
 
 * `options` Object
-  * `url` string - The update server URL. For _Windows_ MSIX, this can be either a direct link to an MSIX file (e.g., `https://example.com/update.msix`) or a JSON endpoint that returns update information (see the [Squirrel.Mac][squirrel-mac] README for more information).
+  * `url` string
   * `headers` Record\<string, string\> (optional) _macOS_ - HTTP request headers.
   * `serverType` string (optional) _macOS_ - Can be `json` or `default`, see the [Squirrel.Mac][squirrel-mac]
     README for more information.
-  * `allowAnyVersion` boolean (optional) _Windows_ - If `true`, allows downgrades to older versions for MSIX packages.
-    Defaults to `false`.
 
 Sets the `url` and initialize the auto updater.
 
@@ -171,4 +151,3 @@ closed.
 [electron-forge-lib]: https://www.electronforge.io/config/makers/squirrel.windows
 [app-user-model-id]: https://learn.microsoft.com/en-us/windows/win32/shell/appids
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
-[msix-lib]:  https://github.com/electron-userland/electron-windows-msix

docs/api/base-window.md

@@ -351,11 +351,7 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the user clicks the native macOS new tab button. The new
-tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+Emitted when the native new tab button is clicked.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 
@@ -760,9 +756,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 
-> [!NOTE]
-> On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.getBackgroundColor()`
 
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -976,9 +969,6 @@ Moves window to `x` and `y`.
 
 Returns `Integer[]` - Contains the window's current position.
 
-> [!NOTE]
-> On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.setTitle(title)`
 
 * `title` string
@@ -1272,16 +1262,15 @@ Sets the properties for the window's taskbar button.
 
 #### `win.setAccentColor(accentColor)` _Windows_
 
-* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
+* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
 
 Sets the system accent color and highlighting of active window border.
 
 The `accentColor` parameter accepts the following values:
 
-* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
-* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
-* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
-* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
+* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
+* **`true`** - Uses the system's default accent color from user preferences in System Settings.
+* **`false`** - Explicitly disables accent color highlighting for the window.
 
 Examples:
 
@@ -1294,14 +1283,11 @@ win.setAccentColor('#ff0000')
 // RGB format (alpha ignored if present).
 win.setAccentColor('rgba(255,0,0,0.5)')
 
-// Enable accent color, using the color specified in System Settings.
+// Use system accent color.
 win.setAccentColor(true)
 
 // Disable accent color.
 win.setAccentColor(false)
-
-// Reset window accent color behavior to follow behavior set in System Settings.
-win.setAccentColor(null)
 ```
 
 #### `win.getAccentColor()` _Windows_

docs/api/browser-window.md

@@ -140,10 +140,6 @@ state is `hidden` in order to minimize power consumption.
   move.
 * On Linux the type of modal windows will be changed to `dialog`.
 * On Linux many desktop environments do not support hiding a modal window.
-* On Wayland (Linux) it is generally not possible to programmatically resize windows
-  after creation, or to position, move, focus, or blur windows without user input.
-  If your app needs these capabilities, run it in Xwayland by appending the flag
-  `--ozone-platform=x11`.
 
 ## Class: BrowserWindow extends `BaseWindow`
 
@@ -435,11 +431,7 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the user clicks the native macOS new tab button. The new
-tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+Emitted when the native new tab button is clicked.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 
@@ -664,15 +656,10 @@ the [close event](#event-close).
 
 Focuses on the window.
 
-On Wayland (Linux), the desktop environment may show a notification or flash
-the app icon if the window or app is not already focused.
-
 #### `win.blur()`
 
 Removes focus from the window.
 
-Not supported on Wayland (Linux).
-
 #### `win.isFocused()`
 
 Returns `boolean` - Whether the window is focused.
@@ -689,8 +676,6 @@ Shows and gives focus to the window.
 
 Shows the window but doesn't focus on it.
 
-Not supported on Wayland (Linux).
-
 #### `win.hide()`
 
 Hides the window.
@@ -839,8 +824,6 @@ Closes the currently open [Quick Look][quick-look] panel.
 
 Resizes and moves the window to the supplied bounds. Any properties that are not supplied will default to their current values.
 
-On Wayland (Linux), has the same limitations as `setSize` and `setPosition`.
-
 ```js
 const { BrowserWindow } = require('electron')
 
@@ -866,9 +849,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 
-> [!NOTE]
-> On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.getBackgroundColor()`
 
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -886,8 +866,6 @@ See [Setting `backgroundColor`](#setting-the-backgroundcolor-property).
 Resizes and moves the window's client area (e.g. the web page) to
 the supplied bounds.
 
-On Wayland (Linux), has the same limitations as `setContentSize` and `setPosition`.
-
 #### `win.getContentBounds()`
 
 Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window's client area as `Object`.
@@ -917,8 +895,6 @@ Returns `boolean` - whether the window is enabled.
 
 Resizes the window to `width` and `height`. If `width` or `height` are below any set minimum size constraints the window will snap to its minimum size.
 
-On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
-
 #### `win.getSize()`
 
 Returns `Integer[]` - Contains the window's width and height.
@@ -931,8 +907,6 @@ Returns `Integer[]` - Contains the window's width and height.
 
 Resizes the window's client area (e.g. the web page) to `width` and `height`.
 
-On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
-
 #### `win.getContentSize()`
 
 Returns `Integer[]` - Contains the window's client area's width and height.
@@ -1070,16 +1044,12 @@ this method throws an error.
 
 #### `win.moveTop()`
 
-Moves window to top(z-order) regardless of focus.
-
-Not supported on Wayland (Linux).
+Moves window to top(z-order) regardless of focus
 
 #### `win.center()`
 
 Moves window to the center of the screen.
 
-Not supported on Wayland (Linux).
-
 #### `win.setPosition(x, y[, animate])`
 
 * `x` Integer
@@ -1088,15 +1058,10 @@ Not supported on Wayland (Linux).
 
 Moves window to `x` and `y`.
 
-Not supported on Wayland (Linux).
-
 #### `win.getPosition()`
 
 Returns `Integer[]` - Contains the window's current position.
 
-> [!NOTE]
-> On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.setTitle(title)`
 
 * `title` string
@@ -1262,8 +1227,7 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the
 
 Returns `Promise<void>` - the promise will resolve when the page has finished loading
 (see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
-if the page fails to load (see
-[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
+if the page fails to load (see [`did-fail-load`](web-contents.md#event-did-fail-load)).
 
 Same as [`webContents.loadURL(url[, options])`](web-contents.md#contentsloadurlurl-options).
 
@@ -1478,16 +1442,15 @@ Sets the properties for the window's taskbar button.
 
 #### `win.setAccentColor(accentColor)` _Windows_
 
-* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
+* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
 
 Sets the system accent color and highlighting of active window border.
 
 The `accentColor` parameter accepts the following values:
 
-* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
-* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
-* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
-* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
+* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
+* **`true`** - Uses the system's default accent color from user preferences in System Settings.
+* **`false`** - Explicitly disables accent color highlighting for the window.
 
 Examples:
 
@@ -1500,14 +1463,11 @@ win.setAccentColor('#ff0000')
 // RGB format (alpha ignored if present).
 win.setAccentColor('rgba(255,0,0,0.5)')
 
-// Enable accent color, using the color specified in System Settings.
+// Use system accent color.
 win.setAccentColor(true)
 
 // Disable accent color.
 win.setAccentColor(false)
-
-// Reset window accent color behavior to follow behavior set in System Settings.
-win.setAccentColor(null)
 ```
 
 #### `win.getAccentColor()` _Windows_
@@ -1610,18 +1570,11 @@ events.
 
 Prevents the window contents from being captured by other apps.
 
-On Windows, it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
+On macOS it sets the NSWindow's [`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc) to [`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
+On Windows it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
 For Windows 10 version 2004 and up the window will be removed from capture entirely,
 older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.
 
-On macOS, it sets the `NSWindow`'s
-[`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc)
-to
-[`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
-Unfortunately, due to an intentional change in macOS, newer Mac applications that use
-`ScreenCaptureKit` will capture your window despite `win.setContentProtection(true)`.
-See [here](https://github.com/electron/electron/issues/48258#issuecomment-3269893618).
-
 #### `win.isContentProtected()` _macOS_ _Windows_
 
 Returns `boolean` - whether or not content protection is currently enabled.

docs/api/client-request.md

@@ -25,11 +25,6 @@ following properties:
     with which the request is associated. Defaults to the empty string. The
     `session` option supersedes `partition`. Thus if a `session` is explicitly
     specified, `partition` is ignored.
-  * `bypassCustomProtocolHandlers` boolean (optional) - When set to `true`,
-    custom protocol handlers registered for the request's URL scheme will not be
-    called. This allows forwarding an intercepted request to the built-in
-    handler. [webRequest](web-request.md) handlers will still be triggered
-    when bypassing custom protocols. Defaults to `false`.
   * `credentials` string (optional) - Can be `include`, `omit` or
     `same-origin`. Whether to send
     [credentials](https://fetch.spec.whatwg.org/#credentials) with this

docs/api/clipboard.md

@@ -4,12 +4,6 @@
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) (non-sandboxed only)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 On Linux, there is also a `selection` clipboard. To manipulate it
 you need to pass `selection` to each method:
 

docs/api/command-line-switches.md

@@ -361,13 +361,6 @@ Keep in mind that standalone switches can sometimes be split into individual fea
 
 Finally, you'll need to ensure that the version of Chromium in Electron matches the version of the browser you're using to cross-reference the switches.
 
-### Chromium features relevant to Electron apps
-
-* `AlwaysLogLOAFURL`: enables script attribution for
-  [`long-animation-frame`](https://developer.mozilla.org/en-US/docs/Web/API/Performance_API/Long_animation_frame_timing)
-  `PerformanceObserver` events for non-http(s), non-data, non-blob URLs (such as `file:` or custom
-  protocol URLs).
-
 [app]: app.md
 [append-switch]: command-line.md#commandlineappendswitchswitch-value
 [debugging-main-process]: ../tutorial/debugging-main-process.md

docs/api/crash-reporter.md

@@ -4,12 +4,6 @@
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 The following is an example of setting up Electron to automatically submit
 crash reports to a remote server:
 

docs/api/desktop-capturer.md

@@ -94,45 +94,14 @@ The `desktopCapturer` module has the following methods:
 Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`DesktopCapturerSource`](structures/desktop-capturer-source.md) objects, each `DesktopCapturerSource` represents a screen or an individual window that can be captured.
 
 > [!NOTE]
-
-> * Capturing audio requires `NSAudioCaptureUsageDescription` Info.plist key on macOS 14.2 Sonoma and higher - [read more](#macos-versions-142-or-higher).
-> * Capturing the screen contents requires user consent on macOS 10.15 Catalina or higher, which can detected by [`systemPreferences.getMediaAccessStatus`][].
+> Capturing the screen contents requires user consent on macOS 10.15 Catalina or higher,
+> which can detected by [`systemPreferences.getMediaAccessStatus`][].
 
 [`navigator.mediaDevices.getUserMedia`]: https://developer.mozilla.org/en/docs/Web/API/MediaDevices/getUserMedia
 [`systemPreferences.getMediaAccessStatus`]: system-preferences.md#systempreferencesgetmediaaccessstatusmediatype-windows-macos
 
 ## Caveats
 
-### Linux
+`navigator.mediaDevices.getUserMedia` does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this.
 
-`desktopCapturer.getSources(options)` only returns a single source on Linux when using Pipewire.
-
-PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
-
----
-
-### MacOS versions 14.2 or higher
-
-`NSAudioCaptureUsageDescription` Info.plist key must be added in-order for audio to be captured by `desktopCapturer`. If instead you are running electron from another program like a terminal or IDE then that parent program must contain the Info.plist key.
-
-This is in order to facillitate use of Apple's new [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps#Configure-the-sample-code-project) by Chromium.
-
-> [!WARNING]
-> Failure of `desktopCapturer` to start an audio stream due to `NSAudioCaptureUsageDescription` permission not present will still create a dead audio stream however no warnings or errors are displayed.
-
-As of electron `v39.0.0-beta.4` Chromium [made Apple's new `CoreAudio Tap API` the default](https://source.chromium.org/chromium/chromium/src/+/ad17e8f8b93d5f34891b06085d373a668918255e) for desktop audio capture. There is no fallback to the older `Screen & System Audio Recording` permissions system even if [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps) stream creation fails.
-
-If you need to continue using `Screen & System Audio Recording` permissions for `desktopCapturer` on macOS versions 14.2 and later, you can apply a chromium feature flag to force use of that older permissions system:
-
-```js
-// main.js (right beneath your require/import statments)
-app.commandLine.appendSwitch('disable-features', 'MacCatapLoopbackAudioForScreenShare')
-```
-
----
-
-### MacOS versions 12.7.6 or lower
-
-`navigator.mediaDevices.getUserMedia` does not work on macOS versions 12.7.6 and prior for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this. Only in macOS 13 and onwards does Apple provide APIs to capture desktop audio without the need for a signed kernel extension.
-
-It is possible to circumvent this limitation by capturing system audio with another macOS app like [BlackHole](https://existential.audio/blackhole/) or [Soundflower](https://rogueamoeba.com/freebies/soundflower/) and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
+It is possible to circumvent this limitation by capturing system audio with another macOS app like Soundflower and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.

docs/api/environment-variables.md

@@ -159,22 +159,6 @@ Notification activated (com.github.Electron:notification:EAF7B87C-A113-43D7-8E76
 Notification replied to (com.github.Electron:notification:EAF7B87C-A113-43D7-8E76-F88EC9D73D44)
 ```
 
-### `ELECTRON_DEBUG_MSIX_UPDATER`
-
-Adds extra logs to MSIX updater operations on Windows to aid in debugging. Extra logging will be displayed when MSIX update operations are initiated, including package updates, package registration, and restart registration. This helps diagnose issues with MSIX package updates and deployments.
-
-Sample output:
-
-```sh
-UpdateMsix called with URI: https://example.com/app.msix
-DoUpdateMsix: Starting
-Calling AddPackageByUriAsync... URI: https://example.com/app.msix
-Update options - deferRegistration: true, developerMode: false, forceShutdown: false, forceTargetShutdown: false, forceUpdateFromAnyVersion: false
-Waiting for deployment...
-Deployment finished.
-MSIX Deployment completed.
-```
-
 ### `ELECTRON_LOG_ASAR_READS`
 
 When Electron reads from an ASAR file, log the read offset and file path to
@@ -202,3 +186,14 @@ the one downloaded by `npm install`. Usage:
 ```sh
 export ELECTRON_OVERRIDE_DIST_PATH=/Users/username/projects/electron/out/Testing
 ```
+
+## Set By Electron
+
+Electron sets some variables in your environment at runtime.
+
+### `ORIGINAL_XDG_CURRENT_DESKTOP`
+
+This variable is set to the value of `XDG_CURRENT_DESKTOP` that your application
+originally launched with.  Electron sometimes modifies the value of `XDG_CURRENT_DESKTOP`
+to affect other logic within Chromium so if you want access to the _original_ value
+you should look up this environment variable instead.

docs/api/ipc-renderer.md

@@ -20,12 +20,6 @@ changes:
 
 Process: [Renderer](../glossary.md#renderer-process)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 The `ipcRenderer` module is an  [EventEmitter][event-emitter]. It provides a few
 methods so you can send synchronous and asynchronous messages from the render
 process (web page) to the main process. You can also receive replies from the

docs/api/menu-item.md

@@ -34,8 +34,7 @@ See [`Menu`](menu.md) for examples.
   * `sublabel` string (optional) _macOS_ - Available in macOS >= 14.4
   * `toolTip` string (optional) _macOS_ - Hover text for this menu item.
   * `accelerator` string (optional) - An [Accelerator](../tutorial/keyboard-shortcuts.md#accelerators) string.
-  * `icon` ([NativeImage](native-image.md) | string) (optional) - Can be a
-    [NativeImage](native-image.md) or the file path of an icon.
+  * `icon` ([NativeImage](native-image.md) | string) (optional)
   * `enabled` boolean (optional) - If false, the menu item will be greyed out and
     unclickable.
   * `acceleratorWorksWhenHidden` boolean (optional) _macOS_ - default is `true`, and when `false` will prevent the accelerator from triggering the item if the item is not visible.
@@ -107,7 +106,7 @@ A `string` (optional) indicating the item's role, if set. Can be `undo`, `redo`,
 
 #### `menuItem.accelerator`
 
-An `Accelerator | null` indicating the item's accelerator, if set.
+An `Accelerator` (optional) indicating the item's accelerator, if set.
 
 #### `menuItem.userAccelerator` _Readonly_ _macOS_
 

docs/api/native-image.md

@@ -4,12 +4,6 @@
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 The `nativeImage` module provides a unified interface for manipulating
 system images. These can be handy if you want to provide multiple scaled
 versions of the same icon or take advantage of macOS [template images][template-image].
@@ -202,7 +196,8 @@ Creates a new `NativeImage` instance from `dataUrl`, a base 64 encoded [Data URL
 Returns `NativeImage`
 
 Creates a new `NativeImage` instance from the `NSImage` that maps to the
-given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388) documentation and [SF Symbols](https://developer.apple.com/sf-symbols/) for a list of possible values.
+given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388)
+documentation for a list of possible values.
 
 The `hslShift` is applied to the image with the following rules:
 
@@ -230,15 +225,6 @@ echo -e '#import <Cocoa/Cocoa.h>\nint main() { NSLog(@"%@", SYSTEM_IMAGE_NAME);
 
 where `SYSTEM_IMAGE_NAME` should be replaced with any value from [this list](https://developer.apple.com/documentation/appkit/nsimagename?language=objc).
 
-For SF Symbols, usage looks as follows:
-
-```js
-const image = nativeImage.createFromNamedImage('square.and.pencil')
-```
-
-where `'square.and.pencil'` is the symbol name from the
-[SF Symbols app](https://developer.apple.com/sf-symbols/).
-
 ## Class: NativeImage
 
 > Natively wrap images such as tray, dock, and application icons.

docs/api/process.md

@@ -71,7 +71,7 @@ will disable the support for `asar` archives in Node's built-in modules.
 
 ### `process.noDeprecation`
 
-A `boolean` (optional) that controls whether or not deprecation warnings are printed to `stderr`.
+A `boolean` that controls whether or not deprecation warnings are printed to `stderr`.
 Setting this to `true` will silence deprecation warnings. This property is used
 instead of the `--no-deprecation` command line flag.
 
@@ -128,8 +128,8 @@ A `string` representing Electron's version string.
 
 ### `process.windowsStore` _Readonly_
 
-A `boolean`. If the app is running as an MSIX package (including AppX for Windows Store),
-this property is `true`, otherwise it is `undefined`.
+A `boolean`. If the app is running as a Windows Store app (appx), this property is `true`,
+for otherwise it is `undefined`.
 
 ### `process.contextId` _Readonly_
 

docs/api/shell.md

@@ -58,10 +58,6 @@ Rejects if there was an error while deleting the requested item.
 This moves a path to the OS-specific trash location (Trash on macOS, Recycle
 Bin on Windows, and a desktop-environment-specific location on Linux).
 
-The path must use the default path separator for the platform (backslash on
-Windows). Use `path.resolve()` from the `node:path` module to ensure correct
-handling on all filesystems.
-
 ### `shell.beep()`
 
 Play the beep sound.

docs/api/structures/base-window-options.md

@@ -72,9 +72,6 @@
   some GTK+3 desktop environments. Default is `false`.
 * `transparent` boolean (optional) - Makes the window [transparent](../../tutorial/custom-window-styles.md#transparent-windows).
   Default is `false`. On Windows, does not work unless the window is frameless.
-  When you add a [`View`](../view.md) to a `BaseWindow`, you'll need to call
-  [`view.setBackgroundColor`](../view.md#viewsetbackgroundcolorcolor) with a transparent
-  background color on that view to make its background transparent as well.
 * `type` string (optional) - The type of window, default is normal window. See more about
   this below.
 * `visualEffectState` string (optional) _macOS_ - Specify how the material
@@ -102,13 +99,12 @@
 * `trafficLightPosition` [Point](point.md) (optional) _macOS_ -
   Set a custom position for the traffic light buttons in frameless windows.
 * `roundedCorners` boolean (optional) _macOS_ _Windows_ - Whether frameless window
-  should have rounded corners. Default is `true`. On Windows versions older than
-  Windows 11 Build 22000 this property has no effect, and frameless windows will
-  not have rounded corners.
-* `thickFrame` boolean (optional) _Windows_ - Use `WS_THICKFRAME` style for
-  frameless windows on Windows, which adds the standard window frame. Setting it
-  to `false` will remove window shadow and window animations, and disable window
-  resizing via dragging the window edges. Default is `true`.
+  should have rounded corners. Default is `true`. Setting this property
+  to `false` will prevent the window from being fullscreenable on macOS.
+  On Windows versions older than Windows 11 Build 22000 this property has no effect, and frameless windows will not have rounded corners.
+* `thickFrame` boolean (optional) - Use `WS_THICKFRAME` style for frameless windows on
+  Windows, which adds standard window frame. Setting it to `false` will remove
+  window shadow and window animations. Default is `true`.
 * `vibrancy` string (optional) _macOS_ - Add a type of vibrancy effect to
   the window, only on macOS. Can be `appearance-based`, `titlebar`, `selection`,
   `menu`, `popover`, `sidebar`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`,

docs/api/structures/offscreen-shared-texture.md

@@ -2,10 +2,7 @@
 
 * `textureInfo` Object - The shared texture info.
   * `widgetType` string - The widget type of the texture. Can be `popup` or `frame`.
-  * `pixelFormat` string - The pixel format of the texture.
-    * `rgba` - The texture format is 8-bit unorm RGBA.
-    * `bgra` - The texture format is 8-bit unorm BGRA.
-    * `rgbaf16` - The texture format is 16-bit float RGBA.
+  * `pixelFormat` string - The pixel format of the texture. Can be `rgba` or `bgra`.
   * `codedSize` [Size](size.md) - The full dimensions of the video frame.
   * `colorSpace` [ColorSpace](color-space.md) - The color space of the video frame.
   * `visibleRect` [Rectangle](rectangle.md) - A subsection of [0, 0, codedSize.width, codedSize.height]. In OSR case, it is expected to have the full section area.

docs/api/structures/render-process-gone-details.md

@@ -8,7 +8,6 @@
   * `oom` - Process ran out of memory
   * `launch-failed` - Process never successfully launched
   * `integrity-failure` - Windows code integrity checks failed
-  * `memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
 * `exitCode` Integer - The exit code of the process, unless `reason` is
   `launch-failed`, in which case `exitCode` will be a platform-specific
   launch failure error code.

docs/api/structures/web-preferences.md

@@ -21,9 +21,7 @@
   associated with the window, making it compatible with the Chromium
   OS-level sandbox and disabling the Node.js engine. This is not the same as
   the `nodeIntegration` option and the APIs available to the preload script
-  are more limited. Default is `true` since Electron 20. The sandbox will
-  automatically be disabled when `nodeIntegration` is set to `true`.
-  Read more about the option [here](../../tutorial/sandbox.md).
+  are more limited. Read more about the option [here](../../tutorial/sandbox.md).
 * `session` [Session](../session.md#class-session) (optional) - Sets the session used by the
   page. Instead of passing the Session object directly, you can also choose to
   use the `partition` option instead, which accepts a partition string. When
@@ -89,11 +87,6 @@
      paint event. Defaults to `false`. See the
     [offscreen rendering tutorial](../../tutorial/offscreen-rendering.md) for
     more details.
-  * `sharedTexturePixelFormat` string (optional) _Experimental_ - The requested output format of the shared texture. Defaults to `argb`.
-    The name is originated from Chromium [`media::VideoPixelFormat`](https://source.chromium.org/chromium/chromium/src/+/main:media/base/video_types.h) enum suffix and only subset of them are supported.
-    The actual output pixel format and color space of the texture should refer to [`OffscreenSharedTexture`](../structures/offscreen-shared-texture.md) object in the `paint` event.
-    * `argb` - The requested output texture format is 8-bit unorm RGBA, with SRGB SDR color space.
-    * `rgbaf16` - The requested output texture format is 16-bit float RGBA, with scRGB HDR color space.
 * `contextIsolation` boolean (optional) - Whether to run Electron APIs and
   the specified `preload` script in a separate JavaScript context. Defaults
   to `true`. The context that the `preload` script runs in will only have

docs/api/system-preferences.md

@@ -14,7 +14,7 @@ console.log(systemPreferences.getEffectiveAppearance())
 
 The `systemPreferences` object emits the following events:
 
-### Event: 'accent-color-changed' _Windows_ _Linux_
+### Event: 'accent-color-changed' _Windows_
 
 Returns:
 
@@ -182,7 +182,7 @@ Some popular `key` and `type`s are:
 Removes the `key` in `NSUserDefaults`. This can be used to restore the default
 or global value of a `key` previously set with `setUserDefault`.
 
-### `systemPreferences.getAccentColor()`
+### `systemPreferences.getAccentColor()` _Windows_ _macOS_
 
 Returns `string` - The users current system wide accent color preference in RGBA
 hexadecimal form.

docs/api/utility-process.md

@@ -36,12 +36,6 @@ Process: [Main](../glossary.md#main-process)<br />
     `com.apple.security.cs.allow-unsigned-executable-memory` entitlements. This will allow the utility process
     to load unsigned libraries. Unless you specifically need this capability, it is best to leave this disabled.
     Default is `false`.
-  * `disclaim` boolean (optional) _macOS_ - With this flag, the utility process will disclaim
-    responsibility for the child process. This causes the operating system to consider the child
-    process as a separate entity for purposes of security policies like Transparency, Consent, and
-    Control (TCC). When responsibility is disclaimed, the parent process will not be attributed
-    for any TCC requests initiated by the child process. This is useful when launching processes
-    that run third-party or otherwise untrusted code. Default is `false`.
   * `respondToAuthRequestsFromMainProcess` boolean (optional) - With this flag, all HTTP 401 and 407 network
     requests created via the [net module](net.md) will allow responding to them via the
     [`app#login`](app.md#event-login) event in the main process instead of the default

docs/api/web-contents.md

@@ -1079,7 +1079,7 @@ Emitted when the [mainFrame](web-contents.md#contentsmainframe-readonly), an `<i
 Returns `Promise<void>` - the promise will resolve when the page has finished loading
 (see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
 if the page fails to load (see
-[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
+[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors.
 
 Loads the `url` in the window. The `url` must contain the protocol prefix,
 e.g. the `http://` or `file://`. If the load should bypass http cache then
@@ -2410,8 +2410,7 @@ A [`NavigationHistory`](navigation-history.md) used by this webContents.
 
 #### `contents.hostWebContents` _Readonly_
 
-A `WebContents | null` property that represents a [`WebContents`](web-contents.md)
-instance that might own this `WebContents`.
+A [`WebContents`](web-contents.md) instance that might own this `WebContents`.
 
 #### `contents.devToolsWebContents` _Readonly_
 

docs/api/web-frame.md

@@ -4,12 +4,6 @@
 
 Process: [Renderer](../glossary.md#renderer-process)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 `webFrame` export of the Electron module is an instance of the `WebFrame`
 class representing the current frame. Sub-frames can be retrieved by
 certain properties and methods (e.g. `webFrame.firstChild`).
@@ -145,7 +139,7 @@ by its key, which is returned from `webFrame.insertCSS(css)`.
 
 Inserts `text` to the focused element.
 
-### `webFrame.executeJavaScript(code[, userGesture][, callback])`
+### `webFrame.executeJavaScript(code[, userGesture, callback])`
 
 * `code` string
 * `userGesture` boolean (optional) - Default is `false`.
@@ -166,7 +160,7 @@ In the browser window some HTML APIs like `requestFullScreen` can only be
 invoked by a gesture from the user. Setting `userGesture` to `true` will remove
 this limitation.
 
-### `webFrame.executeJavaScriptInIsolatedWorld(worldId, scripts[, userGesture][, callback])`
+### `webFrame.executeJavaScriptInIsolatedWorld(worldId, scripts[, userGesture, callback])`
 
 * `worldId` Integer - The ID of the world to run the javascript
             in, `0` is the default main world (where content runs), `999` is the

docs/api/web-utils.md

@@ -4,12 +4,6 @@
 
 Process: [Renderer](../glossary.md#renderer-process)
 
-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 ## Methods
 
 The `webUtils` module has the following methods:
@@ -23,27 +17,11 @@ Returns `string` - The file system path that this `File` object points to. In th
 This method superseded the previous augmentation to the `File` object with the `path` property.  An example is included below.
 
 ```js @ts-nocheck
-// Before (renderer)
-const oldPath = document.querySelector('input[type=file]').files[0].path
-```
+// Before
+const oldPath = document.querySelector('input').files[0].path
 
-```js @ts-nocheck
 // After
+const { webUtils } = require('electron')
 
-// Renderer:
-
-const file = document.querySelector('input[type=file]').files[0]
-electronApi.doSomethingWithFile(file)
-
-// Preload script:
-
-const { contextBridge, webUtils } = require('electron')
-
-contextBridge.exposeInMainWorld('electronApi', {
-  doSomethingWithFile (file) {
-    const path = webUtils.getPathForFile(file)
-    // Do something with the path, e.g., send it over IPC to the main process.
-    // It's best not to expose the full file path to the web content if possible.
-  }
-})
+const newPath = webUtils.getPathForFile(document.querySelector('input').files[0])
 ```

docs/api/window-open.md

@@ -39,8 +39,8 @@ consider using `webContents.setWindowOpenHandler` to customize the
 BrowserWindow creation.
 
 A subset of [`WebPreferences`](structures/web-preferences.md) can be set directly,
-unnested, from the features string: `zoomFactor`, `nodeIntegration`, `javascript`,
-`contextIsolation`, and `webviewTag`.
+unnested, from the features string: `zoomFactor`, `nodeIntegration`, `preload`,
+`javascript`, `contextIsolation`, and `webviewTag`.
 
 For example:
 

docs/breaking-changes.md

@@ -37,41 +37,19 @@ webContents.setWindowOpenHandler((details) => {
 })
 ```
 
-### Behavior Changed: `NSAudioCaptureUsageDescription` should be included in your app's Info.plist file to use `desktopCapturer` (🍏 macOS ≥14.2)
-
-Per [Chromium update](https://source.chromium.org/chromium/chromium/src/+/ad17e8f8b93d5f34891b06085d373a668918255e) which enables Apple's newer [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps#Configure-the-sample-code-project) by default, you now must have `NSAudioCaptureUsageDescription` defined in your `Info.plist` to use `desktopCapturer`.
-
-Electron's `desktopCapturer` will create a dead audio stream if the new permission is absent however no errors or warnings will occur. This is partially a side-effect of Chromium not falling back to the older `Screen & System Audio Recording` permissions system if the new system fails.
-
-To restore previous behavior:
-
-```js
-// main.js (right beneath your require/import statments)
-app.commandLine.appendSwitch(
-  'disable-features',
-  'MacCatapLoopbackAudioForScreenShare'
-)
-```
-
 ### Behavior Changed: shared texture OSR `paint` event data structure
 
 When using shared texture offscreen rendering feature, the `paint` event now emits a more structured object.
 It moves the `sharedTextureHandle`, `planes`, `modifier` into a unified `handle` property.
-See the [OffscreenSharedTexture](./api/structures/offscreen-shared-texture.md) API structure for more details.
+See [here](https://www.electronjs.org/docs/latest/api/structures/offscreen-shared-texture) for more details.
 
 ## Planned Breaking API Changes (38.0)
 
 ### Removed: `ELECTRON_OZONE_PLATFORM_HINT` environment variable
 
-The default value of the `--ozone-platform` flag [changed to `auto`](https://chromium-review.googlesource.com/c/chromium/src/+/6775426).
+The default value of the `--ozone-plaftform` flag [changed to `auto`](https://chromium-review.googlesource.com/c/chromium/src/+/6775426).
 
-Electron now defaults to running as a native Wayland app when launched in a Wayland session (when `XDG_SESSION_TYPE=wayland`).
-Users can force XWayland by passing `--ozone-platform=x11`.
-
-### Removed: `ORIGINAL_XDG_CURRENT_DESKTOP` environment variable
-
-Previously, Electron changed the value of `XDG_CURRENT_DESKTOP` internally to `Unity`, and stored the original name of the desktop session
-in a separate variable. `XDG_CURRENT_DESKTOP` is no longer overriden and now reflects the actual desktop environment.
+You should use the `XDG_SESSION_TYPE=wayland` environment variable instead to use Wayland.
 
 ### Removed: macOS 11 support
 

docs/development/build-instructions-linux.md

@@ -6,17 +6,77 @@ Follow the guidelines below for building **Electron itself** on Linux, for the p
 
 ## Prerequisites
 
-Due to Electron's dependency on Chromium, prerequisites and dependencies for Electron change over time. [Chromium's documentation on building on Linux](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/build_instructions.md) has up to date information for building Chromium on Linux. This documentation can generally
-be followed for building Electron on Linux as well.
+* At least 25GB disk space and 8GB RAM.
+* Python >= 3.9.
+* [Node.js](https://nodejs.org/download/) >= 22.12.0
+* [clang](https://clang.llvm.org/get_started.html) 3.4 or later.
+* Development headers of GTK 3 and libnotify.
 
-Additionally, Electron's [Linux dependency installer](https://github.com/electron/build-images/blob/main/tools/install-deps.sh) can be referenced to get the current dependencies that Electron requires in addition to what Chromium installs via [build/install-deps.sh](https://chromium.googlesource.com/chromium/src/+/HEAD/build/install-build-deps.sh).
+On Ubuntu >= 20.04, install the following libraries:
+
+```sh
+$ sudo apt-get install build-essential clang libdbus-1-dev libgtk-3-dev \
+                       libnotify-dev libasound2-dev libcap-dev \
+                       libcups2-dev libxtst-dev \
+                       libxss1 libnss3-dev gcc-multilib g++-multilib curl \
+                       gperf bison python3-dbusmock openjdk-8-jre
+```
+
+On Ubuntu < 20.04, install the following libraries:
+
+```sh
+$ sudo apt-get install build-essential clang libdbus-1-dev libgtk-3-dev \
+                       libnotify-dev libgnome-keyring-dev \
+                       libasound2-dev libcap-dev libcups2-dev libxtst-dev \
+                       libxss1 libnss3-dev gcc-multilib g++-multilib curl \
+                       gperf bison python-dbusmock openjdk-8-jre
+```
+
+On RHEL / CentOS, install the following libraries:
+
+```sh
+$ sudo yum install clang dbus-devel gtk3-devel libnotify-devel \
+                   libgnome-keyring-devel xorg-x11-server-utils libcap-devel \
+                   cups-devel libXtst-devel alsa-lib-devel libXrandr-devel \
+                   nss-devel python-dbusmock openjdk-8-jre
+```
+
+On Fedora, install the following libraries:
+
+```sh
+$ sudo dnf install clang dbus-devel gperf gtk3-devel \
+                   libnotify-devel libgnome-keyring-devel libcap-devel \
+                   cups-devel libXtst-devel alsa-lib-devel libXrandr-devel \
+                   nss-devel python-dbusmock
+```
+
+On Arch Linux / Manjaro, install the following libraries:
+
+```sh
+$ sudo pacman -Syu base-devel clang libdbus gtk2 libnotify \
+                   libgnome-keyring alsa-lib libcap libcups libxtst \
+                   libxss nss gcc-multilib curl gperf bison \
+                   python2 python-dbusmock jdk8-openjdk
+```
+
+Other distributions may offer similar packages for installation via package
+managers such as pacman. Or one can compile from source code.
 
 ### Cross compilation
 
-If you want to build for an `arm` target, you can use Electron's [Linux dependency installer](https://github.com/electron/build-images/blob/main/tools/install-deps.sh) to install the additional dependencies by passing the `--arm argument`:
+If you want to build for an `arm` target you should also install the following
+dependencies:
 
 ```sh
-$ sudo install-deps.sh --arm
+$ sudo apt-get install libc6-dev-armhf-cross linux-libc-dev-armhf-cross \
+                       g++-arm-linux-gnueabihf
+```
+
+Similarly for `arm64`, install the following:
+
+```sh
+$ sudo apt-get install libc6-dev-arm64-cross linux-libc-dev-arm64-cross \
+                       g++-aarch64-linux-gnu
 ```
 
 And to cross-compile for `arm` or targets, you should pass the

docs/faq.md

@@ -12,28 +12,19 @@ network problems. The best resolution is to try switching networks, or
 wait a bit and try installing again.
 
 You can also attempt to download Electron directly from
-[GitHub Releases](https://github.com/electron/electron/releases)
+[electron/electron/releases](https://github.com/electron/electron/releases)
 if installing via `npm` is failing.
 
-If you need to install Electron through a custom mirror or proxy, see
-the [Advanced Installation](./tutorial/installation.md) documentation for more details.
+## When will Electron upgrade to latest Chrome?
 
-## How are Electron binaries downloaded?
+The Chrome version of Electron is usually bumped within one or two weeks after
+a new stable Chrome version gets released. This estimate is not guaranteed and
+depends on the amount of work involved with upgrading.
 
-When you run `npm install electron`, the Electron binary for the corresponding version is downloaded
-into your project's `node_modules` folder via npm's `postinstall` lifecycle script.
+Only the stable channel of Chrome is used. If an important fix is in beta or dev
+channel, we will back-port it.
 
-This logic is handled by the [`@electron/get`](https://github.com/electron/get) utility package
-under the hood.
-
-## When will Electron upgrade to latest Chromium?
-
-Every new major version of Electron releases with a Chromium major version upgrade. By releasing every
-8 weeks, Electron is able to pull in every other major Chromium release on the very same day that it
-releases upstream. Security fixes will be backported to stable release channels ahead of time.
-
-See the [Electron Releases](./tutorial/electron-timelines.md) documentation for more details or
-[releases.electronjs.org](https://releases.electronjs.org) to see our Release Status dashboard.
+For more information, please see the [security introduction](tutorial/security.md).
 
 ## When will Electron upgrade to latest Node.js?
 

docs/glossary.md

@@ -12,15 +12,6 @@ The ASAR format was created primarily to improve performance on Windows when
 reading large quantities of small files (e.g. when loading your app's JavaScript
 dependency tree from `node_modules`).
 
-### ASAR integrity
-
-ASAR integrity is an security feature that validates the contents of your app's
-ASAR archives at runtime. When enabled, your Electron app will verify the
-header hash of its ASAR archive on runtime. If no hash is present or if there is a mismatch in the
-hashes, the app will forcefully terminate.
-
-See the [ASAR Integrity](./tutorial/asar-integrity.md) guide for more details.
-
 ### code signing
 
 Code signing is a process where an app developer digitally signs their code to

docs/tutorial/asar-archives.md

@@ -6,7 +6,7 @@ hide_title: false
 ---
 
 After creating an [application distribution](application-distribution.md), the
-app's source code is usually bundled into an [ASAR archive](https://github.com/electron/asar),
+app's source code are usually bundled into an [ASAR archive](https://github.com/electron/asar),
 which is a simple extensive archive format designed for Electron apps. By bundling the app
 we can mitigate issues around long path names on Windows, speed up `require` and conceal your source
 code from cursory inspection.
@@ -134,7 +134,7 @@ underlying system calls, Electron will extract the needed file into a
 temporary file and pass the path of the temporary file to the APIs to make them
 work. This adds a little overhead for those APIs.
 
-APIs that require extra unpacking are:
+APIs that requires extra unpacking are:
 
 * `child_process.execFile`
 * `child_process.execFileSync`

docs/tutorial/asar-integrity.md

@@ -5,7 +5,7 @@ slug: asar-integrity
 hide_title: false
 ---
 
-ASAR integrity is a security feature that validates the contents of your app's
+ASAR integrity is an experimental feature that validates the contents of your app's
 [ASAR archives](./asar-archives.md) at runtime.
 
 ## Version support
@@ -24,7 +24,7 @@ All versions of `@electron/asar` support ASAR integrity.
 ## How it works
 
 Each ASAR archive contains a JSON string header. The header format includes an `integrity` object
-that contains a hex encoded hash of the entire archive as well as an array of hex encoded hashes for each
+that contain a hex encoded hash of the entire archive as well as an array of hex encoded hashes for each
 block of `blockSize` bytes.
 
 ```json
@@ -64,10 +64,13 @@ flipFuses(
 )
 ```
 
-> [!TIP]
-> With Electron Forge, you can configure your app's fuses with
-> [@electron-forge/plugin-fuses](https://www.electronforge.io/config/plugins/fuses)
-> in your Forge configuration file.
+:::tip Fuses in Electron Forge
+
+With Electron Forge, you can configure your app's fuses with
+[@electron-forge/plugin-fuses](https://www.electronforge.io/config/plugins/fuses)
+in your Forge configuration file.
+
+:::
 
 ## Providing the header hash
 
@@ -77,7 +80,7 @@ on package time. The process of providing this packaged hash is different for ma
 ### Using Electron tooling
 
 Electron Forge and Electron Packager do this setup automatically for you with no additional
-configuration whenever `asar` is enabled. The minimum required versions for ASAR integrity are:
+configuration. The minimum required versions for ASAR integrity are:
 
 * `@electron/packager@18.3.1`
 * `@electron/forge@7.4.0`
@@ -106,7 +109,7 @@ Valid `algorithm` values are currently `SHA256` only. The `hash` is a hash of th
 The `@electron/asar` package exposes a `getRawHeader` method whose result can then be hashed to generate this value
 (e.g. using the [`node:crypto`](https://nodejs.org/api/crypto.html) module).
 
-#### Windows
+### Windows
 
 When packaging for Windows, you must populate a valid [resource](https://learn.microsoft.com/en-us/windows/win32/menurc/resources)
 entry of type `Integrity` and name `ElectronAsar`. The value of this resource should be a JSON encoded dictionary
@@ -122,6 +125,9 @@ in the form included below:
 ]
 ```
 
-> [!NOTE]
-> For an implementation example, see [`src/resedit.ts`](https://github.com/electron/packager/blob/main/src/resedit.ts)
-> in the Electron Packager code.
+:::info
+
+For an implementation example, see [`src/resedit.ts`](https://github.com/electron/packager/blob/main/src/resedit.ts)
+in the Electron Packager code.
+
+:::

docs/tutorial/automated-testing.md

@@ -203,7 +203,7 @@ test('launch app', async () => {
 })
 ```
 
-After that, you will have access to an instance of Playwright's `ElectronApp` class. This
+After that, you will access to an instance of Playwright's `ElectronApp` class. This
 is a powerful class that has access to main process modules for example:
 
 ```js {5-10} @ts-nocheck
@@ -237,7 +237,7 @@ test('save screenshot', async () => {
 })
 ```
 
-Putting all this together using the Playwright test-runner, let's create an `example.spec.js`
+Putting all this together using the Playwright test-runner, let's create a `example.spec.js`
 test file with a single test and assertion:
 
 ```js title='example.spec.js' @ts-nocheck
@@ -377,7 +377,7 @@ class TestDriver {
 module.exports = { TestDriver }
 ```
 
-In your app code, you can then write a simple handler to receive RPC calls:
+In your app code, can then write a simple handler to receive RPC calls:
 
 ```js title='main.js'
 const METHODS = {

docs/tutorial/code-signing.md

@@ -17,7 +17,7 @@ run them, users need to go through multiple advanced and manual steps.
 
 If you are building an Electron app that you intend to package and distribute,
 it should be code signed. The Electron ecosystem tooling makes codesigning your
-apps straightforward - this documentation explains how to sign your apps on both
+apps straightforward - this documentation explains how sign your apps on both
 Windows and macOS.
 
 ## Signing & notarizing macOS builds
@@ -210,7 +210,7 @@ const msiCreator = new MSICreator({
 const supportBinaries = await msiCreator.create()
 
 // 🆕 Step 2a: optionally sign support binaries if you
-// sign your binaries as part of your packaging script
+// sign you binaries as part of of your packaging script
 for (const binary of supportBinaries) {
   // Binaries are the new stub executable and optionally
   // the Squirrel auto updater.
@@ -233,10 +233,10 @@ can find [its documentation here](https://www.electron.build/code-signing).
 [Azure Trusted Signing][] is Microsoft's modern cloud-based alternative to EV certificates.
 It is the cheapest option for code signing on Windows, and it gets rid of SmartScreen warnings.
 
-As of October 2025, Azure Trusted Signing is available to US and Canada-based organizations
-with 3+ years of verifiable business history and to individual developers in the US and Canada.
-Microsoft is looking to make the program more widely available. If you're reading this at a
-later point, it could make sense to check if the eligibility criteria have changed.
+As of May 2025, Azure Trusted Signing is [available][trusted-signing-availability] to US and
+Canada-based organizations with 3+ years of verifiable business history. Microsoft is looking
+to make the program more widely available. If you're reading this at a later point, it could
+make sense to check if the eligibility criteria have changed.
 
 #### Using Electron Forge
 
@@ -267,5 +267,6 @@ See the [Windows Store Guide][].
 [maker-squirrel]: https://www.electronforge.io/config/makers/squirrel.windows
 [maker-msi]: https://www.electronforge.io/config/makers/wix-msi
 [azure trusted signing]: https://azure.microsoft.com/en-us/products/trusted-signing
+[trusted-signing-availability]: https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-public-preview-update/4399713
 [forge-trusted-signing]: https://www.electronforge.io/guides/code-signing/code-signing-windows#using-azure-trusted-signing
 [builder-trusted-signing]: https://www.electron.build/code-signing-win#using-azure-trusted-signing-beta

docs/tutorial/custom-title-bar.md

@@ -110,7 +110,7 @@ const win = new BrowserWindow({
 #### Show and hide the traffic lights programmatically _macOS_
 
 You can also show and hide the traffic lights programmatically from the main process.
-The `win.setWindowButtonVisibility` forces traffic lights to be shown or hidden depending
+The `win.setWindowButtonVisibility` forces traffic lights to be show or hidden depending
 on the value of its boolean parameter.
 
 ```js title='main.js'

docs/tutorial/custom-window-interactions.md

@@ -5,12 +5,12 @@
 By default, windows are dragged using the title bar provided by the OS chrome. Apps
 that remove the default title bar need to use the `app-region` CSS property to define
 specific areas that can be used to drag the window. Setting `app-region: drag` marks
-a rectangular area as draggable.
+a rectagular area as draggable.
 
 It is important to note that draggable areas ignore all pointer events. For example,
 a button element that overlaps a draggable region will not emit mouse clicks or mouse
 enter/exit events within that overlapping area. Setting `app-region: no-drag` reenables
-pointer events by excluding a rectangular area from a draggable region.
+pointer events by excluding a rectagular area from a draggable region.
 
 To make the whole window draggable, you can add `app-region: drag` as
 `body`'s style:

docs/tutorial/dark-mode.md

@@ -29,7 +29,7 @@ be updated accordingly.
 In macOS 10.14 Mojave, Apple introduced a new [system-wide dark mode][system-wide-dark-mode]
 for all macOS computers. If your Electron app has a dark mode, you can make it
 follow the system-wide dark mode setting using
-[the `nativeTheme` API](../api/native-theme.md).
+[the `nativeTheme` api](../api/native-theme.md).
 
 In macOS 10.15 Catalina, Apple introduced a new "automatic" dark mode option
 for all macOS computers. In order for the `nativeTheme.shouldUseDarkColors` and

docs/tutorial/devtools-extension.md

@@ -94,7 +94,7 @@ If the extension works on Chrome but not on Electron, file a bug in Electron's
 [issue tracker][issue-tracker] and describe which part
 of the extension is not working as expected.
 
-[devtools-extension]: https://developer.chrome.com/docs/extensions/how-to/devtools/extend-devtools
+[devtools-extension]: https://developer.chrome.com/extensions/devtools
 [session]: ../api/session.md
 [react-devtools]: https://chrome.google.com/webstore/detail/react-developer-tools/fmkadmapgofadopljbjfkapdkoienihi
 [load-extension]: ../api/extensions-api.md#extensionsloadextensionpath-options

docs/tutorial/electron-timelines.md

@@ -9,11 +9,10 @@ check out our [Electron Versioning](./electron-versioning.md) doc.
 
 | Electron | Alpha | Beta | Stable | EOL | Chrome | Node | Supported |
 | ------- | ----- | ------- | ------ | ------ | ---- | ---- | ---- |
-| 40.0.0 |  2025-Oct-30 | 2025-Dec-03 | 2026-Jan-13 | 2026-Jun-30 | M144 | TBD | ✅ |
-| 39.0.0 |  2025-Sep-04 | 2025-Oct-01 | 2025-Oct-28 | 2026-May-05 | M142 | v22.20 | ✅ |
+| 39.0.0 |  2025-Sep-04 | 2025-Oct-01 | 2025-Oct-28 | 2026-May-05 | M142 | TBD | ✅ |
 | 38.0.0 |  2025-Jun-26 | 2025-Aug-06 | 2025-Sep-02 | 2026-Mar-10 | M140 | v22.18 | ✅ |
 | 37.0.0 |  2025-May-01 | 2025-May-28 | 2025-Jun-24 | 2026-Jan-13 | M138 | v22.16 | ✅ |
-| 36.0.0 |  2025-Mar-06 | 2025-Apr-02 | 2025-Apr-29 | 2025-Oct-28 | M136 | v22.14 | 🚫 |
+| 36.0.0 |  2025-Mar-06 | 2025-Apr-02 | 2025-Apr-29 | 2025-Oct-28 | M136 | v22.14 | ✅ |
 | 35.0.0 |  2025-Jan-16 | 2025-Feb-05 | 2025-Mar-04 | 2025-Sep-02 | M134 | v22.14 | 🚫 |
 | 34.0.0 |  2024-Oct-17 | 2024-Nov-13 | 2025-Jan-14 | 2025-Jun-24 | M132 | v20.18 | 🚫 |
 | 33.0.0 |  2024-Aug-22 | 2024-Sep-18 | 2024-Oct-15 | 2025-Apr-29 | M130 | v20.18 | 🚫 |

docs/tutorial/esm.md

@@ -32,7 +32,7 @@ This table gives a general overview of where ESM is supported and which ESM load
 | Main                 | Node.js    | N/A                   | <ul><li> [You must use `await` generously before the app's `ready` event](#you-must-use-await-generously-before-the-apps-ready-event) </li></ul> |
 | Renderer (Sandboxed) | Chromium   | Unsupported           | <ul><li> [Sandboxed preload scripts can't use ESM imports](#sandboxed-preload-scripts-cant-use-esm-imports) </li></ul> |
 | Renderer (Unsandboxed & Context Isolated) | Chromium | Node.js | <ul><li> [Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content) </li> <li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
-| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
+| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li><li>[ESM preload scripts must be context isolated to use dynamic Node.js ESM imports](#esm-preload-scripts-must-be-context-isolated-to-use-dynamic-nodejs-esm-imports)</li></ul> |
 
 ## Main process
 

docs/tutorial/fuses.md

@@ -4,24 +4,11 @@
 
 ## What are fuses?
 
-From a security perspective, it makes sense to disable certain unused Electron features
-that are powerful but may make your app's security posture weaker. For example, any app that doesn't
-use the `ELECTRON_RUN_AS_NODE` environment variable would want to disable the feature to prevent a
-subset of "living off the land" attacks.
+For a subset of Electron functionality it makes sense to disable certain features for an entire application.  For example, 99% of apps don't make use of `ELECTRON_RUN_AS_NODE`, these applications want to be able to ship a binary that is incapable of using that feature.  We also don't want Electron consumers building Electron from source as that is both a massive technical challenge and has a high cost of both time and money.
 
-We also don't want Electron consumers forking to achieve this goal, as building from source and
-maintaining a fork is a massive technical challenge and costs a lot of time and money.
+Fuses are the solution to this problem, at a high level they are "magic bits" in the Electron binary that can be flipped when packaging your Electron app to enable / disable certain features / restrictions.  Because they are flipped at package time before you code sign your app the OS becomes responsible for ensuring those bits aren't flipped back via OS level code signing validation (Gatekeeper / App Locker).
 
-Fuses are the solution to this problem. At a high level, they are "magic bits" in the Electron binary
-that can be flipped when packaging your Electron app to enable or disable certain features/restrictions.
-
-Because they are flipped at package time before you code sign your app, the OS becomes responsible
-for ensuring those bits aren't flipped back via OS-level code signing validation
-(e.g. [Gatekeeper](https://support.apple.com/en-ca/guide/security/sec5599b66df/web) on macOS or
-[AppLocker](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview)
-on Windows).
-
-## Current fuses
+## Current Fuses
 
 ### `runAsNode`
 
@@ -29,11 +16,7 @@ on Windows).
 
 **@electron/fuses:** `FuseV1Options.RunAsNode`
 
-The `runAsNode` fuse toggles whether the [`ELECTRON_RUN_AS_NODE`](../api/environment-variables.md)
-environment variable is respected or not. With this fuse disabled, [`child_process.fork`](https://nodejs.org/api/child_process.html#child_processforkmodulepath-args-options) in the main process will not function
-as expected, as it depends on this environment variable to function. Instead, we recommend that you
-use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a
-standalone Node.js process (e.g. a SQLite server process).
+The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not.  Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environment variable to function. Instead, we recommend that you use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a standalone Node.js process (like a Sqlite server process or similar scenarios).
 
 ### `cookieEncryption`
 
@@ -41,12 +24,7 @@ standalone Node.js process (e.g. a SQLite server process).
 
 **@electron/fuses:** `FuseV1Options.EnableCookieEncryption`
 
-The `cookieEncryption` fuse toggles whether the cookie store on disk is encrypted using OS level
-cryptography keys. By default, the SQLite database that Chromium uses to store cookies stores the
-values in plaintext. If you wish to ensure your app's cookies are encrypted in the same way Chrome
-does, then you should enable this fuse. Please note it is a one-way transition—if you enable this
-fuse, existing unencrypted cookies will be encrypted-on-write, but subsequently disabling the fuse
-later will make your cookie store corrupt and useless. Most apps can safely enable this fuse.
+The cookieEncryption fuse toggles whether the cookie store on disk is encrypted using OS level cryptography keys.  By default the sqlite database that Chromium uses to store cookies stores the values in plaintext.  If you wish to ensure your apps cookies are encrypted in the same way Chrome does then you should enable this fuse.  Please note it is a one-way transition, if you enable this fuse existing unencrypted cookies will be encrypted-on-write but if you then disable the fuse again your cookie store will effectively be corrupt and useless.  Most apps can safely enable this fuse.
 
 ### `nodeOptions`
 
@@ -54,11 +32,7 @@ later will make your cookie store corrupt and useless. Most apps can safely enab
 
 **@electron/fuses:** `FuseV1Options.EnableNodeOptionsEnvironmentVariable`
 
-The `nodeOptions` fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)
-and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile)
-environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all
-kinds of custom options to the Node.js runtime and isn't typically used by apps in production.
-Most apps can safely disable this fuse.
+The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)  and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile) environment variables are respected.  The `NODE_OPTIONS` environment variable can be used to pass all kinds of custom options to the Node.js runtime and isn't typically used by apps in production.  Most apps can safely disable this fuse.
 
 ### `nodeCliInspect`
 
@@ -66,9 +40,7 @@ Most apps can safely disable this fuse.
 
 **@electron/fuses:** `FuseV1Options.EnableNodeCliInspectArguments`
 
-The `nodeCliInspect` fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected
-or not. When disabled, it also ensures that `SIGUSR1` signal does not initialize the main process
-inspector. Most apps can safely disable this fuse.
+The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected or not.  When disabled it also ensures that `SIGUSR1` signal does not initialize the main process inspector.  Most apps can safely disable this fuse.
 
 ### `embeddedAsarIntegrityValidation`
 
@@ -76,12 +48,9 @@ inspector. Most apps can safely disable this fuse.
 
 **@electron/fuses:** `FuseV1Options.EnableEmbeddedAsarIntegrityValidation`
 
-The `embeddedAsarIntegrityValidation` fuse toggles a feature on macOS and Windows that validates the
-content of the `app.asar` file when it is loaded. This feature is designed to have a minimal
-performance impact but may marginally slow down file reads from inside the `app.asar` archive.
-Most apps can safely enable this fuse.
+The embeddedAsarIntegrityValidation fuse toggles an experimental feature on macOS and Windows that validates the content of the `app.asar` file when it is loaded.  This feature is designed to have a minimal performance impact but may marginally slow down file reads from inside the `app.asar` archive.
 
-For more information on how to use ASAR integrity validation, please read the [Asar Integrity](asar-integrity.md) documentation.
+For more information on how to use asar integrity validation please read the [Asar Integrity](asar-integrity.md) documentation.
 
 ### `onlyLoadAppFromAsar`
 
@@ -89,15 +58,7 @@ For more information on how to use ASAR integrity validation, please read the [A
 
 **@electron/fuses:** `FuseV1Options.OnlyLoadAppFromAsar`
 
-The `onlyLoadAppFromAsar` fuse changes the search system that Electron uses to locate your app code.
-By default, Electron will search for this code in the following order:
-
-1. `app.asar`
-1. `app`
-1. `default_app.asar`
-
-When this fuse is enabled, Electron will _only_ search for `app.asar`. When combined with the [`embeddedAsarIntegrityValidation`](#embeddedasarintegrityvalidation) fuse, this fuse ensures that
-it is impossible to load non-validated code.
+The onlyLoadAppFromAsar fuse changes the search system that Electron uses to locate your app code.  By default Electron will search in the following order `app.asar` -> `app` -> `default_app.asar`.  When this fuse is enabled the search order becomes a single entry `app.asar` thus ensuring that when combined with the `embeddedAsarIntegrityValidation` fuse it is impossible to load non-validated code.
 
 ### `loadBrowserProcessSpecificV8Snapshot`
 
@@ -105,17 +66,11 @@ it is impossible to load non-validated code.
 
 **@electron/fuses:** `FuseV1Options.LoadBrowserProcessSpecificV8Snapshot`
 
-V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of
-initialized heaps and then load them back in to avoid the cost of initializing the heap.
+The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process.  By default Electron's processes will all use the same V8 snapshot file.  When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
 
-The `loadBrowserProcessSpecificV8Snapshot` fuse changes which V8 snapshot file is used for the browser
-process. By default, Electron's processes will all use the same V8 snapshot file. When this fuse is
-enabled, the main process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot.
-Other processes will use the V8 snapshot file that they normally do.
+V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of initialized heaps and then load them back in to avoid the cost of initializing the heap.
 
-Using separate snapshots for renderer processes and the main process can improve security, especially
-to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled.
-See [electron/electron#35170](https://github.com/electron/electron/issues/35170) for details.
+Using separate snapshots for renderer processes and the main process can improve security, especially to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled. See [#35170](https://github.com/electron/electron/issues/35170) for details.
 
 ### `grantFileProtocolExtraPrivileges`
 
@@ -123,25 +78,19 @@ See [electron/electron#35170](https://github.com/electron/electron/issues/35170)
 
 **@electron/fuses:** `FuseV1Options.GrantFileProtocolExtraPrivileges`
 
-The `grantFileProtocolExtraPrivileges` fuse changes whether pages loaded from the `file://` protocol
-are given privileges beyond what they would receive in a traditional web browser. This behavior was
-core to Electron apps in original versions of Electron, but is no longer required as apps should be
-[serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.
-
-If you aren't serving pages from `file://`, you should disable this fuse.
+The grantFileProtocolExtraPrivileges fuse changes whether pages loaded from the `file://` protocol are given privileges beyond what they would receive in a traditional web browser.  This behavior was core to Electron apps in original versions of Electron but is no longer required as apps should be [serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.  If you aren't serving pages from `file://` you should disable this fuse.
 
 The extra privileges granted to the `file://` protocol by this fuse are incompletely documented below:
 
 * `file://` protocol pages can use `fetch` to load other assets over `file://`
 * `file://` protocol pages can use service workers
-* `file://` protocol pages have universal access granted to child frames also running on `file://`
-  protocols regardless of sandbox settings
+* `file://` protocol pages have universal access granted to child frames also running on `file://` protocols regardless of sandbox settings
 
-## How do I flip fuses?
+## How do I flip the fuses?
 
 ### The easy way
 
-[`@electron/fuses`](https://npmjs.com/package/@electron/fuses) is a JavaScript utility designed to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
+We've made a handy module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make flipping these fuses easy.  Check out the README of that module for more details on usage and potential error cases.
 
 ```js @ts-nocheck
 const { flipFuses, FuseVersion, FuseV1Options } = require('@electron/fuses')
@@ -157,37 +106,29 @@ flipFuses(
 )
 ```
 
-You can validate the fuses that have been flipped or check the fuse status of an arbitrary Electron
-app using the `@electron/fuses` CLI.
+You can validate the fuses have been flipped or check the fuse status of an arbitrary Electron app using the fuses CLI.
 
 ```bash
 npx @electron/fuses read --app /Applications/Foo.app
 ```
 
->[!NOTE]
-> If you are using Electron Forge to distribute your application, you can flip fuses using
-> [`@electron-forge/plugin-fuses`](https://www.electronforge.io/config/plugins/fuses),
-> which comes pre-installed with all templates.
-
 ### The hard way
 
-> [!IMPORTANT]
-> Glossary:
->
-> * **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
-> * **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
-> * **Fuse Schema**: The format/allowed values for the fuse wire
+#### Quick Glossary
 
-Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the
-sequence of bytes that represent the state of the fuses you want.
+* **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
+* **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
+* **Fuse Schema**: The format / allowed values for the fuse wire
 
-Somewhere in the Electron binary, there will be a sequence of bytes that look like this:
+Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the sequence of bytes that represent the state of the fuses you want.
+
+Somewhere in the Electron binary there will be a sequence of bytes that look like this:
 
 ```text
 | ...binary | sentinel_bytes | fuse_version | fuse_wire_length | fuse_wire | ...binary |
 ```
 
-* `sentinel_bytes` is always this exact string: `dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX`
+* `sentinel_bytes` is always this exact string `dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX`
 * `fuse_version` is a single byte whose unsigned integer value represents the version of the fuse schema
 * `fuse_wire_length` is a single byte whose unsigned integer value represents the number of fuses in the following fuse wire
 * `fuse_wire` is a sequence of N bytes, each byte represents a single fuse and its state.
@@ -195,6 +136,6 @@ Somewhere in the Electron binary, there will be a sequence of bytes that look li
   * "1" (0x31) indicates the fuse is enabled
   * "r" (0x72) indicates the fuse has been removed and changing the byte to either 1 or 0 will have no effect.
 
-To flip a fuse, you find its position in the fuse wire and change it to "0" or "1" depending on the state you'd like.
+To flip a fuse you find its position in the fuse wire and change it to "0" or "1" depending on the state you'd like.
 
 You can view the current schema [here](https://github.com/electron/electron/blob/main/build/fuses/fuses.json5).

docs/tutorial/installation.md

@@ -26,12 +26,12 @@ any dependencies in your app will not be installed.
 
 ## Customization
 
-If you want to change the architecture that is downloaded (e.g., `x64` on an
-`arm64` machine), you can use the `--arch` flag with npm install or set the
+If you want to change the architecture that is downloaded (e.g., `ia32` on an
+`x64` machine), you can use the `--arch` flag with npm install or set the
 `npm_config_arch` environment variable:
 
 ```shell
-npm install --arch=x64 electron
+npm install --arch=ia32 electron
 ```
 
 In addition to changing the architecture, you can also specify the platform
@@ -60,7 +60,7 @@ where `$VERSION` is the exact version of Electron).
 If you are unable to access GitHub or you need to provide a custom build, you
 can do so by either providing a mirror or an existing cache directory.
 
-### Mirror
+#### Mirror
 
 You can use environment variables to override the base URL, the path at which to
 look for Electron binaries, and the binary filename. The URL used by `@electron/get`
@@ -95,7 +95,7 @@ Electron release you may have to set `electron_use_remote_checksums=1` directly,
 or configure it in a `.npmrc` file, to force Electron to use the remote `SHASUMS256.txt`
 file to verify the checksum instead of the embedded checksums.
 
-### Cache
+#### Cache
 
 Alternatively, you can override the local cache. `@electron/get` will cache
 downloaded binaries in a local directory to not stress your network. You can use
@@ -120,7 +120,7 @@ The cache contains the version's official zip file as well as a checksum, and is
 │   └── electron-v15.3.1-darwin-x64.zip
 ```
 
-## Postinstall script
+## Skip binary download
 
 Under the hood, Electron's JavaScript API binds to a binary that contains its
 implementations. Because this binary is crucial to the function of any Electron app,

docs/tutorial/ipc.md

@@ -171,7 +171,7 @@ sections.
 
 In the main process, we'll be creating a `handleFileOpen()` function that calls
 `dialog.showOpenDialog` and returns the value of the file path selected by the user. This function
-is used as a callback whenever an `ipcRenderer.invoke` message is sent through the `dialog:openFile`
+is used as a callback whenever an `ipcRender.invoke` message is sent through the `dialog:openFile`
 channel from the renderer process. The return value is then returned as a Promise to the original
 `invoke` call.
 
@@ -446,7 +446,7 @@ After loading the preload script, your renderer process should have access to th
 We don't directly expose the whole `ipcRenderer.on` API for [security reasons][]. Make sure to
 limit the renderer's access to Electron APIs as much as possible.
 Also don't just pass the callback to `ipcRenderer.on` as this will leak `ipcRenderer` via `event.sender`.
-Use a custom handler that invokes the `callback` only with the desired arguments.
+Use a custom handler that invoke the `callback` only with the desired arguments.
 :::
 
 :::info

docs/tutorial/keyboard-shortcuts.md

@@ -10,7 +10,7 @@ hide_title: false
 ## Accelerators
 
 Accelerators are strings that can be used to represent keyboard shortcuts throughout your Electron.
-These strings can contain multiple modifier keys and a single key code joined by the `+` character.
+These strings can contain multiple modifiers keys and a single key code joined by the `+` character.
 
 > [!NOTE]
 > Accelerators are **case-insensitive**.

docs/tutorial/launch-app-from-url-in-another-app.md

@@ -62,9 +62,9 @@ const createWindow = () => {
 }
 ```
 
-In this next step, we will create our `BrowserWindow` and tell our application how to handle an event in which an external protocol is clicked.
+In this next step, we will create our  `BrowserWindow` and tell our application how to handle an event in which an external protocol is clicked.
 
-This code will be different in Windows and Linux compared to macOS. This is due to both platforms emitting the `second-instance` event rather than the `open-url` event and Windows requiring additional code in order to open the contents of the protocol link within the same Electron instance. Read more about this [here](../api/app.md#apprequestsingleinstancelockadditionaldata).
+This code will be different in Windows and Linux compared to MacOS. This is due to both platforms emitting the `second-instance` event rather than the `open-url` event and Windows requiring additional code in order to open the contents of the protocol link within the same Electron instance. Read more about this [here](../api/app.md#apprequestsingleinstancelockadditionaldata).
 
 #### Windows and Linux code:
 
@@ -91,7 +91,7 @@ if (!gotTheLock) {
 }
 ```
 
-#### macOS code:
+#### MacOS code:
 
 ```js @ts-type={createWindow:()=>void}
 // This method will be called when Electron has finished

docs/tutorial/mac-app-store-submission-guide.md

@@ -65,7 +65,7 @@ The full list of certificate types can be found
 Apps signed with "Apple Development" and "Apple Distribution" certificates can
 only run under [App Sandbox][app-sandboxing], so they must use the MAS build of
 Electron. However, the "Developer ID Application" certificate does not have this
-restriction, so apps signed with it can use either the normal build or the MAS
+restrictions, so apps signed with it can use either the normal build or the MAS
 build of Electron.
 
 #### Legacy certificate names
@@ -208,7 +208,7 @@ signAsync({
 After signing the app with the "Apple Distribution" certificate, you can
 continue to submit it to Mac App Store.
 
-However, this guide does not ensure your app will be approved by Apple; you
+However, this guide do not ensure your app will be approved by Apple; you
 still need to read Apple's [Submitting Your App][submitting-your-app] guide on
 how to meet the Mac App Store requirements.
 

docs/tutorial/macos-dock.md

@@ -25,7 +25,7 @@ Electron application, and this property only exists on macOS.
 One of the main uses for your app's Dock icon is to expose additional app menus. The Dock menu is
 triggered by right-clicking or <kbd>Ctrl</kbd>-clicking the app icon. By default, the app's Dock menu
 will come with system-provided window management utilities, including the ability to show all windows,
-hide the app, and switch between different open windows.
+hide the app, and switch betweeen different open windows.
 
 To set an app-defined custom Dock menu, pass any [Menu](../api/menu.md) instance into the
 [`dock.setMenu`](../api/dock.md#docksetmenumenu-macos) API.

docs/tutorial/menus.md

@@ -200,7 +200,7 @@ macOS has a number of platform-specific menu roles available. Many of these map
 
 * `recentDocuments` - The submenu is an "Open Recent" menu.
 * `clearRecentDocuments` - Map to the [`clearRecentDocuments`](https://developer.apple.com/documentation/appkit/nsdocumentcontroller/clearrecentdocuments(_:)) action.
-* `shareMenu` - The submenu is [share menu](../api/share-menu.md). The `sharingItem` property must also be set to indicate the item to share.
+* `shareMenu` - The submenu is [share menu][ShareMenu]. The `sharingItem` property must also be set to indicate the item to share.
 
 > [!IMPORTANT]
 > When specifying a `role` on macOS, `label` and `accelerator` are the only

docs/tutorial/native-code-and-electron-cpp-linux.md

@@ -1339,7 +1339,7 @@ For developers wanting to learn more, you can refer to the [official N-API docum
 
 ### Putting `cpp_addon.cc` together
 
-We've now finished the bridge part of our addon - that is, the code that's most concerned with being the bridge between your JavaScript and C++ code (and by contrast, less so actually interacting with the operating system or GTK). After adding all the sections above, your `src/cpp_addon.cc` should look like this:
+We've now finished the bridge part our addon - that is, the code that's most concerned with being the bridge between your JavaScript and C++ code (and by contrast, less so actually interacting with the operating system or GTK). After adding all the sections above, your `src/cpp_addon.cc` should look like this:
 
 ```cpp title='src/cpp_addon.cc'
 #include <napi.h>

docs/tutorial/native-code-and-electron-cpp-win32.md

@@ -4,13 +4,13 @@ This tutorial builds on the [general introduction to Native Code and Electron](.
 
 Specifically, we'll be integrating with two commonly used native Windows libraries:
 
-* `comctl32.lib`, which contains common controls and user interface components. It provides various UI elements like buttons, scrollbars, toolbars, status bars, progress bars, and tree views. As far as GUI development on Windows goes, this library is very low-level and basic - more modern frameworks like WinUI or WPF are more advanced alternatives but require a lot more C++ and Windows version considerations than are useful for this tutorial. This way, we can avoid the many perils of building native interfaces for multiple Windows versions!
+* `comctl32.lib`, which contains common controls and user interface components. It provides various UI elements like buttons, scrollbars, toolbars, status bars, progress bars, and tree views. As far as GUI development on Windows goes, this library is very low-level and basic - more modern frameworks like WinUI or WPF are advanced and alternatives but require a lot more C++ and Windows version considerations than are useful for this tutorial. This way, we can avoid the many perils of building native interfaces for multiple Windows versions!
 * `shcore.lib`, a library that provides high-DPI awareness functionality and other Shell-related features around managing displays and UI elements.
 
 This tutorial will be most useful to those who already have some familiarity with native C++ GUI development on Windows. You should have experience with basic window classes and procedures, like `WNDCLASSEXW` and `WindowProc` functions. You should also be familiar with the Windows message loop, which is the heart of any native application - our code will be using `GetMessage`, `TranslateMessage`, and `DispatchMessage` to handle messages. Lastly, we'll be using (but not explaining) standard Win32 controls like `WC_EDITW` or `WC_BUTTONW`.
 
 > [!NOTE]
-> If you're not familiar with C++ GUI development on Windows, we recommend Microsoft's excellent documentation and guides, particularly for beginners. "[Get Started with Win32 and C++](https://learn.microsoft.com/en-us/windows/win32/learnwin32/learn-to-program-for-windows)" is a great introduction.
+> If you're not familiar with C++ GUI development on Windows, we recommend Microsoft's excellent documentation and guides, particular for beginners. "[Get Started with Win32 and C++](https://learn.microsoft.com/en-us/windows/win32/learnwin32/learn-to-program-for-windows)" is a great introduction.
 
 ## Requirements
 
@@ -1333,7 +1333,7 @@ npm run build
 
 ## Conclusion
 
-You've now built a complete native Node.js addon for Windows using C++ and the Win32 API. Some of the things we've done here are:
+You've now built a complete native Node.js addon for Windows using C++ and the Win32 API. Some of things we've done here are:
 
 1. Creating a native Windows GUI from C++
 2. Implementing a Todo list application with Add, Edit, and Delete functionality

docs/tutorial/native-code-and-electron-swift-macos.md

@@ -1167,7 +1167,7 @@ The approach demonstrated here allows you to:
 * Setting up bidirectional communication using callbacks and events
 * Configuring a custom build process to compile Swift code
 
-For more information on developing with Swift and SwiftUI, refer to Apple's developer documentation:
+For more information on developing with Swift and Swift, refer to Apple's developer documentation:
 
 * [Swift Programming Language](https://developer.apple.com/swift/)
 * [SwiftUI Framework](https://developer.apple.com/documentation/swiftui)

docs/tutorial/offscreen-rendering.md

@@ -36,7 +36,7 @@ setting.
     This is an advanced feature requiring a native node module to work with your own code.
     The frames are directly copied in GPU textures, thus this mode is very fast because
     there's no CPU-GPU memory copies overhead, and you can directly import the shared
-    texture to your own rendering program. You can read more details
+    texture to your own rendering program. You can read more details at
     [here](https://github.com/electron/electron/blob/main/shell/browser/osr/README.md).
 
 2. Use CPU shared memory bitmap

docs/tutorial/online-offline-events.md

@@ -2,15 +2,15 @@
 
 ## Overview
 
-Online and offline event detection can be implemented in both the main and renderer processes:
-
-- **Renderer process**: Use the [`navigator.onLine`](http://html5index.org/Offline%20-%20NavigatorOnLine.html) attribute and [online/offline events](https://developer.mozilla.org/en-US/docs/Online_and_offline_events), part of standard HTML5 API.
-- **Main process**: Use the [`net.isOnline()`](../api/net.md#netisonline) method or the [`net.online`](../api/net.md#netonline-readonly) property.
+[Online and offline event](https://developer.mozilla.org/en-US/docs/Online_and_offline_events)
+detection can be implemented in the Renderer process using the
+[`navigator.onLine`](http://html5index.org/Offline%20-%20NavigatorOnLine.html)
+attribute, part of standard HTML5 API.
 
 The `navigator.onLine` attribute returns:
 
-- `false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
-- `true` in all other cases.
+* `false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
+* `true` in all other cases.
 
 Since many cases return `true`, you should treat with care situations of
 getting false positives, as we cannot always assume that `true` value means
@@ -19,27 +19,7 @@ is running a virtualization software that has virtual Ethernet adapters in "alwa
 connected" state. Therefore, if you want to determine the Internet access
 status of Electron, you should develop additional means for this check.
 
-## Main Process Detection
-
-In the main process, you can use the `net` module to detect online/offline status:
-
-```js
-const { net } = require('electron')
-
-// Method 1: Using net.isOnline()
-const isOnline = net.isOnline()
-console.log('Online status:', isOnline)
-
-// Method 2: Using net.online property
-console.log('Online status:', net.online)
-```
-
-Both `net.isOnline()` and `net.online` return the same boolean value with the same reliability characteristics as `navigator.onLine` - they provide a strong indicator when offline (`false`), but a `true` value doesn't guarantee successful internet connectivity.
-
-> [!NOTE]
-> The `net` module is only available after the app emits the `ready` event.
-
-## Renderer Process Example
+## Example
 
 Starting with an HTML file `index.html`, this example will demonstrate how the `navigator.onLine` API can be used to build a connection status indicator.
 
@@ -104,4 +84,4 @@ After launching the Electron application, you should see the notification:
 ![Connection status](../images/connection-status.png)
 
 > [!NOTE]
-> If you need to check the connection status in the main process, you can use [`net.isOnline()`](../api/net.md#netisonline) directly instead of communicating from the renderer process via [IPC](../api/ipc-renderer.md).
+> If you need to communicate the connection status to the main process, use the [IPC renderer](../api/ipc-renderer.md) API.

docs/tutorial/performance.md

@@ -294,7 +294,7 @@ particularly useful if users complain about your app sometimes "stuttering".
 
 Generally speaking, all advice for building performant web apps for modern
 browsers apply to Electron's renderers, too. The two primary tools at your
-disposal are currently `requestIdleCallback()` for small operations and
+disposal  are currently `requestIdleCallback()` for small operations and
 `Web Workers` for long-running operations.
 
 _`requestIdleCallback()`_ allows developers to queue up a function to be
@@ -360,7 +360,7 @@ turning into a desktop application. As web developers, we are used to loading
 resources from a variety of content delivery networks. Now that you are
 shipping a proper desktop application, attempt to "cut the cord" where possible
 and avoid letting your users wait for resources that never change and could
-easily be included in your app.
+easily be included  in your app.
 
 A typical example is Google Fonts. Many developers make use of Google's
 impressive collection of free fonts, which comes with a content delivery