fix: ensure stable bounds on Windows when toggling setResizable for frameless windows (#51427)

* fix: use bundled devtools frontend URL for remote debugging (#51236)

fix: add ShouldUseBundledFrontendResources delegate for remote debugging

Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

Co-authored-by: Om Ghante <mr.omghante1@gmail.com>

* chore: e patches all (trivial only)

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Om Ghante <mr.omghante1@gmail.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

.claude/settings.json

@@ -11,6 +11,7 @@
       "Bash(e patches:*)",
       "Bash(e sync:*)",
       "Skill(electron-chromium-upgrade)",
+      "Skill(electron-node-upgrade)",
       "Read(*)",
       "Bash(echo:*)",
       "Bash(e build:*)",

.claude/skills/electron-node-upgrade/SKILL.md

@@ -0,0 +1,323 @@
+---
+name: electron-node-upgrade
+description: Guide for performing Node.js version upgrades in the Electron project. Use when working on the roller/node/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Node.js changes, building, running the Node.js test suite, and proper commit formatting for patch fixes.
+---
+
+# Electron Node.js Upgrade: Phase One
+
+## Summary
+
+Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
+
+## Success Criteria
+
+Phase One is complete when:
+- `e sync --3` exits with code 0 (no patch failures)
+- All changes are committed per the commit guidelines
+
+Do not stop until these criteria are met.
+
+**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. For major version upgrades, patches that shim deprecated V8 APIs or backport upstream changes are often deletable because the new Node.js version already incorporates them — but verify before removing. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
+
+**CRITICAL** Never use `git am --skip` and then manually recreate a patch by making a new commit. This destroys the original patch's authorship, commit message, and position in the series. If `git am --continue` reports "No changes", investigate why — the changes were likely absorbed by a prior conflict resolution's 3-way merge. Present this situation to the user rather than skipping and recreating.
+
+## Context
+
+The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions.
+
+There are two types of Node.js version updates:
+- **Bumps** (patch/minor): Automated by `electron-roller[bot]` with commit title `chore: bump node to v{version}`. Trivial patch index updates are handled automatically by `patchup[bot]`. These often land cleanly, but may require manual patch fixes.
+- **Major upgrades** (e.g., v22 → v24): Manual, large PRs with commit title `chore: upgrade Node.js to v{X}.{Y}.{Z}`. These typically involve deleting obsolete patches, adapting many others, and updating `@types/node` in `package.json`.
+
+**Key directories:**
+- Current directory: Electron repo (always run `e` commands here)
+- `../third_party/electron_node`: Node.js repo (where patches apply)
+- `patches/node/`: Patch files for Node.js
+- `docs/development/patches.md`: Patch system documentation
+
+## Pre-flight Checks
+
+Run these once at the start of each upgrade session:
+
+1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `../third_party/electron_node` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
+2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
+
+## Workflow
+
+1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
+2. If succeeds → skip to step 5
+3. If patch fails:
+   - Identify target repo and patch from error output
+   - Analyze failure (see references/patch-analysis.md)
+   - Fix conflict in `../third_party/electron_node` working directory
+   - Run `git am --continue` in `../third_party/electron_node`
+   - Repeat until all patches for that repo apply
+   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches node` to export fixes
+   - Return to step 1
+4. When `e sync --3` succeeds, run `e patches all`
+5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+
+## Commands Reference
+
+| Command | Purpose |
+|---------|---------|
+| `e sync --3` | Clone deps and apply patches with 3-way merge |
+| `git am --continue` | Continue after resolving conflict (run in node repo) |
+| `e patches node` | Export commits from node repo to patch files |
+| `e patches all` | Export all patches from all targets |
+| `e patches node --commit-updates` | Export patches and auto-commit trivial changes |
+| `e patches --list-targets` | List targets and config paths |
+
+## Patch System Mental Model
+
+```
+patches/node/*.patch  →  [e sync --3]  →  ../third_party/electron_node commits
+                      ←  [e patches]   ←
+```
+
+## When to Edit Patches
+
+| Situation | Action |
+|-----------|--------|
+| During active `git am` conflict | Fix in node repo, then `git am --continue` |
+| Modifying patch outside conflict | Edit `.patch` file directly |
+| Creating new patch (rare, avoid) | Commit in node repo, then `e patches node` |
+
+Fix existing patches 99% of the time rather than creating new ones.
+
+## Patch Fixing Rules
+
+1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
+2. **Never change TODO assignees**: `TODO(name)` must retain original name
+3. **Update descriptions**: If upstream changed APIs or macros, update patch commit message to reflect current state
+4. **Never skip-and-recreate a patch**: If `git am --continue` says "No changes — did you forget to use 'git add'?", do NOT run `git am --skip` and create a replacement commit. The patch's changes were already absorbed by a prior 3-way merge resolution. This means an earlier conflict resolution pulled in too many changes. Present the situation to the user for guidance — the correct fix may require re-doing an earlier resolution more carefully to keep each patch's changes separate.
+
+# Electron Node.js Upgrade: Phase Two
+
+## Summary
+
+Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
+
+Run Phase Two immediately after Phase One is complete.
+
+## Success Criteria
+
+Phase Two is complete when:
+- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
+- `e start --version` has been run to check Electron launches
+- All changes are committed per the commit guidelines
+
+Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
+
+## Context
+
+The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions. Node.js APIs (especially internal V8 integration, OpenSSL/BoringSSL compatibility, and build system files) frequently change between versions. In every case the code in Electron must be updated to account for the change in Node.js, strongly avoid making changes to the code in Node.js to fix Electron's build.
+
+**Key directories:**
+- Current directory: Electron repo (always run `e` commands here)
+- `../third_party/electron_node`: Node.js repo (do not touch this code to fix build issues, just read it to obtain context)
+
+## Workflow
+
+1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
+2. If succeeds → skip to step 6
+3. If build fails:
+    - Identify underlying file in "electron" from the compilation error message
+    - Analyze failure
+    - Fix build issue by adapting Electron's code for the change in Node.js
+    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
+        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/shell/browser/api/electron_api_utility_process.o" CXX obj/electron/shell/browser/api/electron_api_utility_process.o` the target name is `obj/electron/shell/browser/api/electron_api_utility_process.o`
+    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+    - Return to step 1
+4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
+    - Look for other modified `.patch` files that only have index/hunk header changes
+    - These are dependent patches affected by your fix
+    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
+5. Return to step 1
+6. When `e build` succeeds, run `e start --version`
+7. Check if you have any pending changes in the Node.js repo by running `git status` in `../third_party/electron_node`
+    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
+
+## Commands Reference
+
+| Command | Purpose |
+|---------|---------|
+| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
+| `e build -t {target}.o` | Build just one specific target to verify a fix |
+| `e start --version` | Validate Electron launches after successful build |
+
+## Two Types of Build Fixes
+
+### A. Patch Fixes (for files in patched Node.js files)
+
+When the error is in a file that Electron patches (check with `grep -l "filename" patches/node/*.patch`):
+
+1. Edit the file in the Node.js source tree (`../third_party/electron_node/...`)
+2. Create a fixup commit targeting the original patch commit:
+    ```bash
+    cd ../third_party/electron_node
+    git add <modified-file>
+    git commit --fixup=<original-patch-commit-hash>
+    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
+    ```
+3. Export the updated patch: `e patches node`
+4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
+
+To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
+
+The base commit for rebase is the Node.js commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
+
+### B. Electron Code Fixes (for files in shell/, electron/, etc.)
+
+When the error is in Electron's own source code:
+
+1. Edit files directly in the electron repo
+2. Commit directly (no patch export needed)
+
+# Electron Node.js Upgrade: Phase Three
+
+## Summary
+
+Run the Node.js test suite via `script/node-spec-runner.js`, fix failing tests, and commit fixes until all tests pass. Certain tests are permanently disabled (listed in `script/node-disabled-tests.json`) and should not be run.
+
+Run Phase Three immediately after Phase Two is complete.
+
+## Success Criteria
+
+Phase Three is complete when:
+- `node script/node-spec-runner.js --default` exits with zero failures
+- All changes are committed per the commit guidelines
+
+Do not stop until these criteria are met.
+
+## Context
+
+Electron runs a subset of Node.js's upstream test suite using a custom runner (`script/node-spec-runner.js`). Tests are executed with the built Electron binary via `ELECTRON_RUN_AS_NODE=true`. Many tests need adaptation because Electron uses BoringSSL (not OpenSSL) and Chromium's V8 (which may differ from Node.js's bundled V8).
+
+**Key files:**
+- `script/node-spec-runner.js` — Test runner script
+- `script/node-disabled-tests.json` — Permanently disabled tests (do not try to fix these)
+- `../third_party/electron_node/test/` — Node.js test files (where patches apply)
+- `patches/node/fix_crypto_tests_to_run_with_bssl.patch` — BoringSSL crypto test adaptations
+- `patches/node/test_formally_mark_some_tests_as_flaky.patch` — Flaky test list
+
+## Workflow
+
+1. Run `node script/node-spec-runner.js --default` from the electron repo
+2. If all tests pass → Phase Three is complete
+3. If tests fail:
+    - Identify the failing test file(s) from the output
+    - Analyze each failure (see "Common Failure Patterns" below)
+    - Fix the test in `../third_party/electron_node/test/...`
+    - Re-run the specific failing test to verify: `node script/node-spec-runner.js {test-path}`
+        - The test path is relative to the node `test/` directory, e.g. `test/parallel/test-crypto-key-objects-raw.js`
+        - Do NOT use `--default` when running specific tests — it adds the full suite flags
+        - Do NOT run tests directly with `ELECTRON_RUN_AS_NODE` — the runner handles environment setup (e.g. temporarily switching `package.json` from ESM to CommonJS)
+    - Commit the fix using the fixup workflow and commit guidelines
+    - Return to step 1
+
+## Commands Reference
+
+| Command | Purpose |
+|---------|---------|
+| `node script/node-spec-runner.js --default` | Run full Node.js test suite |
+| `node script/node-spec-runner.js test/parallel/test-foo.js` | Run a single test |
+| `NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs` | Regenerate snapshot for a snapshot-based test |
+
+## Common Failure Patterns
+
+### BoringSSL incompatibilities
+
+Electron uses BoringSSL (via Chromium) instead of OpenSSL. Many crypto features are missing or behave differently:
+
+| Unsupported in BoringSSL | Guard pattern |
+|--------------------------|---------------|
+| ChaCha20-Poly1305 | `if (!process.features.openssl_is_boringssl)` |
+| AES-CCM (aes-128-ccm, aes-256-ccm) | `if (ciphers.includes('aes-128-ccm'))` |
+| AES-KW (key wrapping) | `if (!process.features.openssl_is_boringssl)` |
+| DSA keys | `if (!process.features.openssl_is_boringssl)` |
+| Ed448 / X448 curves | `if (!process.features.openssl_is_boringssl)` |
+| DH key PEM loading | `if (!process.features.openssl_is_boringssl)` |
+| PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) | `if (hasOpenSSL(3, 5))` (already guards these) |
+
+When guarding tests, prefer checking cipher availability (`ciphers.includes(algo)`) over blanket BoringSSL checks where possible, as it's more precise and self-documenting.
+
+New upstream tests that exercise these features will need guards added to the `fix_crypto_tests_to_run_with_bssl` patch.
+
+### Snapshot test mismatches
+
+Some tests compare output against committed `.snapshot` files using `assert.strictEqual` — these are NOT wildcard comparisons. When Chromium's V8 produces different output (e.g. different stack traces due to V8 enhancements), the snapshot must be regenerated:
+
+```bash
+NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
+```
+
+Then inspect the diff to verify the changes are expected, and commit the updated snapshot into the appropriate patch.
+
+### V8 behavioral differences
+
+Chromium's V8 may be ahead of Node.js's bundled V8. This can cause:
+- Different stack trace formats (e.g. thenable async stack frames)
+- Different error messages
+- Features available in Chromium V8 that aren't in stock Node.js V8 (or vice versa)
+
+## Two Types of Test Fixes
+
+### A. Patch Fixes (most common for test failures)
+
+Most test fixes go into existing patches in `patches/node/`. Use the fixup workflow:
+
+1. Edit the test file in `../third_party/electron_node/test/...`
+2. Find the relevant patch commit: `git log --oneline | grep -i "keyword"`
+    - Crypto/BoringSSL tests → `fix crypto tests to run with bssl`
+    - Snapshot tests → the specific snapshot patch (e.g. `test: accomodate V8 thenable`)
+    - Flaky tests → `test: formally mark some tests as flaky`
+3. Create a fixup commit:
+    ```bash
+    cd ../third_party/electron_node
+    git add test/path/to/test.js
+    git commit --fixup=<patch-commit-hash>
+    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
+    ```
+4. Export: `e patches node`
+5. **Read `references/phase-three-commit-guidelines.md` NOW**, then commit the updated patch file.
+
+### B. New Patches (rare)
+
+Only create a new patch when the fix doesn't belong in any existing patch. The new patch commit in `../third_party/electron_node` must include a description explaining why the patch exists and when it can be removed — the lint check enforces this.
+
+## Adding to Disabled Tests
+
+Only add a test to `script/node-disabled-tests.json` as a **last resort** — when the test is fundamentally incompatible with Electron's architecture (not just a BoringSSL difference that can be guarded). Tests disabled here are completely skipped and never run.
+
+# Critical: Read Before Committing
+
+- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
+- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
+- Before ANY Phase Three commits: Read `references/phase-three-commit-guidelines.md`
+
+# High-Churn Patches
+
+These patches consistently require the most work during Node.js upgrades:
+
+- **`fix_handle_boringssl_and_openssl_incompatibilities.patch`** — Electron uses BoringSSL (via Chromium) while Node.js expects OpenSSL. This patch is large and complex, and upstream OpenSSL API changes frequently break it.
+- **`fix_crypto_tests_to_run_with_bssl.patch`** — Companion to the above; adapts Node.js crypto tests for BoringSSL. Can grow significantly during major upgrades.
+- **`support_v8_sandboxed_pointers.patch`** — V8 sandbox pointer support requires careful adaptation when V8 APIs change.
+- **`build_add_gn_build_files.patch`** — The GN build file patch is large and touches many build targets. Upstream build system changes frequently conflict.
+
+# Major Version Upgrades
+
+Major Node.js version transitions (e.g., v22 → v24) are significantly more involved than patch bumps:
+
+1. **Expect patch deletions.** Electron uses Chromium's V8, which is often ahead of the V8 version bundled in Node.js. Many patches exist to bridge this gap — shimming newer V8 APIs that Chromium's V8 has but Node.js' older V8 doesn't. When Node.js bumps to a newer major version, its V8 catches up to Chromium's, and those bridge patches can be deleted. In the v22 → v24 upgrade, 17 patches were deleted for this reason.
+2. **Update `@types/node`** in `package.json` to match the new major version.
+3. **Post-upgrade regressions are expected.** Even after the upgrade lands, follow-up fix PRs for edge cases (ESM path handling, certificate loading, platform-specific issues) are normal.
+
+# Skill Directory Structure
+This skill has additional reference files in `references/`:
+- patch-analysis.md - How to analyze patch failures
+- phase-one-commit-guidelines.md - Commit format for Phase One
+- phase-two-commit-guidelines.md - Commit format for Phase Two
+- phase-three-commit-guidelines.md - Commit format for Phase Three
+
+Read these when referenced in the workflow steps.

.claude/skills/electron-node-upgrade/references/patch-analysis.md

@@ -0,0 +1,112 @@
+# Analyzing Patch Failures
+
+## Investigation Steps
+
+1. **Read the patch file** at `patches/node/{patch_name}.patch`
+
+2. **Examine current state** of the file in the Node.js repo at mentioned line numbers
+
+3. **Check recent upstream changes:**
+   ```bash
+   cd ../third_party/electron_node
+   git log --oneline -10 -- {file}
+   ```
+
+4. **Find Node.js PR** in commit messages:
+   ```
+   PR-URL: https://github.com/nodejs/node/pull/{PR_NUMBER}
+   ```
+
+## Critical: Resolve by Intent, Not by Mechanical Merge
+
+When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
+
+1. **Understand the upstream commit's full scope** — not just the conflicting hunk.
+   Run `git show <commit> --stat` and read diffs for all affected files.
+   Upstream may have removed structs, members, or methods that the patch
+   references in other hunks or files.
+
+2. **Re-read the patch commit message** to understand its *intent* — what
+   behavior does it need to preserve or add?
+
+3. **Implement the intent against the new upstream code.** If the patch's
+   purpose is "add BoringSSL compatibility", add only the compatibility
+   layer — don't also restore old code that upstream separately removed.
+
+### Lesson: Upstream Removals Break Patch References
+
+- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
+- **Strategy:** After identifying the upstream commit, check its full diff for
+  removed types, members, and methods. If the patch's old code references
+  something removed, the resolution must use the new upstream mechanism.
+
+### Lesson: Separate Patch Purpose from Patch Implementation
+
+- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
+- **Strategy:** Identify the *minimal* change the patch needs. If the patch
+  wraps code in a conditional, only add the conditional — don't restore old
+  code that was inside the conditional but was separately cleaned up upstream.
+
+### Lesson: Finish the Adaptation at Conflict Time
+
+- **Trigger:** A patch conflict involves an upstream API removal or replacement
+- **Strategy:** When resolving the conflict, fully adapt the patch to use the
+  new API in the same commit. Don't remove the old code and leave behind stale
+  references that will "be fixed in Phase Two." Each patch fix commit should be
+  a complete resolution.
+
+## Common Failure Patterns
+
+| Pattern | Cause | Solution |
+|---------|-------|----------|
+| Context lines don't match | Surrounding code changed | Update context in patch |
+| File not found | File renamed/moved | Update patch target path |
+| Function not found | Refactored upstream | Find new function name |
+| OpenSSL → BoringSSL mismatch | Crypto API change | Update to BoringSSL-compatible API |
+| GYP/GN build change | Build system refactor | Adapt build patch to new structure |
+| Deleted code | Feature removed | Verify patch still needed |
+| V8 API bridge patch conflicts | Node.js caught up to Chromium's V8 | Patch may be deletable — verify the API is now in Node.js' V8 natively |
+
+## Using Git Blame
+
+To find the commit that changed specific lines:
+
+```bash
+cd ../third_party/electron_node
+git blame -L {start},{end} -- {file}
+git log -1 {commit_sha}  # Look for PR-URL: line
+```
+
+## Verifying Patch Necessity
+
+Before deleting a patch, verify:
+1. The patched functionality was intentionally removed upstream
+2. Electron doesn't need the patch for other reasons
+3. No other code depends on the patched behavior
+
+**V8 bridge patches:** Electron uses Chromium's V8, which is often ahead of the V8 bundled in Node.js. Many patches exist to bridge this version gap — adapting Node.js code to work with newer V8 APIs that Chromium's V8 exposes. During major Node.js upgrades, Node.js' V8 catches up to Chromium's, and these bridge patches often become unnecessary. Check whether the API the patch shims is now available natively in the new Node.js version's V8.
+
+When in doubt, keep the patch and adapt it.
+
+## Phase Two: Build-Time Patch Issues
+
+Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
+
+1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
+2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
+
+### Finding Which Patch Affects a File
+
+```bash
+grep -l "filename.cc" patches/node/*.patch
+```
+
+### Matching Existing Patch Patterns
+
+When fixing build errors in patched files, examine the existing patch to understand its style:
+- Does it use `#if 0` / `#endif` guards?
+- Does it use `#if BUILDFLAG(...)` conditionals?
+- Does it use `#ifndef` / `#ifdef` guards for BoringSSL vs OpenSSL?
+- What's the pattern for disabled functionality?
+
+Apply fixes consistent with the existing patch style.

.claude/skills/electron-node-upgrade/references/phase-one-commit-guidelines.md

@@ -0,0 +1,111 @@
+# Phase One Commit Guidelines
+
+Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
+
+Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
+
+## Each Commit Must Be Complete
+
+When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
+
+## Commit Message Style
+
+**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
+
+Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
+
+### Patch conflict fixes
+
+Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
+
+```
+fix(patch): {topic headline}
+
+Ref: {Node.js commit or issue link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
+
+Examples:
+- `fix(patch): stop using v8::PropertyCallbackInfo<T>::This()`
+- `fix(patch): BoringSSL and OpenSSL incompatibilities`
+- `fix(patch): refactor module_wrap.cc FixedArray::Get params`
+
+### Upstreamed patch removal
+
+When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
+
+```
+chore: remove upstreamed patch
+```
+
+or (if multiple):
+
+```
+chore: remove upstreamed patches
+```
+
+Most Node.js patches in Electron are Electron-authored (no upstream `PR-URL:`). If the patch originated from an upstream Node.js PR, no extra `Ref:` is needed. Otherwise, add a `Ref:` pointing to the relevant Node.js issue or commit if one exists.
+
+### Trivial patch updates
+
+After all fix commits, stage remaining trivial changes (index, line numbers, context only):
+
+```bash
+git add patches
+git commit -m "chore: update patches (trivial only)"
+```
+
+**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
+
+## Atomic Commits
+
+Each patch conflict fix gets its own commit with its own Ref.
+
+IMPORTANT: Try really hard to find the PR or commit reference per the instructions below. Each change you made should in theory have been in response to a change made in Node.js that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
+
+## Finding Commit/Issue References
+
+Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
+
+```
+PR-URL: https://github.com/nodejs/node/pull/XXXXX
+```
+
+or issue references in the patch itself:
+
+```
+Refs: https://github.com/nodejs/node/issues/XXXXX
+```
+
+Note: Most Node.js patches in Electron are Electron-authored and won't have upstream references. In that case, check `git log` in the Node.js repo to find which upstream commit caused the conflict.
+
+If no reference found after searching: `Ref: Unable to locate reference`
+
+## Example Commits
+
+### Patch conflict fix (simple — title is sufficient)
+
+```
+fix(patch): stop using v8::PropertyCallbackInfo<T>::This()
+
+Ref: https://github.com/nodejs/node/issues/60616
+
+Co-Authored-By: <AI model attribution>
+```
+
+### Patch conflict fix (complex — description adds value)
+
+```
+fix(patch): BoringSSL and OpenSSL incompatibilities
+
+Upstream updated OpenSSL APIs that diverge from BoringSSL. Adapted
+the compatibility shims in crypto patches to use the BoringSSL
+equivalents.
+
+Ref: Unable to locate reference
+
+Co-Authored-By: <AI model attribution>
+```

.claude/skills/electron-node-upgrade/references/phase-three-commit-guidelines.md

@@ -0,0 +1,80 @@
+# Phase Three Commit Guidelines
+
+Only follow these instructions if there are uncommitted changes after fixing a test failure during Phase Three.
+
+Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
+
+## Commit Message Style
+
+**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
+
+Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
+
+## Commit Types
+
+### Patch updates (most test fixes)
+
+Test fixes go into existing patches via the fixup workflow. Use `fix(patch):` prefix with a descriptive topic:
+
+```
+fix(patch): {topic headline}
+
+Ref: {Node.js commit or issue link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+Examples:
+- `fix(patch): guard DH key test for BoringSSL`
+- `fix(patch): adapt new crypto tests for BoringSSL`
+- `fix(patch): correct thenable snapshot for Chromium V8`
+- `fix(patch): skip AES-KW tests with BoringSSL`
+
+Group related test fixes into a single commit when they address the same root cause (e.g., multiple crypto tests all needing BoringSSL guards for the same missing cipher). Don't create one commit per test file if they share the same fix pattern.
+
+### Snapshot regeneration
+
+When a snapshot test fails because Chromium's V8 produces different output, regenerate it:
+
+```bash
+NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
+```
+
+Then commit the updated snapshot patch with a title describing what changed:
+
+```
+fix(patch): correct {name} snapshot for Chromium V8
+
+Ref: {V8 CL or issue link if known}
+
+Co-Authored-By: <AI model attribution>
+```
+
+### Trivial patch updates
+
+After any patch modification, check for dependent patches that only have index/hunk header changes:
+
+```bash
+git status
+# If other .patch files show as modified with only trivial changes:
+git add patches/
+git commit -m "chore: update patches (trivial only)"
+```
+
+## Finding References
+
+For BoringSSL-related test fixes, the reference is typically the upstream Node.js PR that added the new test:
+
+```bash
+cd ../third_party/electron_node
+git log --oneline -5 -- test/parallel/test-crypto-foo.js
+git log -1 <commit> --format="%B" | grep "PR-URL"
+```
+
+For V8 behavioral differences, reference the Chromium CL:
+
+```
+Ref: https://chromium-review.googlesource.com/c/v8/v8/+/NNNNNNN
+```
+
+If no reference found after searching: `Ref: Unable to locate reference`

.claude/skills/electron-node-upgrade/references/phase-two-commit-guidelines.md

@@ -0,0 +1,96 @@
+# Phase Two Commit Guidelines
+
+Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
+
+Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
+
+## Commit Message Style
+
+**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Node.js PR titles are used verbatim even if longer.
+
+Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
+
+## Two Commit Types
+
+### For Electron Source Changes (shell/, electron/, etc.)
+
+When the upstream Node.js commit has a `PR-URL:`:
+
+```
+node#{PR-Number}: {upstream PR's original title}
+
+Ref: {Node.js PR link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+When there is no `PR-URL:` but there is an issue reference or commit:
+
+```
+fix: {description of the adaptation}
+
+Ref: {Node.js issue or commit link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+Use the **upstream commit's original title** when available — do not paraphrase or rewrite it. To find it: check the commit message in `../third_party/electron_node` for `PR-URL:` or `Refs:` lines.
+
+Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
+
+Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
+
+IMPORTANT: Try really hard to find a reference. Each change you made should in theory have been in response to a change in Node.js. Check `git log` and `git blame` in the Node.js repo. Do not give up easily.
+
+### For Patch Updates (patches/node/*.patch)
+
+Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
+
+## Dependent Patch Header Updates
+
+After any patch modification, check for other affected patches:
+
+```bash
+git status
+# If other .patch files show as modified with only index, line number, and context changes:
+git add patches/
+git commit -m "chore: update patches (trivial only)"
+```
+
+## Finding References
+
+Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
+
+```
+PR-URL: https://github.com/nodejs/node/pull/XXXXX
+Refs: https://github.com/nodejs/node/issues/XXXXX
+```
+
+Note: Many Node.js patches in Electron are Electron-authored and won't have upstream `PR-URL:` lines. Check the patch's own commit message for `Refs:` lines, or use `git log` in the Node.js repo to find which upstream commit caused the build break.
+
+If no reference found after searching: `Ref: Unable to locate reference`
+
+## Example Commits
+
+### Electron Source Fix (with upstream PR)
+
+```
+node#61898: src: stop using v8::PropertyCallbackInfo<T>::This()
+
+Ref: https://github.com/nodejs/node/pull/61898
+
+Co-Authored-By: <AI model attribution>
+```
+
+### Electron Source Fix (with issue reference, no PR)
+
+```
+fix: adapt to v8::PropertyCallbackInfo<T>::This() removal
+
+Updated NodeBindings to use HolderV2() after upstream Node.js
+stopped using the deprecated This() API.
+
+Ref: https://github.com/nodejs/node/issues/60616
+
+Co-Authored-By: <AI model attribution>
+```

.github/actions/build-electron/action.yml

@@ -89,6 +89,10 @@ runs:
         } else {
           e build --target electron:testing_build
         }
+        if ($LASTEXITCODE -ne 0) {
+          Write-Host "e build failed with exit code $LASTEXITCODE"
+          exit $LASTEXITCODE
+        }
         Copy-Item out\Default\.ninja_log out\electron_ninja_log
         node electron\script\check-symlinks.js
 
@@ -125,6 +129,9 @@ runs:
         fi
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--reorder-builtins/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--warn-about-builtin-profile-data/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--abort-on-bad-builtin-profile-data/d' out/Default/mksnapshot_args
 
         if [ "${{ inputs.target-platform }}" = "win" ]; then
           cd out/Default
@@ -202,7 +209,17 @@ runs:
       if: ${{ inputs.is-release == 'true' }}
       run: |
         cd src
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
+        # Reuse the hermetic mac_sdk_path that `e build` wrote for out/Default so
+        # out/ffmpeg builds against the same SDK instead of the runner's system Xcode.
+        # The path has to live under root_build_dir, so copy the symlink tree and
+        # rewrite Default -> ffmpeg.
+        MAC_SDK_ARG=""
+        if [ "$(uname)" = "Darwin" ]; then
+          mkdir -p out/ffmpeg
+          cp -a out/Default/xcode_links out/ffmpeg/
+          MAC_SDK_ARG=$(sed -n 's|^\(mac_sdk_path = "//out/\)Default/|\1ffmpeg/|p' out/Default/args.gn)
+        fi
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $MAC_SDK_ARG $GN_EXTRA_ARGS"
         e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
     - name: Remove Clang problem matcher
       shell: bash
@@ -271,12 +288,12 @@ runs:
       run: ./src/electron/script/actions/move-artifacts.sh
     - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
       if: always() && !cancelled()
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}

.github/actions/build-image-sha/action.yml

@@ -0,0 +1,24 @@
+name: 'Build Image SHA'
+description: 'Single source of truth for the ghcr.io/electron/build image SHA'
+inputs:
+  override:
+    description: 'Optional override SHA (e.g. from a workflow_dispatch input)'
+    required: false
+    default: ''
+outputs:
+  build-image-sha:
+    description: 'The electron/build image SHA to use'
+    value: ${{ steps.set.outputs.build-image-sha }}
+runs:
+  using: 'composite'
+  steps:
+    - id: set
+      shell: bash
+      env:
+        OVERRIDE: ${{ inputs.override }}
+      run: |
+        if [ -n "$OVERRIDE" ]; then
+          echo "build-image-sha=$OVERRIDE" >> "$GITHUB_OUTPUT"
+        else
+          echo "build-image-sha=daad061f4b99a0ae1c841be4aa09188280a9c8a4" >> "$GITHUB_OUTPUT"
+        fi

.github/actions/checkout/action.yml

@@ -28,7 +28,7 @@ runs:
     shell: bash
     run: |
       node src/electron/script/generate-deps-hash.js
-      DEPSHASH="v1-src-cache-$(cat src/electron/.depshash)"
+      DEPSHASH="v2-src-cache-$(cat src/electron/.depshash)"
       echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
       echo "CACHE_FILE=$DEPSHASH.tar" >> $GITHUB_ENV
       if [ "${{ inputs.target-platform }}" = "win" ]; then
@@ -43,7 +43,7 @@ runs:
       curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
   - name: Save SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -109,7 +109,7 @@ runs:
         echo "target_os=['$TARGET_OS']" >> ./.gclient
       fi
 
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags -vv
+      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=0 DEPOT_TOOLS_WIN_TOOLCHAIN=0 ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags
       if [[ "${{ inputs.is-release }}" != "true" ]]; then
         # Re-export all the patches to check if there were changes.
         python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
@@ -187,21 +187,35 @@ runs:
     shell: bash
     run: |
       echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
-      tar -cf $CACHE_FILE src
+      # Named .tar but zstd-compressed; the sas-sidecar's filename allowlist
+      # only permits .tar/.tgz so we keep the extension and decode on restore.
+      tar -cf - src | zstd -T0 --long=30 -f -o $CACHE_FILE
       echo "Compressed src to $(du -sh $CACHE_FILE | cut -f1 -d' ')"
-      cp ./$CACHE_FILE $CACHE_DRIVE/
   - name: Persist Src Cache
     if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
     shell: bash
     run: |
       final_cache_path=$CACHE_DRIVE/$CACHE_FILE
+      # Upload to a run-unique temp name first so concurrent readers never
+      # observe a partially-written file, and an interrupted copy can't leave
+      # a truncated file at the final path. Orphaned temp files get swept by
+      # the clean-orphaned-cache-uploads workflow.
+      tmp_cache_path=$final_cache_path.upload-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}
+      echo "Uploading to temp path: $tmp_cache_path"
+      cp ./$CACHE_FILE $tmp_cache_path
+
       echo "Using cache key: $DEPSHASH"
-      echo "Checking path: $final_cache_path"
+      if [ -f "$final_cache_path" ]; then
+        echo "Cache already persisted at $final_cache_path by a concurrent run; discarding ours"
+        rm -f $tmp_cache_path
+      else
+        mv -f $tmp_cache_path $final_cache_path
+        echo "Cache key persisted in $final_cache_path"
+      fi
+
       if [ ! -f "$final_cache_path" ]; then
         echo "Cache key not found"
         exit 1
-      else
-        echo "Cache key persisted in $final_cache_path"
       fi
   - name: Wait for active SSH sessions
     shell: bash

.github/actions/cipd-install/action.yml

@@ -22,30 +22,50 @@ runs:
   steps:
     - name: Delete wrong ${{ inputs.dependency }}
       shell: bash
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
       run : |
-        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
+        rm -rf "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}"
     - name: Create ensure file for ${{ inputs.dependency }}
       if: ${{ inputs.dependency-version == '' }}
       shell: bash
+      env:
+        PACKAGE: ${{ inputs.package }}
+        DEPS_FILE: ${{ inputs.deps-file }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
+        echo "$PACKAGE" $(e d gclient getdep --deps-file="$DEPS_FILE" -r "${INSTALLATION_DIR}:${PACKAGE}") > "${DEPENDENCY}_ensure_file"
+        cat "${DEPENDENCY}_ensure_file"
 
     - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
       if: ${{ inputs.dependency-version != '' }}
       shell: bash
+      env:
+        PACKAGE: ${{ inputs.package }}
+        DEPENDENCY_VERSION: ${{ inputs.dependency-version }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
+        echo "$PACKAGE $DEPENDENCY_VERSION" > "${DEPENDENCY}_ensure_file"
+        cat "${DEPENDENCY}_ensure_file"
     - name: CIPD installation of ${{ inputs.dependency }} (macOS)
       if: ${{ inputs.target-platform != 'win' }}
       shell: bash
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo "ensuring ${{ inputs.dependency }}"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
+        echo "ensuring $DEPENDENCY"
+        e d cipd ensure --root "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}" -ensure-file "${DEPENDENCY}_ensure_file"
     - name: CIPD installation of ${{ inputs.dependency }} (Windows)
       if: ${{ inputs.target-platform == 'win' }}
       shell: powershell
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo "ensuring ${{ inputs.dependency }} on Windows"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
+        echo "ensuring $env:DEPENDENCY on Windows"
+        e d cipd ensure --root "$env:CIPD_ROOT_PREFIX$env:INSTALLATION_DIR" -ensure-file "$($env:DEPENDENCY)_ensure_file"

.github/actions/fix-sync/action.yml

@@ -27,6 +27,7 @@ runs:
         python3 src/tools/clang/scripts/update.py
         # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
         python3 src/tools/clang/scripts/update.py --package objdump
+        python3 src/tools/clang/scripts/update.py --package clang-tidy
     - name: Fix esbuild
       if: ${{ inputs.target-platform != 'linux' }}
       uses: ./src/electron/.github/actions/cipd-install
@@ -132,7 +133,7 @@ runs:
       run : |
         cd src/third_party/angle
         rm -f .git/objects/info/alternates
-        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
+        git remote set-url origin https://github.com/google/angle.git
         cp .git/config .git/config.backup
         git remote remove origin
         mv .git/config.backup .git/config

.github/actions/install-build-tools/action.yml

@@ -15,7 +15,7 @@ runs:
         git config --global core.preloadindex true
         git config --global core.longpaths true
       fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=1b7bd25dae4a780bb3170fff56c9327b53aaf7eb
       npm i -g @electron/build-tools
       # Update depot_tools to ensure python
       e d update_depot_tools
@@ -29,4 +29,4 @@ runs:
       else
         echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
         echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
-      fi
+      fi

.github/actions/install-dependencies/action.yml

@@ -7,7 +7,7 @@ runs:
     shell: bash
     id: yarn-cache-dir-path
     run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+  - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     id: yarn-cache
     with:
       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -21,11 +21,28 @@ runs:
       if [ "$TARGET_ARCH" = "x86" ]; then
         export npm_config_arch="ia32"
       fi
-      # if running on linux arm skip yarn Builds
       ARCH=$(uname -m)
+      node script/yarn.js install --immutable --mode=skip-build
+      # if running on linux arm skip yarn Builds
       if [ "$ARCH" = "armv7l" ]; then
         echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
       else
+        # Pre-seed the node-gyp header cache so the parallel native-addon
+        # builds below don't race on a cold cache. Linux build containers
+        # already ship a warm cache (electron/build-images#68), so only do
+        # this on macOS / Windows runners.
+        if [ "$(uname -s)" != "Linux" ]; then
+          for i in 1 2 3; do
+            if node node_modules/node-gyp/bin/node-gyp.js install; then
+              break
+            fi
+            if [ "$i" = "3" ]; then
+              echo "node-gyp header pre-seed failed after 3 attempts" >&2
+              exit 1
+            fi
+            echo "node-gyp header pre-seed failed (attempt $i), retrying in 5s..." >&2
+            sleep 5
+          done
+        fi
         node script/yarn.js install --immutable
       fi

.github/actions/restore-cache-aks/action.yml

@@ -31,7 +31,7 @@ runs:
       fi
 
       mkdir temp-cache
-      tar -xf $cache_path -C temp-cache
+      zstd -d --long=30 -c $cache_path | tar -xf - -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then

.github/actions/restore-cache-azcopy/action.yml

@@ -8,14 +8,14 @@ runs:
   steps:
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
       enableCrossOsArchive: true
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -24,7 +24,7 @@ runs:
     # The cache will always exist here as a result of the checkout job
     # Either it was uploaded to Azure in the checkout job for this commit
     # or it was uploaded in the checkout job for a previous commit.
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3
@@ -61,9 +61,9 @@ runs:
         echo "Cache is empty - exiting"
         exit 1
       fi
-      
+
       mkdir temp-cache
-      tar -xf $DEPSHASH.tar -C temp-cache
+      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then
@@ -85,23 +85,21 @@ runs:
 
   - name: Unzip and Ensure Src Cache (Windows)
     if: ${{ inputs.target-platform == 'win' }}
-    shell: powershell
+    shell: bash
     run: |
-      $src_cache = "$env:DEPSHASH.tar"
-      $cache_size = $(Get-Item $src_cache).length
-      Write-Host "Downloaded cache is $cache_size"
-      if ($cache_size -eq 0) {
-        Write-Host "Cache is empty - exiting"
+      echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
+      if [ `du $DEPSHASH.tar | cut -f1` = "0" ]; then
+        echo "Cache is empty - exiting"
         exit 1
-      }
+      fi
 
-      $TEMP_DIR=New-Item -ItemType Directory -Path temp-cache
-      $TEMP_DIR_PATH = $TEMP_DIR.FullName
-      C:\ProgramData\Chocolatey\bin\7z.exe -y -snld20 x $src_cache -o"$TEMP_DIR_PATH"
+      mkdir temp-cache
+      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
+      rm -f $DEPSHASH.tar
 
   - name: Move Src Cache (Windows)
     if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3
@@ -112,9 +110,6 @@ runs:
           Write-Host "Relocating Cache"
           Remove-Item -Recurse -Force src
           Move-Item temp-cache\src src
-
-          Write-Host "Deleting zip file"
-          Remove-Item -Force $src_cache
         }
         if (-Not (Test-Path "src\third_party\blink")) {
           Write-Host "Cache was not correctly restored - exiting"

.github/actions/set-chromium-cookie/action.yml

@@ -7,7 +7,7 @@ runs:
     if: ${{ runner.os != 'Windows' }}
     shell: bash
     run: |
-      if [[ -z "${{ env.CHROMIUM_GIT_COOKIE }}" ]]; then
+      if [[ -z "$CHROMIUM_GIT_COOKIE" ]]; then
         echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
         exit 0
       fi
@@ -18,9 +18,7 @@ runs:
 
       git config --global http.cookiefile ~/.gitcookies
 
-      tr , \\t <<\__END__ >>~/.gitcookies
-      ${{ env.CHROMIUM_GIT_COOKIE }}
-      __END__
+      echo "$CHROMIUM_GIT_COOKIE" | tr , \\t >>~/.gitcookies
       eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
 
       RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
@@ -42,7 +40,7 @@ runs:
       )
 
       git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
-      powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
+      powershell -noprofile -nologo -command Write-Output $env:CHROMIUM_GIT_COOKIE_WINDOWS_STRING >>"%USERPROFILE%\.gitcookies"
 
       curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
 

.github/problem-matchers/clang.json

@@ -5,7 +5,7 @@
       "fromPath": "src/out/Default/args.gn",
       "pattern": [
         {
-          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|error):\\s+(.*)$",
+          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|fatal error|error):\\s+(.*)$",
           "file": 1,
           "line": 2,
           "column": 3,

.github/siso-patches/0001-siso-reuse-the-outer-os.File-for-chunked-ReadAt-in-f.patch

@@ -0,0 +1,47 @@
+From 85b561ea4dbc76ba98af020b970f3aa6b20fdb9e Mon Sep 17 00:00:00 2001
+From: Samuel Attard <sam@electronjs.org>
+Date: Wed, 8 Apr 2026 23:24:15 -0700
+Subject: [PATCH] siso: reuse the outer *os.File for chunked ReadAt in
+ fileParser.readFile
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The per-chunk goroutine currently re-opens fname to get its own handle
+for ReadAt. (*os.File).ReadAt is documented as safe for concurrent
+calls on the same File (on Windows it is ReadFile with an OVERLAPPED
+offset, so there is no shared seek state), so the extra open is
+redundant — the goroutines can share the outer f.
+
+Besides halving the CreateFileW calls per subninja, this avoids an
+intermittent 'The parameter is incorrect.' (ERROR_INVALID_PARAMETER)
+from bindflt.sys when out/ is a mapped directory inside a Windows
+container: bindflt's handle-relative NtCreateFile path races when a
+second relative open arrives while the first handle to the same target
+is still being set up. Absolute paths and single opens do not trigger
+it; see microsoft/Windows-Containers#<tbd>.
+---
+ siso/toolsupport/ninjautil/file_parser.go | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
+index 8c18d084..63116662 100644
+--- a/siso/toolsupport/ninjautil/file_parser.go
++++ b/siso/toolsupport/ninjautil/file_parser.go
+@@ -111,13 +111,6 @@ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error)
+ 		eg.Go(func() error {
+ 			p.sema <- struct{}{}
+ 			defer func() { <-p.sema }()
+-			f, err := os.Open(fname)
+-			if err != nil {
+-				return err
+-			}
+-			defer func() {
+-				_ = f.Close()
+-			}()
+ 			for len(chunkBuf) > 0 {
+ 				n, err := f.ReadAt(chunkBuf, pos)
+ 				if err != nil {
+-- 
+2.53.0
+

.github/siso-patches/0002-siso-retry-transient-ERROR_INVALID_PARAMETER-when-op.patch

@@ -0,0 +1,132 @@
+From a8afee1089ec2ae9ab5837b438d07338aefb3bc4 Mon Sep 17 00:00:00 2001
+From: Samuel Attard <sam@electronjs.org>
+Date: Wed, 22 Apr 2026 16:27:51 -0700
+Subject: [PATCH] siso: retry transient ERROR_INVALID_PARAMETER when opening
+ ninja files on Windows
+
+ManifestParser.Load fans out across all subninja files (~90k in a
+Chromium build) at NumCPU parallelism. On Windows builders where out/
+is served through a filesystem filter driver (e.g. bindflt/wcifs for
+container bind mounts), CreateFileW can intermittently return
+ERROR_INVALID_PARAMETER under this concurrent open burst. The previous
+patch removes the redundant per-chunk re-open, but the single remaining
+open per file can still hit the race; without a retry a single transient
+failure aborts the entire manifest load.
+
+Wrap the remaining os.Open call in readFile in a small Windows-only
+retry for ERROR_INVALID_PARAMETER (5 attempts, 5-80ms backoff). Each
+retry is logged via clog.Warningf and also written to stderr so it is
+visible in CI step output where glog warnings are file-only by default.
+Other platforms keep the direct os.Open path.
+---
+ siso/toolsupport/ninjautil/file_parser.go     |  3 +-
+ siso/toolsupport/ninjautil/openfile_other.go  | 18 +++++++
+ .../toolsupport/ninjautil/openfile_windows.go | 50 +++++++++++++++++++
+ 3 files changed, 69 insertions(+), 2 deletions(-)
+ create mode 100644 siso/toolsupport/ninjautil/openfile_other.go
+ create mode 100644 siso/toolsupport/ninjautil/openfile_windows.go
+
+diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
+index 6311666..324528d 100644
+--- a/siso/toolsupport/ninjautil/file_parser.go
++++ b/siso/toolsupport/ninjautil/file_parser.go
+@@ -7,7 +7,6 @@ package ninjautil
+ import (
+ 	"context"
+ 	"fmt"
+-	"os"
+ 	"runtime/trace"
+ 	"sync"
+ 	"time"
+@@ -91,7 +90,7 @@ func (p *fileParser) parseFile(ctx context.Context, fname string) error {
+ // readFile reads a file of fname in parallel.
+ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error) {
+ 	defer trace.StartRegion(ctx, "ninja.read").End()
+-	f, err := os.Open(fname)
++	f, err := openFile(ctx, fname)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+diff --git a/siso/toolsupport/ninjautil/openfile_other.go b/siso/toolsupport/ninjautil/openfile_other.go
+new file mode 100644
+index 0000000..9fca690
+--- /dev/null
++++ b/siso/toolsupport/ninjautil/openfile_other.go
+@@ -0,0 +1,18 @@
++// Copyright 2026 The Chromium Authors
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++//go:build !windows
++
++package ninjautil
++
++import (
++	"context"
++	"os"
++)
++
++// openFile opens fname for reading.
++// See openfile_windows.go for the Windows variant with transient-error retry.
++func openFile(ctx context.Context, fname string) (*os.File, error) {
++	return os.Open(fname)
++}
+diff --git a/siso/toolsupport/ninjautil/openfile_windows.go b/siso/toolsupport/ninjautil/openfile_windows.go
+new file mode 100644
+index 0000000..f9d8e9d
+--- /dev/null
++++ b/siso/toolsupport/ninjautil/openfile_windows.go
+@@ -0,0 +1,50 @@
++// Copyright 2026 The Chromium Authors
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++//go:build windows
++
++package ninjautil
++
++import (
++	"context"
++	"errors"
++	"fmt"
++	"os"
++	"time"
++
++	"golang.org/x/sys/windows"
++
++	"go.chromium.org/build/siso/o11y/clog"
++)
++
++// openFile opens fname for reading, retrying transient
++// ERROR_INVALID_PARAMETER failures.
++//
++// On Windows, CreateFileW can intermittently return
++// ERROR_INVALID_PARAMETER when the target lives behind a filesystem
++// filter driver (e.g. bindflt/wcifs for container bind mounts) under
++// highly concurrent opens. loadFile fans out across ~90k subninja
++// files at NumCPU parallelism, so a single transient failure would
++// otherwise abort the whole manifest load.
++func openFile(ctx context.Context, fname string) (*os.File, error) {
++	const maxAttempts = 5
++	delay := 5 * time.Millisecond
++	for i := 0; ; i++ {
++		f, err := os.Open(fname)
++		if err == nil {
++			return f, nil
++		}
++		if i+1 >= maxAttempts || !errors.Is(err, windows.ERROR_INVALID_PARAMETER) {
++			return nil, err
++		}
++		clog.Warningf(ctx, "open %s: %v; retrying (%d/%d) after %s", fname, err, i+1, maxAttempts, delay)
++		fmt.Fprintf(os.Stderr, "siso: open %s: %v; retrying (%d/%d) after %s\n", fname, err, i+1, maxAttempts, delay)
++		select {
++		case <-time.After(delay):
++		case <-ctx.Done():
++			return nil, context.Cause(ctx)
++		}
++		delay *= 2
++	}
++}
+-- 
+2.53.0
+

.github/workflows/apply-patches.yml

@@ -18,6 +18,7 @@ jobs:
       pull-requests: read
     outputs:
       has-patches: ${{ steps.filter.outputs.patches }}
+      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       with:
@@ -26,13 +27,16 @@ jobs:
     # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
     # so that the output can be used to conditionally run the apply-patches job, which lets
     # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
       id: filter
       with:
         filters: |
           patches:
             - DEPS
             - 'patches/**'
+    - name: Set Build Image SHA
+      id: build-image-sha
+      uses: ./.github/actions/build-image-sha
 
   apply-patches:
     needs: setup
@@ -41,7 +45,7 @@ jobs:
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -71,3 +75,11 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
       with:
         target-platform: linux
+    - name: Upload Patch Conflict Fix
+      if: ${{ failure() }}
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      with:
+        name: update-patches
+        path: patches/update-patches.patch
+        if-no-files-found: ignore
+        archive: false

.github/workflows/archaeologist-dig.yml

@@ -21,17 +21,21 @@ jobs:
         with:
           node-version: 24.12.x
       - name: Setting Up Dig Site
+        env:
+          CLONE_URL: ${{ github.event.pull_request.head.repo.clone_url }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BASE_REF: ${{ github.event.pull_request.base.ref }}
         run: |
-          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
-          echo "sha ${{ github.event.pull_request.head.sha }}"
-          echo "base ref ${{ github.event.pull_request.base.ref }}"
-          git clone https://github.com/electron/electron.git electron          
+          echo "remote: $CLONE_URL"
+          echo "sha $HEAD_SHA"
+          echo "base ref $BASE_REF"
+          git clone https://github.com/electron/electron.git electron
           cd electron
           mkdir -p artifacts
-          git remote add fork ${{ github.event.pull_request.head.repo.clone_url }} && git fetch fork
-          git checkout  ${{ github.event.pull_request.head.sha }}
-          git merge-base origin/${{ github.event.pull_request.base.ref }} HEAD > .dig-old
-          echo  ${{ github.event.pull_request.head.sha }} > .dig-new
+          git remote add fork "$CLONE_URL" && git fetch fork
+          git checkout "$HEAD_SHA"
+          git merge-base "origin/$BASE_REF" HEAD > .dig-old
+          echo "$HEAD_SHA" > .dig-new
           cp .dig-old artifacts
 
       - name: Generating Types for SHA in .dig-new

.github/workflows/build.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
-        required: true
+        default: ''
+        required: false
       skip-macos:
         type: boolean
         description: 'Skip macOS builds'
@@ -47,20 +47,21 @@ permissions: {}
 
 jobs:
   setup:
-    runs-on: ubuntu-latest
+    if: github.repository == 'electron/electron'
+    runs-on: ubuntu-slim
     permissions:
       contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
         src: ${{ steps.filter.outputs.src }}
-        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
+        build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
     - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         ref: ${{ github.event.pull_request.head.sha }}
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
       id: filter
       with:
         filters: |
@@ -72,14 +73,14 @@ jobs:
             - CODE_OF_CONDUCT.md
           src:
             - '!docs/**'
-    - name: Set Outputs for Build Image SHA & Docs Only
+    - name: Set Build Image SHA
+      id: build-image-sha
+      uses: ./.github/actions/build-image-sha
+      with:
+        override: ${{ inputs.build-image-sha }}
+    - name: Set Docs Only
       id: set-output
       run: |
-        if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
-        else
-          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
-        fi
         echo "docs-only=${{ steps.filter.outputs.docs == 'true' && steps.filter.outputs.src == 'false' }}" >> "$GITHUB_OUTPUT"
 
   # Lint Jobs
@@ -199,6 +200,15 @@ jobs:
         generate-sas-token: 'true'
         target-platform: win
 
+  # Build a patched siso binary for Windows CI in parallel with checkout-windows.
+  # The Windows build jobs download the resulting artifact and use it via SISO_PATH.
+  build-siso-windows:
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
+    permissions:
+      contents: read
+
   # GN Check Jobs
   macos-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -369,7 +379,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -388,7 +398,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -407,7 +417,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -425,9 +435,36 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
+    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, build-siso-windows, windows-x64, windows-x86, windows-arm64]
     if: always() && !contains(needs.*.result, 'failure')
-    steps: 
+    steps:
     - name: GitHub Actions Jobs Done
       run: |
         echo "All GitHub Actions Jobs are done"
+
+  check-signed-commits:
+    name: Check signed commits in green PR
+    needs: gha-done
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Remove needs-signed-commits label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/clean-orphaned-cache-uploads.yml

@@ -0,0 +1,32 @@
+name: Clean Orphaned Cache Uploads
+
+# Description:
+# Sweeps orphaned in-flight upload temp files left on the src-cache volumes
+# by checkout/action.yml when its cp-to-share step dies before the rename.
+# A successful upload finishes in minutes, so anything older than 4h is dead.
+
+on:
+  schedule:
+    - cron: "0 */4 * * *"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  clean-orphaned-uploads:
+    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-centralus-linux-amd64-32core
+    permissions:
+      contents: read
+    container:
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /mnt/win-cache:/mnt/win-cache
+    steps:
+    - name: Remove Orphaned Upload Temp Files
+      shell: bash
+      run: |
+        find /mnt/cross-instance-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete
+        find /mnt/win-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete

.github/workflows/issue-labeled.yml

@@ -61,9 +61,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GH_REPO: electron/electron
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
           set -eo pipefail
-          COMMENT_COUNT=$(gh issue view ${{ github.event.issue.number }} --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
+          COMMENT_COUNT=$(gh issue view "$ISSUE_NUMBER" --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
           if [[ $COMMENT_COUNT -eq 0 ]]; then
             echo "SHOULD_COMMENT=1" >> "$GITHUB_OUTPUT"
           fi

.github/workflows/issue-unlabeled.yml

@@ -16,9 +16,11 @@ jobs:
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels
+        env:
+          LABELS_JSON: ${{ toJSON(github.event.issue.labels.*.name) }}
         run: |
           set -eo pipefail
-          BLOCKED_LABEL_COUNT=$(echo '${{ toJSON(github.event.issue.labels.*.name) }}' | jq '[ .[] | select(startswith("blocked/")) ] | length')
+          BLOCKED_LABEL_COUNT=$(echo "$LABELS_JSON" | jq '[ .[] | select(startswith("blocked/")) ] | length')
           if [[ $BLOCKED_LABEL_COUNT -eq 0 ]]; then
             echo "NOT_BLOCKED=1" >> "$GITHUB_OUTPUT"
           fi

.github/workflows/linux-publish.yml

@@ -6,7 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: ''
+        required: false
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -20,12 +21,28 @@ on:
 permissions: {}
 
 jobs:
+  setup:
+    if: github.repository == 'electron/electron'
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+    outputs:
+      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
+    steps:
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - name: Set Build Image SHA
+      id: build-image-sha
+      uses: ./.github/actions/build-image-sha
+      with:
+        override: ${{ inputs.build-image-sha }}
+
   checkout-linux:
+    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -49,11 +66,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-linux
+    needs: [setup, checkout-linux]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: x64
       is-release: true
@@ -69,11 +86,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-linux
+    needs: [setup, checkout-linux]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm
       is-release: true
@@ -89,11 +106,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-linux
+    needs: [setup, checkout-linux]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm64
       is-release: true

.github/workflows/macos-publish.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
-        required: true
+        default: ''
+        required: false
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -21,12 +21,28 @@ on:
 permissions: {}
 
 jobs:
+  setup:
+    if: github.repository == 'electron/electron'
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+    outputs:
+      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
+    steps:
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - name: Set Build Image SHA
+      id: build-image-sha
+      uses: ./.github/actions/build-image-sha
+      with:
+        override: ${{ inputs.build-image-sha }}
+
   checkout-macos:
+    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/non-maintainer-dependency-change.yml

@@ -10,6 +10,10 @@ on:
       - '.yarn/**'
       - '.yarnrc.yml'
 
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
 permissions: {}
 
 jobs:
@@ -45,5 +49,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
         run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
+          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${PR_AUTHOR}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-

.github/workflows/pipeline-electron-docs-only.yml

@@ -35,7 +35,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AKS

.github/workflows/pipeline-electron-lint.yml

@@ -46,7 +46,11 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        gn_version="$(curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+          echo "::error::Invalid chromium_revision: $chromium_revision"
+          exit 1
+        fi
+        gn_version="$(curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/DEPS" | grep gn_version | head -n1 | cut -d\' -f4)"
 
         cipd ensure -ensure-file - -root . <<-CIPD
         \$ServiceURL https://chrome-infra-packages.appspot.com/
@@ -60,9 +64,13 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+          echo "::error::Invalid chromium_revision: $chromium_revision"
+          exit 1
+        fi
 
         mkdir -p src/buildtools
-        curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+        curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/buildtools/DEPS" > src/buildtools/DEPS
 
         gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
     - name: Add problem matchers

.github/workflows/pipeline-segment-build-siso-windows.yml

@@ -0,0 +1,98 @@
+name: Pipeline Segment - Build Siso (Windows)
+
+# Builds a patched siso binary for Windows CI. Reads the siso revision from
+# the Chromium DEPS file at the pinned chromium_version, shallow-clones
+# chromium.googlesource.com/build at that revision, applies the patches under
+# .github/siso-patches/, cross-compiles siso.exe for windows/amd64, and
+# publishes it as the `siso-windows-amd64` artifact. The Windows build jobs
+# download it and use it via SISO_PATH. The built binary is cached keyed on
+# the siso revision + sha256 of the patch contents, so subsequent runs just
+# restore it.
+
+on:
+  workflow_call: {}
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        fetch-depth: 1
+        ref: ${{ github.event.pull_request.head.sha }}
+        sparse-checkout: |
+          DEPS
+          .github/siso-patches
+    - name: Resolve siso revision from Chromium DEPS
+      id: resolve
+      run: |
+        set -euo pipefail
+        CHROMIUM_VERSION=$(python3 -c "import re; print(re.search(r\"'chromium_version':\s*\n\s*'([^']+)'\", open('DEPS').read()).group(1))")
+        if ! [[ "$CHROMIUM_VERSION" =~ ^[0-9]+(\.[0-9]+){1,3}$ ]]; then
+          echo "error: unexpected chromium_version format: $CHROMIUM_VERSION" >&2
+          exit 1
+        fi
+        curl -sfL "https://raw.githubusercontent.com/chromium/chromium/${CHROMIUM_VERSION}/DEPS" -o /tmp/chromium-DEPS
+        SISO_SHA=$(python3 -c "import re; print(re.search(r\"'siso_version':\s*'git_revision:([0-9a-f]+)'\", open('/tmp/chromium-DEPS').read()).group(1))")
+        if ! [[ "$SISO_SHA" =~ ^[0-9a-f]{40}$ ]]; then
+          echo "error: unexpected siso_version SHA: $SISO_SHA" >&2
+          exit 1
+        fi
+        PATCHES_HASH=$(find .github/siso-patches -type f -name '*.patch' | sort | xargs sha256sum | sha256sum | awk '{print $1}')
+        echo "siso-sha=${SISO_SHA}" >> "$GITHUB_OUTPUT"
+        echo "patches-hash=${PATCHES_HASH}" >> "$GITHUB_OUTPUT"
+        echo "Chromium ${CHROMIUM_VERSION} pins siso at ${SISO_SHA}"
+        echo "Patches hash: ${PATCHES_HASH}"
+    - name: Restore cached siso binary
+      id: cache-siso
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      with:
+        path: siso-out/siso.exe
+        key: siso-windows-amd64-${{ steps.resolve.outputs.siso-sha }}-${{ steps.resolve.outputs.patches-hash }}
+    - name: Shallow clone chromium build repo at pinned revision
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      env:
+        SISO_SHA: ${{ steps.resolve.outputs.siso-sha }}
+      run: |
+        set -euo pipefail
+        mkdir chromium-build
+        cd chromium-build
+        git init -q
+        git remote add origin https://chromium.googlesource.com/build
+        git -c protocol.version=2 fetch --depth=1 origin "$SISO_SHA"
+        git checkout --detach FETCH_HEAD
+    - name: Apply in-tree siso patches
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      run: |
+        set -euo pipefail
+        cd chromium-build
+        git -c user.name=electron-ci -c user.email=ci@electronjs.org \
+          am --3way "${GITHUB_WORKSPACE}/.github/siso-patches"/*.patch
+    - name: Set up Go
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      with:
+        go-version-file: chromium-build/siso/go.mod
+        cache: false
+    - name: Build siso (windows/amd64)
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      working-directory: chromium-build/siso
+      env:
+        CGO_ENABLED: '0'
+        GOOS: windows
+        GOARCH: amd64
+      run: |
+        mkdir -p "${GITHUB_WORKSPACE}/siso-out"
+        go build -trimpath -o "${GITHUB_WORKSPACE}/siso-out/siso.exe" .
+    - name: Upload siso artifact
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      with:
+        name: siso-windows-amd64
+        path: siso-out/siso.exe
+        if-no-files-found: error
+        retention-days: 1

.github/workflows/pipeline-segment-electron-build.yml

@@ -72,7 +72,6 @@ env:
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
   GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
   ELECTRON_OUT_DIR: Default
   ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
@@ -151,7 +150,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
@@ -190,6 +189,22 @@ jobs:
     - name: Free up space (macOS)
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/free-space-macos
+    - name: Download custom siso binary (Windows)
+      if: ${{ inputs.target-platform == 'win' }}
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      with:
+        name: siso-windows-amd64
+        path: ${{ runner.temp }}/siso
+    - name: Set SISO_PATH (Windows)
+      if: ${{ inputs.target-platform == 'win' }}
+      run: |
+        SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
+        if [ ! -f "$SISO_BIN" ]; then
+          echo "error: expected siso binary at $SISO_BIN" >&2
+          exit 1
+        fi
+        echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
+        echo "Using custom siso binary at $SISO_BIN"
     - name: Build Electron
       if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' || inputs.target-variant == 'darwin') }}
       uses: ./src/electron/.github/actions/build-electron

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -81,7 +81,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy

.github/workflows/pipeline-segment-electron-publish.yml

@@ -74,7 +74,6 @@ env:
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
   GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
     '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
     inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
@@ -160,7 +159,7 @@ jobs:
       - name: Generate DEPS Hash
         run: |
           node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+          DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
           echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
           echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
       - name: Restore src cache via AZCopy
@@ -203,6 +202,22 @@ jobs:
       - name: Free up space (macOS)
         if: ${{ inputs.target-platform == 'macos' }}
         uses: ./src/electron/.github/actions/free-space-macos
+      - name: Download custom siso binary (Windows)
+        if: ${{ inputs.target-platform == 'win' }}
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+        with:
+          name: siso-windows-amd64
+          path: ${{ runner.temp }}/siso
+      - name: Set SISO_PATH (Windows)
+        if: ${{ inputs.target-platform == 'win' }}
+        run: |
+          SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
+          if [ ! -f "$SISO_BIN" ]; then
+            echo "error: expected siso binary at $SISO_BIN" >&2
+            exit 1
+          fi
+          echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
+          echo "Using custom siso binary at $SISO_BIN"
       - name: Build Electron
         if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
           inputs.target-variant == 'darwin') }}

.github/workflows/pipeline-segment-electron-test.yml

@@ -43,6 +43,8 @@ env:
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
+  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
+  SENTRYCLI_SKIP_DOWNLOAD: 1
 
 jobs:
   test:
@@ -59,7 +61,7 @@ jobs:
       fail-fast: false
       matrix:
         build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ inputs.target-platform == 'linux' && fromJSON('[1, 2, 3]') || fromJSON('[1, 2]') }}
+        shard: ${{ case(inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), inputs.target-platform == 'macos' && inputs.target-arch == 'x64', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -209,6 +211,7 @@ jobs:
 
     - name: Run Electron Tests
       shell: bash
+      timeout-minutes: 40
       env:
         MOCHA_REPORTER: mocha-multi-reporters
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
@@ -219,7 +222,7 @@ jobs:
         cd src/electron
         export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'linux' && 3 || 2 }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.target-platform == 'linux', 3, inputs.target-platform == 'macos' && inputs.target-arch == 'x64', 3, 2) }})
 
         # Run tests
         if [ "${{ inputs.target-platform }}" != "linux" ]; then
@@ -259,6 +262,19 @@ jobs:
             
           fi
         fi
+    - name: Take screenshot on timeout or cancellation
+      if: ${{ inputs.target-platform != 'linux' && (cancelled() || failure()) }}
+      shell: bash
+      run: |
+        screenshot_dir="src/electron/spec/artifacts"
+        mkdir -p "$screenshot_dir"
+        screenshot_file="$screenshot_dir/screenshot-timeout-$(date +%Y%m%d%H%M%S).png"
+        if [ "${{ inputs.target-platform }}" = "macos" ]; then
+          screencapture -x "$screenshot_file" || true
+        elif [ "${{ inputs.target-platform }}" = "win" ]; then
+          powershell -command "Add-Type -AssemblyName System.Windows.Forms; \$screen = [System.Windows.Forms.Screen]::PrimaryScreen.Bounds; \$bitmap = New-Object System.Drawing.Bitmap(\$screen.Width, \$screen.Height); \$graphics = [System.Drawing.Graphics]::FromImage(\$bitmap); \$graphics.CopyFromScreen(\$screen.Location, [System.Drawing.Point]::Empty, \$screen.Size); \$bitmap.Save('$screenshot_file')" || true
+        fi
+
     - name: Upload Test results to Datadog
       env:
         DD_ENV: ci
@@ -274,8 +290,8 @@ jobs:
         fi
       if: always() && !cancelled()
     - name: Upload Test Artifacts
-      if: always() && !cancelled()
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      if: always()
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
         path: src/electron/spec/artifacts

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -36,6 +36,8 @@ env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
+  SENTRYCLI_SKIP_DOWNLOAD: 1
 
 jobs:
   node-tests:

.github/workflows/pull-request-labeled.yml

@@ -4,6 +4,10 @@ on:
   pull_request_target:
     types: [labeled]
 
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
 permissions: {}
 
 jobs:

.github/workflows/pull-request-opened-synchronized.yml

@@ -0,0 +1,39 @@
+name: Pull Request Opened/Synchronized
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
+permissions: {}
+
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Add needs-signed-commits label
+        if: ${{ failure() }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --add-label needs-signed-commits

.github/workflows/windows-publish.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
-        required: true
+        default: ''
+        required: false
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -21,12 +21,28 @@ on:
 permissions: {}
 
 jobs:
+  setup:
+    if: github.repository == 'electron/electron'
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+    outputs:
+      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
+    steps:
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - name: Set Build Image SHA
+      id: build-image-sha
+      uses: ./.github/actions/build-image-sha
+      with:
+        override: ${{ inputs.build-image-sha }}
+
   checkout-windows:
+    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -36,8 +52,6 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
       TARGET_OS: 'win'
       ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
-    outputs:
-      build-image-sha: ${{ inputs.build-image-sha }}
     steps:
     - name: Checkout Electron
       uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
@@ -50,6 +64,14 @@ jobs:
         generate-sas-token: 'true'
         target-platform: win
 
+  # Build the patched siso binary in parallel with checkout-windows; the
+  # publish-*-win jobs consume it via SISO_PATH.
+  build-siso-windows:
+    needs: setup
+    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
+    permissions:
+      contents: read
+
   publish-x64-win:
     uses: ./.github/workflows/pipeline-segment-electron-publish.yml
     permissions:
@@ -57,7 +79,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -76,7 +98,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -95,7 +117,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core

.gitignore

@@ -42,6 +42,7 @@ spec/.hash
 
 # Generated native addon files
 /spec/fixtures/native-addon/echo/build/
+/spec/fixtures/native-addon/dialog-helper/build/
 
 # If someone runs tsc this is where stuff will end up
 ts-gen

.yarn/README.md

@@ -0,0 +1,82 @@
+# Vendored Yarn release
+
+This directory holds the Yarn release used by this repo (`yarnPath` in
+`.yarnrc.yml`). The release file is checked in so every contributor and CI job
+runs the exact same Yarn, and so we can carry small local patches when needed.
+
+`releases/yarn-4.12.0.cjs` currently carries one such patch, described below.
+If you bump the Yarn version, read the **Upgrading Yarn** section first.
+
+## Patch: use `JsZipImpl` for the node-modules link step
+
+### What changed
+
+Two call sites in `releases/yarn-4.12.0.cjs` are modified so the
+`node-modules` linker (and the `pnpm`-loose linker) construct their read-only
+`ZipOpenFS` with `customZipImplementation: ST` — Yarn's pure-JS `JsZipImpl` —
+instead of falling through to the default WASM-backed `LibZipImpl`:
+
+```text
+new $f({maxOpenFiles:80,readOnlyArchives:!0})
+  → new $f({maxOpenFiles:80,readOnlyArchives:!0,customZipImplementation:ST})
+```
+
+A comment block at the top of the `.cjs` file marks the file as patched and
+points back here.
+
+### Why
+
+On the `linux-arm` CI test shards we run a 32-bit `arm32v7` container. During
+`yarn install`'s **Link step**, Yarn opens up to 80 cache zips concurrently.
+With `LibZipImpl`, each open zip is `readFileSync`'d into a Node `Buffer`
+**and copied again into the WASM linear memory**, and every file read does a
+WASM `_malloc(size)` for the entry. The WASM heap has to grow as a single
+contiguous region of the 32-bit address space; once enough zips are resident,
+the `_malloc` for a large entry — most often `typescript/lib/typescript.js`
+(~9 MB inside a ~22 MB zip) — fails.
+
+Yarn's cross-FS `copyFilePromise` swallows the underlying error and re-throws
+a generic one, so CI shows:
+
+```text
+YN0001: While persisting .../typescript-patch-...zip/node_modules/typescript/
+  EINVAL: invalid argument, copyfile '/node_modules/typescript/lib/typescript.js' -> '...'
+```
+
+The unmasked form (occasionally seen on `pdfjs-dist`) is the WASM-heap failure
+string `Couldn't allocate enough memory`. This started failing ~1-in-3
+`linux-arm / test` shards at **Install Dependencies** on 2026-04-13, after
+[#50692](https://github.com/electron/electron/pull/50692) grew the cache enough
+to push the 32-bit process over the edge nondeterministically — e.g.
+[run 24739817558](https://github.com/electron/electron/actions/runs/24739817558/job/72380803746).
+
+`JsZipImpl` avoids the problem entirely: it opens the zip by file descriptor,
+reads only the central directory into memory, and `readSync`s individual
+entries into ordinary Node `Buffer`s — **no WASM heap involved**. It is
+read-only and path-based, which is exactly how the linker uses these archives.
+
+There is no `.yarnrc.yml` setting or environment variable to select the zip
+implementation (verified against the bundle), so editing the vendored release
+is the only way to switch it short of re-implementing the linker in a plugin.
+
+Upstream references:
+[yarnpkg/berry#3972](https://github.com/yarnpkg/berry/issues/3972),
+[yarnpkg/berry#6722](https://github.com/yarnpkg/berry/issues/6722),
+[yarnpkg/berry#6550](https://github.com/yarnpkg/berry/issues/6550).
+
+### Upgrading Yarn
+
+When bumping `releases/yarn-*.cjs`:
+
+1. Check whether upstream now defaults `readOnlyArchives` opens to `JsZipImpl`,
+   or exposes a config knob for the zip implementation. If so, drop this patch.
+2. Otherwise, re-apply: search the new bundle for
+   `maxOpenFiles:80,readOnlyArchives:!0` (the surrounding minified identifiers
+   will differ) and add `,customZipImplementation:<JsZipImpl symbol>` — that
+   symbol is whatever the new bundle exports as `JsZipImpl` from
+   `@yarnpkg/libzip`.
+3. Re-add the header comment pointing back to this README.
+4. Verify with
+   `rm -rf node_modules spec/node_modules && node script/yarn.js install --immutable --mode=skip-build`
+   and confirm `node_modules/typescript/lib/typescript.js` is byte-identical to
+   an unpatched install.

.yarnrc.yml

@@ -9,4 +9,8 @@ npmMinimalAgeGate: 10080
 npmPreapprovedPackages:
   - "@electron/*"
 
+httpProxy: "${HTTP_PROXY:-}"
+
+httpsProxy: "${HTTPS_PROXY:-}"
+
 yarnPath: .yarn/releases/yarn-4.12.0.cjs

BUILD.gn

@@ -105,21 +105,25 @@ electron_mac_bundle_id = branding.mac_bundle_id
 if (override_electron_version != "") {
   electron_version = override_electron_version
 } else {
-  # When building from source code tarball there is no git tag available and
+  # When building from a source code tarball there is no git tag available and
   # builders must explicitly pass override_electron_version in gn args.
+  #
+  # Resolve the real locations of packed-refs and HEAD via git so that this
+  # also works when electron/ is a `git worktree` (where .git is a file, not a
+  # directory, and GN's read_file cannot follow the gitdir indirection).
+  electron_git_ref_paths =
+      exec_script("script/get-git-ref-paths.py", [], "list lines")
+
   # This read_file call will assert if there is no git information, without it
   # gn will generate a malformed build configuration and ninja will get into
   # infinite loop.
-  read_file(".git/packed-refs", "string")
+  read_file(electron_git_ref_paths[0], "string")
 
   # Set electron version from git tag.
   electron_version = exec_script("script/get-git-version.py",
                                  [],
                                  "trim string",
-                                 [
-                                   ".git/packed-refs",
-                                   ".git/HEAD",
-                                 ])
+                                 electron_git_ref_paths)
 }
 
 if (is_mas_build) {
@@ -454,8 +458,10 @@ source_set("electron_lib") {
     "//components/certificate_transparency",
     "//components/compose:buildflags",
     "//components/embedder_support:user_agent",
+    "//components/heap_profiling/multi_process",
     "//components/input",
     "//components/language/core/browser",
+    "//components/memory_system",
     "//components/net_log",
     "//components/network_hints/browser",
     "//components/network_hints/common:mojo_bindings",
@@ -468,6 +474,7 @@ source_set("electron_lib") {
     "//components/pref_registry",
     "//components/prefs",
     "//components/security_state/content",
+    "//components/tracing:tracing_metrics",
     "//components/upload_list",
     "//components/user_prefs",
     "//components/viz/host",
@@ -480,6 +487,7 @@ source_set("electron_lib") {
     "//content/public/utility",
     "//device/bluetooth",
     "//device/bluetooth/public/cpp",
+    "//device/fido",
     "//gin",
     "//gpu/ipc/client",
     "//media/capture/mojom:video_capture",
@@ -1605,6 +1613,7 @@ action("node_version_header") {
 action("generate_node_headers") {
   deps = [ ":generate_config_gypi" ]
   script = "script/node/generate_node_headers.py"
+  args = [ rebase_path("$root_gen_dir") ]
   outputs = [ "$root_gen_dir/node_headers.json" ]
 }
 

CLAUDE.md

@@ -127,6 +127,22 @@ patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
 2. Create a git commit
 3. Run `e patches <target>` to export
 
+**Fixing patch conflicts on an existing PR:**
+
+If asked to fix a patch conflict on a branch that already has an open PR, check the PR's failed **Apply Patches** CI run for an `update-patches` artifact before running `e sync` locally. CI has already performed the 3-way merge and exported the resolved patch diff — applying it is much faster than a full local sync.
+
+```bash
+# Find the failed Apply Patches run for the PR and download the artifact
+gh run list --repo electron/electron --branch <pr-branch> --workflow "Apply Patches" --limit 1
+gh run download <run-id> --repo electron/electron --name update-patches
+
+# Apply the CI-generated fix, then push
+git am update-patches.patch
+git push
+```
+
+If no artifact exists (e.g. the 3-way merge itself failed), fall back to `e sync --3` and resolve manually.
+
 ## Testing
 
 **Test location:** `spec/` directory
@@ -155,6 +171,10 @@ e test                    # Run full test suite
 
 When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
 
+## Node.js Upgrade Workflow
+
+When working on the `roller/node/main` branch to upgrade Node.js activate the "Electron Node.js Upgrade" skill.
+
 ## Pull Requests
 
 PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '146.0.7680.65',
+    '146.0.7680.216',
   'node_version':
-    'v24.14.0',
+    'v24.15.0',
   'nan_version':
     '675cefebca42410733da8a454c8d9391fcebfbc2',
   'squirrel.mac_version':

build/args/all.gn

@@ -51,9 +51,6 @@ is_cfi = false
 use_qt5 = false
 use_qt6 = false
 
-# Disables the builtins PGO for V8
-v8_builtins_profiling_log_file = ""
-
 # https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
 # TODO(vertedinde): hunt down dangling pointers on Linux
 enable_dangling_raw_ptr_checks = false

build/electron_paks.gni

@@ -65,6 +65,7 @@ template("electron_extra_paks") {
       "$root_gen_dir/net/net_resources.pak",
       "$root_gen_dir/third_party/blink/public/resources/blink_resources.pak",
       "$root_gen_dir/third_party/blink/public/resources/inspector_overlay_resources.pak",
+      "$root_gen_dir/third_party/blink/public/strings/permission_element_generated_strings.pak",
       "$target_gen_dir/electron_resources.pak",
     ]
     deps = [
@@ -83,6 +84,7 @@ template("electron_extra_paks") {
       "//net:net_resources",
       "//third_party/blink/public:devtools_inspector_resources",
       "//third_party/blink/public:resources",
+      "//third_party/blink/public/strings:permission_element_generated_strings",
       "//ui/webui/resources",
     ]
     if (defined(invoker.deps)) {
@@ -186,6 +188,7 @@ template("electron_paks") {
       "${root_gen_dir}/extensions/strings/extensions_strings_",
       "${root_gen_dir}/services/strings/services_strings_",
       "${root_gen_dir}/third_party/blink/public/strings/blink_strings_",
+      "${root_gen_dir}/third_party/blink/public/strings/permission_element_strings_",
       "${root_gen_dir}/ui/strings/app_locale_settings_",
       "${root_gen_dir}/ui/strings/auto_image_annotation_strings_",
       "${root_gen_dir}/ui/strings/ax_strings_",
@@ -202,6 +205,7 @@ template("electron_paks") {
       "//extensions/strings",
       "//services/strings",
       "//third_party/blink/public/strings",
+      "//third_party/blink/public/strings:permission_element_strings",
       "//ui/strings:app_locale_settings",
       "//ui/strings:auto_image_annotation_strings",
       "//ui/strings:ax_strings",

chromium_src/BUILD.gn

@@ -245,6 +245,10 @@ static_library("chrome") {
       "//chrome/browser/ui/views/dark_mode_manager_linux.cc",
       "//chrome/browser/ui/views/dark_mode_manager_linux.h",
     ]
+    sources += [
+      "//chrome/browser/ui/views/frame/browser_frame_view_paint_utils_linux.cc",
+      "//chrome/browser/ui/views/frame/browser_frame_view_paint_utils_linux.h",
+    ]
     public_deps += [ "//components/dbus" ]
   }
 

default_app/default_app.ts

@@ -1,5 +1,5 @@
 import { shell } from 'electron/common';
-import { app, dialog, BrowserWindow, ipcMain } from 'electron/main';
+import { app, dialog, BrowserWindow, ipcMain, Menu } from 'electron/main';
 
 import * as path from 'node:path';
 import * as url from 'node:url';
@@ -11,12 +11,52 @@ app.on('window-all-closed', () => {
   app.quit();
 });
 
-function decorateURL (url: string) {
-  // safely add `?utm_source=default_app
-  const parsedUrl = new URL(url);
-  parsedUrl.searchParams.append('utm_source', 'default_app');
-  return parsedUrl.toString();
-}
+const isMac = process.platform === 'darwin';
+
+app.whenReady().then(() => {
+  const helpMenu: Electron.MenuItemConstructorOptions = {
+    role: 'help',
+    submenu: [
+      {
+        label: 'Learn More',
+        click: async () => {
+          await shell.openExternal('https://electronjs.org');
+        }
+      },
+      {
+        label: 'Documentation',
+        click: async () => {
+          const version = process.versions.electron;
+          await shell.openExternal(`https://github.com/electron/electron/tree/v${version}/docs#readme`);
+        }
+      },
+      {
+        label: 'Community Discussions',
+        click: async () => {
+          await shell.openExternal('https://discord.gg/electronjs');
+        }
+      },
+      {
+        label: 'Search Issues',
+        click: async () => {
+          await shell.openExternal('https://github.com/electron/electron/issues');
+        }
+      }
+    ]
+  };
+
+  const macAppMenu: Electron.MenuItemConstructorOptions = { role: 'appMenu' };
+  const template: Electron.MenuItemConstructorOptions[] = [
+    ...(isMac ? [macAppMenu] : []),
+    { role: 'fileMenu' },
+    { role: 'editMenu' },
+    { role: 'viewMenu' },
+    { role: 'windowMenu' },
+    helpMenu
+  ];
+
+  Menu.setApplicationMenu(Menu.buildFromTemplate(template));
+});
 
 // Find the shortest path to the electron binary
 const absoluteElectronPath = process.execPath;
@@ -69,7 +109,7 @@ async function createWindow (backgroundColor?: string) {
   mainWindow.on('ready-to-show', () => mainWindow!.show());
 
   mainWindow.webContents.setWindowOpenHandler(details => {
-    shell.openExternal(decorateURL(details.url));
+    shell.openExternal(details.url);
     return { action: 'deny' };
   });
 

docs/api/app.md

@@ -1225,6 +1225,51 @@ This API must be called after the `ready` event is emitted.
 [doh-providers]: https://source.chromium.org/chromium/chromium/src/+/main:net/dns/public/doh_provider_entry.cc;l=31?q=%22DohProviderEntry::GetList()%22&ss=chromium%2Fchromium%2Fsrc
 [RFC8484 § 3]: https://datatracker.ietf.org/doc/html/rfc8484#section-3
 
+### `app.configureWebAuthn(options)` _macOS_
+
+* `options` Object
+  * `touchID` Object (optional) - Enables the Touch ID / Secure Enclave platform
+    authenticator for [Web Authentication](https://www.w3.org/TR/webauthn-2/)
+    requests.
+    * `keychainAccessGroup` string - The keychain access group that WebAuthn
+      credentials will be stored under. This value **must** also be present in
+      your app's `keychain-access-groups` code-signing entitlement, and is
+      typically of the form `<TEAM_ID>.<BUNDLE_ID>.webauthn`.
+
+Configures platform authenticators for the Web Authentication API
+(`navigator.credentials.create()` / `navigator.credentials.get()`). Until this
+is called, `PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()`
+resolves to `false` and platform-authenticator requests are not serviced.
+
+When `touchID` is provided, WebAuthn credentials are stored in the macOS
+keychain and bound to this device's Secure Enclave. Electron automatically
+generates and persists a per-[`session`](session.md) metadata secret so that
+credentials created in one partition are not visible to another.
+
+```js
+const { app } = require('electron')
+
+app.configureWebAuthn({
+  touchID: {
+    keychainAccessGroup: 'A1B2C3D4E5.com.example.app.webauthn'
+  }
+})
+```
+
+With the matching entitlement in your app's `entitlements.plist`:
+
+```xml
+<key>keychain-access-groups</key>
+<array>
+  <string>A1B2C3D4E5.com.example.app.webauthn</string>
+</array>
+```
+
+> [!NOTE]
+> Touch ID WebAuthn credentials are device-bound and are not synced via iCloud
+> Keychain. They are only available on Macs with a Secure Enclave (Apple
+> silicon, or Intel Macs with a T2 chip).
+
 ### `app.disableHardwareAcceleration()`
 
 Disables hardware acceleration for current app.

docs/api/content-tracing.md

@@ -124,4 +124,65 @@ Returns `Promise<Object>` - Resolves with an object containing the `value` and `
 Get the maximum usage across processes of trace buffer as a percentage of the
 full state.
 
+### `contentTracing.enableHeapProfiling([options])` _Experimental_
+
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/50826
+```
+-->
+
+* `options` ([EnableHeapProfilingOptions](structures/enable-heap-profiling-options.md)) (optional)
+
+Returns `Promise<void>` - Resolves once heap profiling has been enabled.
+
+Enable [heap profiling](https://chromium.googlesource.com/chromium/src/+/lkgr/docs/memory-infra/heap_profiler.md)
+for MemoryInfra traces. Equivalent to the `--memlog` switch in Chrome.
+
+Only takes effect if the `disabled-by-default-memory-infra` category is included.
+
+Needs to be called before `contentTracing.startRecording()`.
+
+Usage:
+
+```js
+const { contentTracing } = require('electron')
+
+async function recordTrace () {
+  await contentTracing.enableHeapProfiling()
+  await contentTracing.startRecording({
+    included_categories: ['disabled-by-default-memory-infra'],
+    excluded_categories: ['*'],
+    memory_dump_config: {
+      triggers: [
+        { mode: 'detailed', periodic_interval_ms: 1000 }
+      ]
+    }
+  })
+
+  await new Promise(resolve => setTimeout(resolve, 5000))
+
+  const filePath = await contentTracing.stopRecording()
+}
+```
+
+To view the recorded heap dumps:
+
+1. Download the breakpad symbols for your Electron version from the Electron GitHub
+   [releases](https://github.com/electron/electron/releases)
+2. Clone the [Electron source code](../development/build-instructions-gn.md)
+3. In your Chromium checkout for Electron, run this command to symbolicate the heap dump:
+
+   ```bash
+   python3 third_party/catapult/tracing/bin/symbolize_trace --use-breakpad-symbols --breakpad-symbols-directory /path/to/breakpad_symbols /path/to/trace.json
+   ```
+
+4. Open the symbolicated trace in `chrome://tracing` (the Perfetto UI does not support memory dumps
+   yet)
+5. Click on one of the `M` symbols
+6. Click on a `☰` triple bar icon (e.g., in the `malloc` column)
+
+<img src="../images/viewing-heap-dumps.png" alt="Screenshot showing how to view a heapdump in Chromium's tracing view" />
+
 [trace viewer]: https://chromium.googlesource.com/catapult/+/HEAD/tracing/README.md

docs/api/menu-item.md

@@ -44,8 +44,8 @@ See [`Menu`](menu.md) for examples.
     menu items.
   * `registerAccelerator` boolean (optional) _Linux_ _Windows_ - If false, the accelerator won't be registered
     with the system, but it will still be displayed. Defaults to true.
-  * `sharingItem` SharingItem (optional) _macOS_ - The item to share when the `role` is `shareMenu`.
-  * `submenu` (MenuItemConstructorOptions[] | [Menu](menu.md)) (optional) - Should be specified
+  * `sharingItem` [SharingItem](structures/sharing-item.md) (optional) _macOS_ - The item to share when the `role` is `shareMenu`.
+  * `submenu` ([MenuItemConstructorOptions](#new-menuitemoptions)[] | [Menu](menu.md)) (optional) - Should be specified
     for `submenu` type menu items. If `submenu` is specified, the `type: 'submenu'` can be omitted.
     If the value is not a [`Menu`](menu.md) then it will be automatically converted to one using
     `Menu.buildFromTemplate`.
@@ -89,7 +89,7 @@ A `Function` that is fired when the MenuItem receives a click event.
 It can be called with `menuItem.click(event, focusedWindow, focusedWebContents)`.
 
 * `event` [KeyboardEvent](structures/keyboard-event.md)
-* `focusedWindow` [BaseWindow](browser-window.md)
+* `focusedWindow` [BaseWindow](base-window.md)
 * `focusedWebContents` [WebContents](web-contents.md)
 
 #### `menuItem.submenu`
@@ -110,11 +110,11 @@ A `string` (optional) indicating the item's role, if set. Can be `undo`, `redo`,
 
 #### `menuItem.accelerator`
 
-An `Accelerator | null` indicating the item's accelerator, if set.
+An [`Accelerator | null`](../tutorial/keyboard-shortcuts.md#accelerators) indicating the item's accelerator, if set.
 
 #### `menuItem.userAccelerator` _Readonly_ _macOS_
 
-An `Accelerator | null` indicating the item's [user-assigned accelerator](https://developer.apple.com/documentation/appkit/nsmenuitem/1514850-userkeyequivalent?language=objc) for the menu item.
+An [`Accelerator | null`](../tutorial/keyboard-shortcuts.md#accelerators) indicating the item's [user-assigned accelerator](https://developer.apple.com/documentation/appkit/nsmenuitem/1514850-userkeyequivalent?language=objc) for the menu item.
 
 > [!NOTE]
 > This property is only initialized after the `MenuItem` has been added to a `Menu`. Either via `Menu.buildFromTemplate` or via `Menu.append()/insert()`.  Accessing before initialization will just return `null`.
@@ -170,7 +170,7 @@ This property can be dynamically changed.
 
 #### `menuItem.sharingItem` _macOS_
 
-A `SharingItem` indicating the item to share when the `role` is `shareMenu`.
+A [`SharingItem`](structures/sharing-item.md) indicating the item to share when the `role` is `shareMenu`.
 
 This property can be dynamically changed.
 

docs/api/menu.md

@@ -46,7 +46,7 @@ this has the additional effect of removing the menu bar from the window.
 
 > [!NOTE]
 > The default menu will be created automatically if the app does not set one.
-> It contains standard items such as `File`, `Edit`, `View`, `Window` and `Help`.
+> It contains standard items such as `File`, `Edit`, `View`, and `Window`.
 
 #### `Menu.getApplicationMenu()`
 
@@ -70,7 +70,7 @@ for more information on macOS' native actions.
 
 #### `Menu.buildFromTemplate(template)`
 
-- `template` (MenuItemConstructorOptions | [MenuItem](menu-item.md))[]
+- `template` ([MenuItemConstructorOptions](menu-item.md#new-menuitemoptions) | [MenuItem](menu-item.md))[]
 
 Returns [`Menu`](menu.md)
 
@@ -162,7 +162,7 @@ Emitted when a popup is closed either manually or with `menu.closePopup()`.
 
 #### `menu.items`
 
-A `MenuItem[]` array containing the menu's items.
+A [`MenuItem[]`](menu-item.md) array containing the menu's items.
 
 Each `Menu` consists of multiple [`MenuItem`](menu-item.md) instances and each `MenuItem`
 can nest a `Menu` into its `submenu` property.

docs/api/native-theme.md

@@ -84,3 +84,7 @@ Currently, Windows high contrast is the only system setting that triggers forced
 ### `nativeTheme.prefersReducedTransparency` _Readonly_
 
 A `boolean` that indicates whether the user has chosen via system accessibility settings to reduce transparency at the OS level.
+
+### `nativeTheme.shouldDifferentiateWithoutColor` _macOS_ _Readonly_
+
+A `boolean` that indicates whether the user prefers UI that differentiates items using something other than color alone (e.g. shapes or labels). This maps to [NSWorkspace.accessibilityDisplayShouldDifferentiateWithoutColor](https://developer.apple.com/documentation/appkit/nsworkspace/accessibilitydisplayshoulddifferentiatewithoutcolor).

docs/api/notification.md

@@ -42,11 +42,15 @@ Returns `boolean` - Whether or not desktop notifications are supported on the cu
   * `timeoutType` string (optional) _Linux_ _Windows_ - The timeout duration of the notification. Can be 'default' or 'never'.
   * `replyPlaceholder` string (optional) _macOS_ - The placeholder to write in the inline reply input field.
   * `sound` string (optional) _macOS_ - The name of the sound file to play when the notification is shown.
-  * `urgency` string (optional) _Linux_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
+  * `urgency` string (optional) _Linux_ _Windows_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
   * `actions` [NotificationAction[]](structures/notification-action.md) (optional) _macOS_ - Actions to add to the notification. Please read the available actions and limitations in the `NotificationAction` documentation.
   * `closeButtonText` string (optional) _macOS_ - A custom title for the close button of an alert. An empty string will cause the default localized text to be used.
   * `toastXml` string (optional) _Windows_ - A custom description of the Notification on Windows superseding all properties above. Provides full customization of design and behavior of the notification.
 
+> [!NOTE]
+> On Windows, `urgency` type 'critical' sorts the notification higher in Action Center (above default priority notifications), but does not prevent auto-dismissal. To prevent auto-dismissal, you should also set
+> `timeoutType` to 'never'.
+
 ### Instance Events
 
 Objects created with `new Notification` emit the following events:

docs/api/protocol.md

@@ -56,6 +56,15 @@ app.whenReady().then(() => {
 })
 ```
 
+## Protocol names
+
+[RFC 3986](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) defines what a valid
+protocol name is:
+
+> Scheme names consist of a sequence of characters beginning with a letter and followed
+> by any combination of letters, digits, plus ("+"), period ("."), or hyphen ("-").
+> Although schemes are case-insensitive, the canonical form is lowercase […].
+
 ## Methods
 
 The `protocol` module has the following methods:

docs/api/session.md

@@ -629,6 +629,54 @@ Emitted after `USBDevice.forget()` has been called.  This event can be used
 to help maintain persistent storage of permissions when
 `setDevicePermissionHandler` is used.
 
+#### Event: 'select-webauthn-account'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `relyingPartyId` string - The relying party identifier from the WebAuthn request.
+  * `accounts` [WebAuthnAccount[]](structures/webauthn-account.md)
+  * `frame` [WebFrameMain](web-frame-main.md) | null - The frame initiating this event.
+      May be `null` if accessed after the frame has either navigated or been destroyed.
+* `callback` Function
+  * `credentialId` string | null (optional)
+
+Emitted when a call to `navigator.credentials.get()` resolves multiple
+discoverable WebAuthn credentials and the user must choose one. `callback`
+should be called with the `credentialId` of the selected account; passing no
+arguments — or a `credentialId` that does not match one of the provided
+accounts — will cancel the request and the page will receive a
+`NotAllowedError`. If no listener is registered for this event, the request is
+cancelled with the same error. The credential request remains pending until
+the listener invokes the callback, so always invoke it exactly once — typically
+from a `try { … } finally { callback(…) }` block.
+
+On macOS, the Touch ID platform authenticator surfaces accounts via this event
+once it has been configured with
+[`app.configureWebAuthn`](app.md#appconfigurewebauthnoptions-macos). The event
+may also fire on other platforms when a roaming FIDO2 authenticator returns
+multiple discoverable credentials.
+
+```js
+const { app, BrowserWindow } = require('electron')
+
+let win = null
+
+app.whenReady().then(() => {
+  app.configureWebAuthn({
+    touchID: { keychainAccessGroup: 'A1B2C3D4E5.com.example.app.webauthn' }
+  })
+
+  win = new BrowserWindow()
+
+  win.webContents.session.on('select-webauthn-account', (event, details, callback) => {
+    const selected = details.accounts.find((a) => a.name === 'alice@example.com')
+    callback(selected?.credentialId)
+  })
+})
+```
+
 ### Instance Methods
 
 The following methods are available on instances of `Session`:

docs/api/structures/custom-scheme.md

@@ -11,3 +11,5 @@
   * `stream` boolean (optional) - Default false.
   * `codeCache` boolean (optional) - Enable V8 code cache for the scheme, only
     works when `standard` is also set to true. Default false.
+  * `allowExtensions` boolean (optional) - Allow Chrome extensions to be used
+    on pages served over this protocol. Default false.

docs/api/structures/enable-heap-profiling-options.md

@@ -0,0 +1,26 @@
+# EnableHeapProfilingOptions Object
+
+* `mode` string (optional) - Controls which processes are profiled. Equivalent to `--memlog` in
+  Chrome. Default is `all`.
+  * `all` - Profile all processes.
+  * `browser` - Profile only the browser process.
+  * `gpu` - Profile only the GPU process.
+  * `minimal` - Profile only the browser and GPU processes.
+  * `renderer-sampling` - Profile at most 1 renderer process. Each renderer process has a fixed
+    probability of being profiled when the renderer process is started or, for existing processes,
+    when heap profiling is enabled.
+  * `all-renderers` - Profile all renderer processes.
+  * `utility-sampling` - Each utility process has a fixed probability of being profiled.
+  * `all-utilities` - Profile all utility processes.
+  * `utility-and-browser` - Profile all utility processes and the browser process.
+* `samplingRate` number (optional) - Controls the sampling interval in bytes. The lower the
+  interval, the more precise the profile is. However it comes at the cost of performance. Default
+  is `100000` (100KB). That is enough to observe allocation sites that make allocations >500KB
+  total, where total equals to a single allocation size times the number of such allocations at the
+  same call site. Equivalent to `--memlog-sampling-rate` in Chrome. Must be an integer between
+  `1000` and `10000000`.
+* `stackMode` string (optional) - Controls the type of metadata recorded for each allocation.
+  Equivalent to `--memlog-stack-mode` in Chrome. Default is `native`.
+  * `native` - Instruction addresses from unwinding the stack.
+  * `native-with-thread-names` - Instruction addresses from unwinding the stack. Includes the thread
+    name as the first frame.

docs/api/structures/web-preferences.md

@@ -94,6 +94,7 @@
     The actual output pixel format and color space of the texture should refer to [`OffscreenSharedTexture`](../structures/offscreen-shared-texture.md) object in the `paint` event.
     * `argb` - The requested output texture format is 8-bit unorm RGBA, with SRGB SDR color space.
     * `rgbaf16` - The requested output texture format is 16-bit float RGBA, with scRGB HDR color space.
+  * `deviceScaleFactor` number (optional) _Experimental_ - The device scale factor of the offscreen rendering output. If not set, will use primary display's scale factor as default.
 * `contextIsolation` boolean (optional) - Whether to run Electron APIs and
   the specified `preload` script in a separate JavaScript context. Defaults
   to `true`. The context that the `preload` script runs in will only have

docs/api/structures/webauthn-account.md

@@ -0,0 +1,9 @@
+# WebAuthnAccount Object
+
+* `credentialId` string - URL-safe base64-encoded (no padding) credential ID of
+  the discoverable credential. Matches `PublicKeyCredential.id` returned by
+  `navigator.credentials.get()` in the renderer.
+* `userHandle` string (optional) - URL-safe base64-encoded (no padding) user
+  handle (`user.id`) that was provided when the credential was created.
+* `name` string (optional) - Human-palatable identifier for the account (for example, an email address or username).
+* `displayName` string (optional) - Human-palatable name for the account, intended for display.

docs/api/web-contents.md

@@ -226,7 +226,16 @@ Returns:
     Only defined when the window is being created by a form that set
     `target=_blank`.
   * `disposition` string - Can be `default`, `foreground-tab`,
-    `background-tab`, `new-window` or `other`.
+    `background-tab`, `new-window` or `other`. Corresponds to the manner
+    an associated link was clicked. See Chromium's
+    [WindowOpenDisposition](https://source.chromium.org/chromium/chromium/src/+/main:ui/base/window_open_disposition.h).
+    * `default` - Indicates Chromium deems in-window navigation valid
+      for a window open call.
+    * `foreground-tab` - Corresponds to a left click or shift + middle click.
+    * `background-tab` - Corresponds to a middle click or ctrl/cmd + click.
+    * `new-window` - Corresponds to a shift + left click.
+    * `other` - A catch-all for the remaining Chromium dispositions not
+      handled by Electron.
 
 Emitted _after_ successful creation of a window via `window.open` in the renderer.
 Not emitted if the creation of the window is canceled from
@@ -1449,8 +1458,17 @@ Ignore application menu shortcuts while this web contents is focused.
     * `url` string - The _resolved_ version of the URL passed to `window.open()`. e.g. opening a window with `window.open('foo')` will yield something like `https://the-origin/the/current/path/foo`.
     * `frameName` string - Name of the window provided in `window.open()`
     * `features` string - Comma separated list of window features provided to `window.open()`.
-    * `disposition` string - Can be `default`, `foreground-tab`, `background-tab`,
-      `new-window` or `other`.
+    * `disposition` string - Can be `default`, `foreground-tab`,
+      `background-tab`, `new-window` or `other`. Corresponds to the manner
+      an associated link was clicked. See Chromium's
+      [WindowOpenDisposition](https://source.chromium.org/chromium/chromium/src/+/main:ui/base/window_open_disposition.h).
+      * `default` - Indicates Chromium deems in-window navigation valid
+        for a window open call.
+      * `foreground-tab` - Corresponds to a left click or shift + middle click.
+      * `background-tab` - Corresponds to a middle click or ctrl/cmd + click.
+      * `new-window` - Corresponds to a shift + left click.
+      * `other` - A catch-all for the remaining Chromium dispositions not
+        handled by Electron.
     * `referrer` [Referrer](structures/referrer.md) - The referrer that will be
       passed to the new window. May or may not result in the `Referer` header being
       sent, depending on the referrer policy.
@@ -1485,6 +1503,11 @@ mainWindow.webContents.setWindowOpenHandler((details) => {
       const browserView = new BrowserView(options)
       mainWindow.addBrowserView(browserView)
       browserView.setBounds({ x: 0, y: 0, width: 640, height: 480 })
+      // For `background-tab` disposition (e.g., when middle-clicking or ctrl/cmd-clicking a link),
+      // `options.webContents` is undefined because its creation can be deferred. So load the URL manually.
+      if (details.disposition === 'background-tab') {
+        browserView.webContents.loadURL(details.url)
+      }
       return browserView.webContents
     }
   }

docs/api/window-open.md

@@ -33,10 +33,14 @@ because it is invoked in the main process.
 Returns [`Window`](https://developer.mozilla.org/en-US/docs/Web/API/Window) | null
 
 `features` is a comma-separated key-value list, following the standard format of
-the browser. Electron will parse [`BrowserWindowConstructorOptions`](structures/browser-window-options.md) out of this
-list where possible, for convenience. For full control and better ergonomics,
-consider using `webContents.setWindowOpenHandler` to customize the
-BrowserWindow creation.
+the browser. For convenience, Electron will parse a subset of presentational
+[`BrowserWindowConstructorOptions`](structures/browser-window-options.md) out of
+this list (such as `width`, `height`, `x`, `y`, `show`, `frame`, `title`,
+`backgroundColor`). Because the renderer is untrusted, options that cause the
+main process to access the filesystem or that are otherwise privileged (such as
+`icon`) are ignored. For full control and better ergonomics, use
+`webContents.setWindowOpenHandler` to customize the BrowserWindow creation from
+the main process.
 
 A subset of [`WebPreferences`](structures/web-preferences.md) can be set directly,
 unnested, from the features string: `zoomFactor`, `nodeIntegration`, `javascript`,
@@ -56,9 +60,10 @@ window.open('https://github.com', '_blank', 'top=500,left=200,frame=false,nodeIn
   enabled on the parent window.
 * JavaScript will always be disabled in the opened `window` if it is disabled on
   the parent window.
-* Non-standard features (that are not handled by Chromium or Electron) given in
-  `features` will be passed to any registered `webContents`'s
-  `did-create-window` event handler in the `options` argument.
+* Features that are not handled by Chromium and not in Electron's allowlist of
+  presentational `BrowserWindowConstructorOptions` are ignored. The raw
+  `features` string is still available to the main process via
+  `setWindowOpenHandler`.
 * `frameName` follows the specification of `target` located in the [native documentation](https://developer.mozilla.org/en-US/docs/Web/API/Window/open#parameters).
 * When opening `about:blank`, the child window's [`WebPreferences`](structures/web-preferences.md) will be copied
   from the parent window, and there is no way to override it because Chromium

docs/breaking-changes.md

@@ -28,6 +28,12 @@ When a cookie is deleted, the change cause remains `explicit`.
 When the cookie being set is identical to an existing one (same name, domain, path, and value, with no actual changes), the change cause is `inserted-no-change-overwrite`.
 When the value of the cookie being set remains unchanged but some of its attributes are updated, such as the expiration attribute, the change cause will be `inserted-no-value-change-overwrite`.
 
+### Deprecated: `showHiddenFiles` in Dialogs on Linux
+
+This property will still be honored on macOS and Windows, but support on Linux
+will be removed in Electron 42. GTK intends for this to be a user choice rather
+than an app choice and has removed the API to do this programmatically.
+
 ## Planned Breaking API Changes (40.0)
 
 ### Deprecated: `clipboard` API access from renderer processes
@@ -41,12 +47,6 @@ your preload script and expose it using the [contextBridge](https://www.electron
 Debug symbols for MacOS (dSYM) now use xz compression in order to handle larger file sizes. `dsym.zip` files are now
 `dsym.tar.xz` files. End users using debug symbols may need to update their zip utilities.
 
-### Deprecated: `showHiddenFiles` in Dialogs on Linux
-
-This property will still be honored on macOS and Windows, but support on Linux
-will be removed in Electron 42. GTK intends for this to be a user choice rather
-than an app choice and has removed the API to do this programmatically.
-
 ## Planned Breaking API Changes (39.0)
 
 ### Deprecated: `--host-rules` command line switch

docs/development/patches.md

@@ -79,7 +79,7 @@ $ ../../electron/script/git-import-patches ../../electron/patches/node
 $ ../../electron/script/git-export-patches -o ../../electron/patches/node
 ```
 
-Note that `git-import-patches` will mark the commit that was `HEAD` when it was run as `refs/patches/upstream-head`. This lets you keep track of which commits are from Electron patches (those that come after `refs/patches/upstream-head`) and which commits are in upstream (those before `refs/patches/upstream-head`).
+Note that `git-import-patches` will mark the commit that was `HEAD` when it was run as `refs/patches/upstream-head` (and a checkout-specific `refs/patches/upstream-head-<hash>` so that gclient worktrees sharing a `.git/refs` directory don't clobber each other). This lets you keep track of which commits are from Electron patches (those that come after `refs/patches/upstream-head`) and which commits are in upstream (those before `refs/patches/upstream-head`).
 
 #### Resolving conflicts
 

docs/development/pull-requests.md

@@ -21,24 +21,33 @@
 
 ### Step 1: Fork
 
-Fork the project [on GitHub](https://github.com/electron/electron) and clone your fork
-locally.
-
-```sh
-$ git clone git@github.com:username/electron.git
-$ cd electron
-$ git remote add upstream https://github.com/electron/electron.git
-$ git fetch upstream
-```
+Fork Electron's [GitHub repository](https://github.com/electron/electron).
 
 ### Step 2: Build
 
-Build steps and dependencies differ slightly depending on your operating system.
-See these detailed guides on building Electron locally:
+We recommend using [`@electron/build-tools`](https://github.com/electron/build-tools) to build
+Electron itself.
 
-* [Building on macOS](build-instructions-macos.md)
-* [Building on Linux](build-instructions-linux.md)
-* [Building on Windows](build-instructions-windows.md)
+```sh
+# Install build-tools package globally:
+npm install -g @electron/build-tools
+# Run the init script where you want to clone the project and point it to your fork:
+e init --fork my-org/electron --bootstrap testing
+```
+
+This will create a new `electron` folder in your working directory and initialize the project.
+Once the build completes, navigate to `electron/src/electron`, where your fork is actually cloned.
+
+> [!IMPORTANT]
+> Your Electron project has a complex folder structure with nested repositories.
+> See the [Build Instructions](./build-instructions-gn.md) docs for detailed Build Tools
+> usage instructions (e.g. how to sync dependencies or how to recompile the binary)
+> and platform-specific notices.
+
+There, you should have two `remote` URLs in git:
+
+* `origin` will point to `electron/electron`
+* `fork` will point to your fork (`my-org/electron`)
 
 Once you've built the project locally, you're ready to start making changes!
 
@@ -48,7 +57,7 @@ To keep your development environment organized, create local branches to
 hold your work. These should be branched directly off of the `main` branch.
 
 ```sh
-$ git checkout -b my-branch -t upstream/main
+git checkout -b my-branch
 ```
 
 ## Making Changes
@@ -60,7 +69,7 @@ changes to either the C/C++ code in the `shell/` folder,
 the JavaScript code in the `lib/` folder, the documentation in `docs/api/`
 or tests in the `spec/` folder.
 
-Please be sure to run `npm run lint` from time to time on any code changes
+Please be sure to run `yarn lint` from time to time on any code changes
 to ensure that they follow the project's code style.
 
 See [coding style](coding-style.md) for
@@ -75,8 +84,8 @@ across multiple commits. There is no limit to the number of commits in a
 pull request.
 
 ```sh
-$ git add my/changed/files
-$ git commit
+git add my/changed/files
+git commit
 ```
 
 Note that multiple commits get squashed when they are landed.
@@ -138,8 +147,8 @@ Once you have committed your changes, it is a good idea to use `git rebase`
 (not `git merge`) to synchronize your work with the main repository.
 
 ```sh
-$ git fetch upstream
-$ git rebase upstream/main
+git fetch origin
+git rebase origin/main
 ```
 
 This ensures that your working branch has the latest changes from `electron/electron`
@@ -156,7 +165,7 @@ Before submitting your changes in a pull request, always run the full
 test suite. To run the tests:
 
 ```sh
-$ npm run test
+yarn test
 ```
 
 Make sure the linter does not report any issues and that all tests pass.
@@ -165,7 +174,7 @@ Please do not submit patches that fail either check.
 If you are updating tests and want to run a single spec to check it:
 
 ```sh
-$ npm run test -match=menu
+yarn test -match=menu
 ```
 
 The above would only run spec modules matching `menu`, which is useful for
@@ -179,7 +188,7 @@ begin the process of opening a pull request by pushing your working branch
 to your fork on GitHub.
 
 ```sh
-$ git push origin my-branch
+git push fork my-branch
 ```
 
 ### Step 9: Opening the Pull Request
@@ -203,9 +212,9 @@ branch, add a new commit with those changes, and push those to your fork.
 GitHub will automatically update the pull request.
 
 ```sh
-$ git add my/changed/files
-$ git commit
-$ git push origin my-branch
+git add my/changed/files
+git commit
+git push fork my-branch
 ```
 
 There are a number of more advanced mechanisms for managing commits using
@@ -213,8 +222,8 @@ There are a number of more advanced mechanisms for managing commits using
 
 Feel free to post a comment in the pull request to ping reviewers if you are
 awaiting an answer on something. If you encounter words or acronyms that
-seem unfamiliar, refer to this
-[glossary](https://sites.google.com/a/chromium.org/dev/glossary).
+seem unfamiliar, refer to the
+[Chromium glossary](https://sites.google.com/a/chromium.org/dev/glossary).
 
 #### Approval and Request Changes Workflow
 

docs/tutorial/custom-window-styles.md

@@ -12,6 +12,10 @@ To create a frameless window, set the [`BaseWindowContructorOptions`][] `frame`
 
 ```
 
+On Wayland (Linux), frameless windows have GTK drop shadows and extended
+resize boundaries by default. To create a fully frameless window with no
+decorations, set `hasShadow: false` in the window constructor options.
+
 ## Transparent windows
 
 ![Transparent Window](../images/transparent-window.png)

docs/tutorial/electron-timelines.md

@@ -2,28 +2,53 @@
 
 Electron frequently releases major versions alongside every other Chromium release.
 This document focuses on the release cadence and version support policy.
-For a more in-depth guide on our git branches and how Electron uses semantic versions,
-check out our [Electron Versioning](./electron-versioning.md) doc.
+
+> [!TIP]
+> See the [Electron Versioning](./electron-versioning.md) document for more details
+> on how Electron is versioned.
 
 ## Timeline
 
 [Electron's Release Schedule](https://releases.electronjs.org/schedule) lists a schedule of Electron major releases showing key milestones including alpha, beta, and stable release dates, as well as end-of-life dates and dependency versions.
 
-:::info Official support dates may change
+> [!IMPORTANT]
+> Electron's official support policy is the latest 3 stable releases. Our stable
+> release and end-of-life dates are determined by Chromium, and may be subject to
+> change. While we try to keep our planned release and end-of-life dates frequently
+> updated here, future dates may change if affected by upstream scheduling changes,
+> and may not always be accurately reflected.
+>
+> See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
+> definitive information about Chromium's scheduled release dates.
 
-Electron's official support policy is the latest 3 stable releases. Our stable
-release and end-of-life dates are determined by Chromium, and may be subject to
-change. While we try to keep our planned release and end-of-life dates frequently
-updated here, future dates may change if affected by upstream scheduling changes,
-and may not always be accurately reflected.
+Electron's cadence between major version releases is 8 weeks long. Before each major
+version hits stable, it goes through a four-week **alpha** phase and a four-week
+**beta** phase.
 
- See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
- definitive information about Chromium's scheduled release dates.
-
- :::
+```mermaid
+gantt
+    title Electron release cycle
+    dateFormat  YYYY-MM-DD
+    axisFormat  Week %W
+    todayMarker off
+    section v41
+    Alpha phase                    :a1, 2026-01-19, 4w
+    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
+    Beta phase                     :b1, after a1, 4w
+    M146 enters Chrome stable      :milestone, s1, after b1, 0d
+    Supported until v44 release    :active, after b1, 12w
+    section v42
+    Alpha phase                    :a2, after b1, 4w
+    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
+    Beta phase                     :b2, after a2, 4w
+    M148 enters Chrome stable      :milestone, s2, after b2, 0d
+    Supported until v45 release    :active, after b2, 4w
+```
 
 **Notes:**
 
+* Alphas are generally less stable than beta releases. The cutoff between the two
+  corresponds to when the underlying Chromium version enters Chrome's Beta channel.
 * The `-alpha.1`, `-beta.1`, and `stable` dates are our solid release dates.
 * We strive for weekly alpha/beta releases, but we often release more than scheduled.
 * All dates are our goals but there may be reasons for adjusting the stable deadline, such as security bugs.
@@ -38,10 +63,11 @@ and may not always be accurately reflected.
 ## Version support policy
 
 The latest three _stable_ major versions are supported by the Electron team.
-For example, if the latest release is 6.1.x, then the 5.0.x as well
-as the 4.2.x series are supported. We only support the latest minor release
+
+For example, if the latest release is 42.1.x, then the 41.0.x as well
+as the 40.2.x series are supported. We only support the latest minor release
 for each stable release series. This means that in the case of a security fix,
-6.1.x will receive the fix, but we will not release a new version of 6.0.x.
+42.1.x will receive the fix, but we will not release a new version of 42.0.x.
 
 The latest stable release unilaterally receives all fixes from `main`,
 and the version prior to that receives the vast majority of those fixes
@@ -50,11 +76,8 @@ only security fixes directly.
 
 ### Chromium version support
 
-:::info Chromium release schedule
-
-Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
-
-:::
+> [!TIP]
+> Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
 
 Electron targets Chromium even-number versions, releasing every 8 weeks in concert
 with Chromium's 4-week release schedule. For example, Electron 26 uses Chromium 116, while Electron 27 uses Chromium 118.
@@ -82,3 +105,7 @@ and that number is reduced to two in major version 10, the three-argument versio
 continue to work until, at minimum, major version 12. Past the minimum two-version
 threshold, we will attempt to support backwards compatibility beyond two versions
 until the maintainers feel the maintenance burden is too high to continue doing so.
+
+> [!TIP]
+> For a canonical list of breaking changes, see the [Breaking Changes](../breaking-changes.md)
+> document.

docs/tutorial/electron-versioning.md

@@ -14,18 +14,6 @@ To update an existing project to use the latest stable version:
 npm install --save-dev electron@latest
 ```
 
-## Versioning scheme
-
-There are several major changes from our 1.x strategy outlined below. Each change is intended to satisfy the needs and priorities of developers/maintainers and app developers.
-
-1. Strict use of the [SemVer](#semver) spec
-2. Introduction of semver-compliant `-beta` tags
-3. Introduction of [conventional commit messages](https://conventionalcommits.org/)
-4. Well-defined stabilization branches
-5. The `main` branch is versionless; only stabilization branches contain version information
-
-We will cover in detail how git branching works, how npm tagging works, what developers should expect to see, and how one can backport changes.
-
 ## SemVer
 
 Below is a table explicitly mapping types of changes to their corresponding category of SemVer (e.g. Major, Minor, Patch).
@@ -34,7 +22,7 @@ Below is a table explicitly mapping types of changes to their corresponding cate
 | ------------------------------- | ---------------------------------- | ----------------------------- |
 | Electron breaking API changes   | Electron non-breaking API changes  | Electron bug fixes            |
 | Node.js major version updates   | Node.js minor version updates      | Node.js patch version updates |
-| Chromium version updates        |                                    | fix-related chromium patches  |
+| Chromium version updates        |                                    | fix-related Chromium patches  |
 
 For more information, see the [Semantic Versioning 2.0.0](https://semver.org/) spec.
 
@@ -44,68 +32,189 @@ Note that most Chromium updates will be considered breaking. Fixes that can be b
 
 Stabilization branches are branches that run parallel to `main`, taking in only cherry-picked commits that are related to security or stability. These branches are never merged back to `main`.
 
-![Stabilization Branches](../images/versioning-sketch-1.png)
-
-Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`.  Prior to that we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.
-
-We allow for multiple stabilization branches to exist simultaneously, one for each supported version. For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
-
-![Multiple Stability Branches](../images/versioning-sketch-2.png)
-
-Older lines will not be supported by the Electron project, but other groups can take ownership and backport stability and security fixes on their own. We discourage this, but recognize that it makes life easier for many app developers.
-
-## Beta releases and bug fixes
-
-Developers want to know which releases are _safe_ to use. Even seemingly innocent features can introduce regressions in complex applications. At the same time, locking to a fixed version is dangerous because you’re ignoring security patches and bug fixes that may have come out since your version. Our goal is to allow the following standard semver ranges in `package.json` :
-
-* Use `~2.0.0` to admit only stability or security related fixes to your `2.0.0` release.
-* Use `^2.0.0` to admit non-breaking _reasonably stable_ feature work as well as security and bug fixes.
-
-What’s important about the second point is that apps using `^` should still be able to expect a reasonable level of stability. To accomplish this, SemVer allows for a _pre-release identifier_ to indicate a particular version is not yet _safe_ or _stable_.
-
-Whatever you choose, you will periodically have to bump the version in your `package.json` as breaking changes are a fact of Chromium life.
-
-The process is as follows:
-
-1. All new major and minor releases lines begin with a beta series indicated by SemVer prerelease tags of `beta.N`, e.g. `2.0.0-beta.1`. After the first beta, subsequent beta releases must meet all of the following conditions:
-    1. The change is backwards API-compatible (deprecations are allowed)
-    2. The risk to meeting our stability timeline must be low.
-2. If allowed changes need to be made once a release is beta, they are applied and the prerelease tag is incremented, e.g. `2.0.0-beta.2`.
-3. If a particular beta release is _generally regarded_ as stable, it will be re-released as a stable build, changing only the version information. e.g. `2.0.0`. After the first stable, all changes must be backwards-compatible bug or security fixes.
-4. If future bug fixes or security patches need to be made once a release is stable, they are applied and the _patch_ version is incremented
-e.g. `2.0.1`.
-
-Specifically, the above means:
-
-1. Admitting non-breaking-API changes before Week 3 in the beta cycle is okay, even if those changes have the potential to cause moderate side-effects.
-2. Admitting feature-flagged changes, that do not otherwise alter existing code paths, at most points in the beta cycle is okay. Users can explicitly enable those flags in their apps.
-3. Admitting features of any sort after Week 3 in the beta cycle is 👎 without a very good reason.
-
-For each major and minor bump, you should expect to see something like the following:
-
-```plaintext
-2.0.0-beta.1
-2.0.0-beta.2
-2.0.0-beta.3
-2.0.0
-2.0.1
-2.0.2
+```mermaid
+gitGraph
+    commit
+    commit
+    branch N-x-y
+    checkout main
+    commit id:"fix-1"
+    checkout N-x-y
+    cherry-pick id:"fix-1"
+    checkout main
+    commit id:"fix-2"
+    checkout N-x-y
+    cherry-pick id:"fix-2"
+    checkout main
+    commit
+    commit
 ```
 
-An example lifecycle in pictures:
+Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`. (Prior to that, we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.)
 
-* A new release branch is created that includes the latest set of features. It is published as `2.0.0-beta.1`.
-![New Release Branch](../images/versioning-sketch-3.png)
-* A bug fix comes into master that can be backported to the release branch. The patch is applied, and a new beta is published as `2.0.0-beta.2`.
-![Bugfix Backport to Beta](../images/versioning-sketch-4.png)
-* The beta is considered _generally stable_ and it is published again as a non-beta under `2.0.0`.
-![Beta to Stable](../images/versioning-sketch-5.png)
-* Later, a zero-day exploit is revealed and a fix is applied to master. We backport the fix to the `2-0-x` line and release `2.0.1`.
-![Security Backports](../images/versioning-sketch-6.png)
+We allow for multiple stabilization branches to exist simultaneously, one for each supported version.
 
-A few examples of how various SemVer ranges will pick up new releases:
+> [!TIP]
+> For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
 
-![Semvers and Releases](../images/versioning-sketch-7.png)
+```mermaid
+gitGraph
+    commit
+    branch "41-x-y"
+    checkout main
+    commit
+    commit
+    commit id:"fix-a"
+    checkout "41-x-y"
+    cherry-pick id:"fix-a"
+    checkout main
+    commit
+    commit id:"fix-b"
+    checkout "41-x-y"
+    cherry-pick id:"fix-b"
+    checkout main
+    commit
+    branch "42-x-y"
+    checkout main
+    commit
+    commit id:"fix-c"
+    checkout "41-x-y"
+    cherry-pick id:"fix-c"
+    checkout "42-x-y"
+    cherry-pick id:"fix-c"
+    checkout main
+    commit
+    commit id:"fix-d"
+    checkout "41-x-y"
+    cherry-pick id:"fix-d"
+    checkout "42-x-y"
+    cherry-pick id:"fix-d"
+    checkout main
+    commit
+```
+
+Older lines will not be supported by the Electron project.
+
+## Release cycle
+
+Electron follows an **8-week regular release cycle** where key milestones correspond to
+matching dates in the Chromium release cycle.
+
+```mermaid
+gantt
+    title Electron release cycle
+    dateFormat  YYYY-MM-DD
+    axisFormat  Week %W
+    todayMarker off
+    section v41
+    Alpha phase                    :a1, 2026-01-19, 4w
+    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
+    Beta phase                     :b1, after a1, 4w
+    M146 enters Chrome stable      :milestone, s1, after b1, 0d
+    Supported until v44 release    :active, after b1, 12w
+    section v42
+    Alpha phase                    :a2, after b1, 4w
+    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
+    Beta phase                     :b2, after a2, 4w
+    M148 enters Chrome stable      :milestone, s2, after b2, 0d
+    Supported until v45 release    :active, after b2, 4w
+```
+
+### Example
+
+When Electron 41 hits its stable release, the release line for Electron 42 is branched off of `main`.
+Its first alpha release is created with all the changes contained on `main`:
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit tag:"v42.0.0-alpha.1"
+```
+
+A bug fix comes into `main` that can be backported to the release branch. The patch is applied,
+and it is published in the next `v42.0.0-alpha.2` release.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+```
+
+The version of Chromium that powers Electron 42 hits Chrome's beta channel. The `alpha` line is
+promoted to `beta`.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+    checkout "main"
+    commit
+    commit
+    commit id:"fix-2"
+    checkout "42-x-y"
+    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
+```
+
+Beta releases continue weekly until Electron 42 is promoted to stable and the same cycle starts again
+with `43-x-y`. Later, a zero-day exploit is revealed and a fix is applied to `main`. We backport the
+fix to the `42-x-y` line and release `42.0.1`.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+    checkout "main"
+    commit
+    commit
+    commit id:"fix-2"
+    checkout "42-x-y"
+    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
+    checkout "main"
+    commit id:"fix-3"
+    checkout "42-x-y"
+    cherry-pick id:"fix-3" tag:"v42.0.0"
+    checkout "main"
+    branch "43-x-y"
+    checkout "43-x-y"
+    commit id:"43.0.0-alpha.1" tag:"v43.0.0-alpha.1"
+    checkout "main"
+    commit id:"security-fix"
+    checkout "42-x-y"
+    cherry-pick id:"security-fix" tag:"v42.0.1"
+    checkout "43-x-y"
+    cherry-pick id:"security-fix" tag:"v43.0.0-alpha.2"
+```
 
 ### Backport request process
 
@@ -136,10 +245,11 @@ The `electron/electron` repository also enforces squash merging, so you only nee
 
 ## Versioned `main` branch
 
-* The `main` branch will always contain the next major version `X.0.0-nightly.DATE` in its `package.json`.
+* The `main` branch always corresponds to the major version above the current pre-release line.
+* Unstable nightly releases of `main` are released under the [`electron-nightly`](https://www.npmjs.com/package/electron-nightly)
+  package on npm.
 * Release branches are never merged back to `main`.
-* Release branches _do_ contain the correct version in their `package.json`.
-* As soon as a release branch is cut for a major, `main` must be bumped to the next major (i.e. `main` is always versioned as the next theoretical release branch).
+* All `package.json` values are fixed at `0.0.0-development`.
 
 ## Historical versioning (Electron 1.X)
 
@@ -147,6 +257,29 @@ Electron versions _< 2.0_ did not conform to the [SemVer](https://semver.org) sp
 
 Here is an example of the 1.x strategy:
 
-![1.x Versioning](../images/versioning-sketch-0.png)
+```mermaid
+---
+config:
+  gitGraph:
+    mainBranchName: 'master'
+---
+gitGraph
+    commit
+    branch "bugfix-1"
+    checkout "bugfix-1"
+    commit
+    checkout master
+    merge "bugfix-1" tag:"1.8.1"
+    branch "feature"
+    checkout "feature"
+    commit
+    checkout master
+    merge "feature" tag:"1.8.2"
+    branch "bugfix-2"
+    checkout "bugfix-2"
+    commit
+    checkout master
+    merge "bugfix-2" tag:"1.8.3"
+```
 
 An app developed with `1.8.1` cannot take the `1.8.3` bug fix without either absorbing the `1.8.2` feature, or by backporting the fix and maintaining a new release line.

docs/tutorial/fuses.md

@@ -146,13 +146,15 @@ The extra privileges granted to the `file://` protocol by this fuse are incomple
 The `wasmTrapHandlers` fuse controls whether V8 will use signal handlers to trap Out of Bounds memory
 access from WebAssembly. The feature works by surrounding the WebAssembly memory with large guard regions
 and then installing a signal handler that traps attempt to access memory in the guard region. The feature
-is only supported on the following 64-bit systems.
+is only supported on the following 64-bit systems:
 
-Linux. MacOS, Windows - x86_64
-Linux, MacOS - aarch64
+* Linux, macOS, Windows - x86_64
+* Linux, macOS - aarch64
 
+```text
 | Guard Pages | WASM heap | Guard Pages |
 |-----8GB-----|           |-----8GB-----|
+```
 
 When the fuse is disabled V8 will use explicit bound checks in the generated WebAssembly code to ensure
 memory safety. However, this method has some downsides

docs/tutorial/installation.md

@@ -24,6 +24,27 @@ npx electron .
 The above command will run the current working directory with Electron. Note that
 any dependencies in your app will not be installed.
 
+## Installing prereleases
+
+Electron [distributes experimental releases of future major versions](./electron-timelines.md)
+via npm as well.
+
+Nightly builds contain the latest changes from the `main` branch:
+
+```sh
+npm install electron-nightly --save-dev
+```
+
+Alpha and beta builds contain changes slated for the next major version:
+
+```sh
+npm install electron@alpha --save-dev
+npm install electron@beta --save-dev
+```
+
+> [!TIP]
+> For more information on available Electron releases, see the [Release Status dashboard](https://releases.electronjs.org).
+
 ## Customization
 
 If you want to change the architecture that is downloaded (e.g., `x64` on an

filenames.auto.gni

@@ -90,6 +90,7 @@ auto_filenames = {
     "docs/api/structures/custom-scheme.md",
     "docs/api/structures/desktop-capturer-source.md",
     "docs/api/structures/display.md",
+    "docs/api/structures/enable-heap-profiling-options.md",
     "docs/api/structures/extension-info.md",
     "docs/api/structures/extension.md",
     "docs/api/structures/file-filter.md",
@@ -169,6 +170,7 @@ auto_filenames = {
     "docs/api/structures/web-preferences.md",
     "docs/api/structures/web-request-filter.md",
     "docs/api/structures/web-source.md",
+    "docs/api/structures/webauthn-account.md",
     "docs/api/structures/window-open-handler-response.md",
     "docs/api/structures/window-session-end-event.md",
   ]

filenames.gni

@@ -431,6 +431,10 @@ filenames = {
     "shell/browser/media/media_capture_devices_dispatcher.h",
     "shell/browser/media/media_device_id_salt.cc",
     "shell/browser/media/media_device_id_salt.h",
+    "shell/browser/metrics/electron_metrics_log_uploader.cc",
+    "shell/browser/metrics/electron_metrics_log_uploader.h",
+    "shell/browser/metrics/electron_metrics_service_client.cc",
+    "shell/browser/metrics/electron_metrics_service_client.h",
     "shell/browser/microtasks_runner.cc",
     "shell/browser/microtasks_runner.h",
     "shell/browser/native_window.cc",
@@ -507,6 +511,10 @@ filenames = {
     "shell/browser/session_preferences.h",
     "shell/browser/special_storage_policy.cc",
     "shell/browser/special_storage_policy.h",
+    "shell/browser/tracing/electron_background_tracing_metrics_provider.cc",
+    "shell/browser/tracing/electron_background_tracing_metrics_provider.h",
+    "shell/browser/tracing/electron_tracing_delegate.cc",
+    "shell/browser/tracing/electron_tracing_delegate.h",
     "shell/browser/ui/accelerator_util.cc",
     "shell/browser/ui/accelerator_util.h",
     "shell/browser/ui/autofill_popup.cc",
@@ -557,6 +565,8 @@ filenames = {
     "shell/browser/web_view_guest_delegate.h",
     "shell/browser/web_view_manager.cc",
     "shell/browser/web_view_manager.h",
+    "shell/browser/webauthn/electron_authenticator_request_client_delegate.cc",
+    "shell/browser/webauthn/electron_authenticator_request_client_delegate.h",
     "shell/browser/webauthn/electron_authenticator_request_delegate.cc",
     "shell/browser/webauthn/electron_authenticator_request_delegate.h",
     "shell/browser/window_list.cc",
@@ -780,6 +790,8 @@ filenames = {
     "shell/browser/extensions/electron_extension_system_factory.h",
     "shell/browser/extensions/electron_extension_system.cc",
     "shell/browser/extensions/electron_extension_system.h",
+    "shell/browser/extensions/electron_extension_tab_util.cc",
+    "shell/browser/extensions/electron_extension_tab_util.h",
     "shell/browser/extensions/electron_extension_web_contents_observer.cc",
     "shell/browser/extensions/electron_extension_web_contents_observer.h",
     "shell/browser/extensions/electron_extensions_api_client.cc",

lib/browser/api/web-contents.ts

@@ -212,7 +212,7 @@ function parsePageSize (pageSize: string | ElectronInternal.PageSize) {
 
 // Translate the options of printToPDF.
 
-let pendingPromise: Promise<any> | undefined;
+const printToPDFQueues = new WeakMap<Electron.WebContents, Promise<unknown>>();
 WebContents.prototype.printToPDF = async function (options) {
   const margins = checkType(options.margins ?? {}, 'object', 'margins');
   const pageSize = parsePageSize(options.pageSize ?? 'letter');
@@ -244,16 +244,19 @@ WebContents.prototype.printToPDF = async function (options) {
     ...pageSize
   };
 
-  if (this._printToPDF) {
-    if (pendingPromise) {
-      pendingPromise = pendingPromise.then(() => this._printToPDF(printSettings));
-    } else {
-      pendingPromise = this._printToPDF(printSettings);
-    }
-    return pendingPromise;
-  } else {
+  if (!this._printToPDF) {
     throw new Error('Printing feature is disabled');
   }
+
+  const prev = printToPDFQueues.get(this) ?? Promise.resolve();
+  const next = prev.catch(() => {}).then(() => this._printToPDF(printSettings));
+  printToPDFQueues.set(this, next);
+  next
+    .finally(() => {
+      if (printToPDFQueues.get(this) === next) printToPDFQueues.delete(this);
+    })
+    .catch(() => {});
+  return next;
 };
 
 // TODO(codebytere): deduplicate argument sanitization by moving rest of
@@ -782,8 +785,7 @@ WebContents.prototype._init = function () {
   const originCounts = new Map<string, number>();
   const openDialogs = new Set<AbortController>();
   this.on('-run-dialog', async (info, callback) => {
-    const originUrl = new URL(info.frame.url);
-    const origin = originUrl.protocol === 'file:' ? originUrl.href : originUrl.origin;
+    const origin = info.frame.origin === 'file://' ? info.frame.url : info.frame.origin;
     if ((originCounts.get(origin) ?? 0) < 0) return callback(false, '');
 
     const prefs = this.getLastWebPreferences();

lib/browser/default-menu.ts

@@ -1,5 +1,4 @@
-import { shell } from 'electron/common';
-import { app, Menu } from 'electron/main';
+import { Menu } from 'electron/main';
 
 const isMac = process.platform === 'darwin';
 
@@ -12,47 +11,13 @@ export const setApplicationMenuWasSet = () => {
 export const setDefaultApplicationMenu = () => {
   if (applicationMenuWasSet) return;
 
-  const helpMenu: Electron.MenuItemConstructorOptions = {
-    role: 'help',
-    submenu: app.isPackaged
-      ? []
-      : [
-          {
-            label: 'Learn More',
-            click: async () => {
-              await shell.openExternal('https://electronjs.org');
-            }
-          },
-          {
-            label: 'Documentation',
-            click: async () => {
-              const version = process.versions.electron;
-              await shell.openExternal(`https://github.com/electron/electron/tree/v${version}/docs#readme`);
-            }
-          },
-          {
-            label: 'Community Discussions',
-            click: async () => {
-              await shell.openExternal('https://discord.gg/electronjs');
-            }
-          },
-          {
-            label: 'Search Issues',
-            click: async () => {
-              await shell.openExternal('https://github.com/electron/electron/issues');
-            }
-          }
-        ]
-  };
-
   const macAppMenu: Electron.MenuItemConstructorOptions = { role: 'appMenu' };
   const template: Electron.MenuItemConstructorOptions[] = [
     ...(isMac ? [macAppMenu] : []),
     { role: 'fileMenu' },
     { role: 'editMenu' },
     { role: 'viewMenu' },
-    { role: 'windowMenu' },
-    helpMenu
+    { role: 'windowMenu' }
   ];
 
   const menu = Menu.buildFromTemplate(template);

lib/browser/guest-window-manager.ts

@@ -17,11 +17,6 @@ export type WindowOpenArgs = {
   features: string,
 }
 
-const frameNamesToWindow = new Map<string, WebContents>();
-const registerFrameNameToGuestWindow = (name: string, webContents: WebContents) => frameNamesToWindow.set(name, webContents);
-const unregisterFrameName = (name: string) => frameNamesToWindow.delete(name);
-const getGuestWebContentsByFrameName = (name: string) => frameNamesToWindow.get(name);
-
 /**
  * `openGuestWindow` is called to create and setup event handling for the new
  * window.
@@ -47,20 +42,6 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
     ...overrideBrowserWindowOptions
   };
 
-  // To spec, subsequent window.open calls with the same frame name (`target` in
-  // spec parlance) will reuse the previous window.
-  // https://html.spec.whatwg.org/multipage/window-object.html#apis-for-creating-and-navigating-browsing-contexts-by-name
-  const existingWebContents = getGuestWebContentsByFrameName(frameName);
-  if (existingWebContents) {
-    if (existingWebContents.isDestroyed()) {
-      // FIXME(t57ser): The webContents is destroyed for some reason, unregister the frame name
-      unregisterFrameName(frameName);
-    } else {
-      existingWebContents.loadURL(url);
-      return;
-    }
-  }
-
   if (createWindow) {
     const webContents = createWindow({
       webContents: guest,
@@ -72,7 +53,7 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
         throw new Error('Invalid webContents. Created window should be connected to webContents passed with options object.');
       }
 
-      handleWindowLifecycleEvents({ embedder, frameName, guest, outlivesOpener });
+      handleWindowLifecycleEvents({ embedder, guest, outlivesOpener });
     }
 
     return;
@@ -96,7 +77,7 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
     });
   }
 
-  handleWindowLifecycleEvents({ embedder, frameName, guest: window.webContents, outlivesOpener });
+  handleWindowLifecycleEvents({ embedder, guest: window.webContents, outlivesOpener });
 
   embedder.emit('did-create-window', window, { url, frameName, options: browserWindowOptions, disposition, referrer, postData });
 }
@@ -107,10 +88,9 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
  * too is the guest destroyed; this is Electron convention and isn't based in
  * browser behavior.
  */
-const handleWindowLifecycleEvents = function ({ embedder, guest, frameName, outlivesOpener }: {
+const handleWindowLifecycleEvents = function ({ embedder, guest, outlivesOpener }: {
   embedder: WebContents,
   guest: WebContents,
-  frameName: string,
   outlivesOpener: boolean
 }) {
   const closedByEmbedder = function () {
@@ -128,13 +108,6 @@ const handleWindowLifecycleEvents = function ({ embedder, guest, frameName, outl
     embedder.once('current-render-view-deleted' as any, closedByEmbedder);
   }
   guest.once('destroyed', closedByUser);
-
-  if (frameName) {
-    registerFrameNameToGuestWindow(frameName, guest);
-    guest.once('destroyed', function () {
-      unregisterFrameName(frameName);
-    });
-  }
 };
 
 // Security options that child windows will always inherit from parent windows

lib/browser/parse-features-string.ts

@@ -78,6 +78,27 @@ export function parseWebViewWebPreferences (preferences: string) {
 const allowedWebPreferences = ['zoomFactor', 'nodeIntegration', 'javascript', 'contextIsolation', 'webviewTag'] as const;
 type AllowedWebPreference = (typeof allowedWebPreferences)[number];
 
+// Top-level BrowserWindow options that may be set via the window.open()
+// features string. Options not listed here are silently dropped; apps that
+// need to pass other options should use setWindowOpenHandler in the main
+// process.
+const allowedWindowOptions = new Set<string>([
+  // standard window.open() position/size features
+  'top', 'left', 'innerWidth', 'innerHeight',
+  // numeric
+  'x', 'y', 'width', 'height',
+  'minWidth', 'minHeight', 'maxWidth', 'maxHeight', 'opacity',
+  // presentational booleans
+  'show', 'center', 'useContentSize', 'frame', 'transparent', 'hasShadow',
+  'movable', 'closable', 'focusable', 'minimizable', 'maximizable',
+  'fullscreenable', 'alwaysOnTop', 'skipTaskbar', 'modal', 'acceptFirstMouse',
+  'autoHideMenuBar', 'enableLargerThanScreen', 'paintWhenInitiallyHidden',
+  'roundedCorners', 'thickFrame', 'disableAutoHideCursor', 'hiddenInMissionControl',
+  // presentational strings (no filesystem/network side effects)
+  'title', 'backgroundColor', 'tabbingIdentifier', 'titleBarStyle', 'vibrancy',
+  'visualEffectState', 'backgroundMaterial'
+]);
+
 /**
  * Parses a feature string that has the format used in window.open().
  */
@@ -100,8 +121,15 @@ export function parseFeatures (features: string) {
   if (parsed.left !== undefined) parsed.x = parsed.left;
   if (parsed.top !== undefined) parsed.y = parsed.top;
 
+  const options: { [key: string]: CoercedValue } = {};
+  for (const key of Object.keys(parsed)) {
+    if (allowedWindowOptions.has(key)) {
+      options[key] = parsed[key];
+    }
+  }
+
   return {
-    options: parsed as Omit<BrowserWindowConstructorOptions, 'webPreferences'>,
+    options: options as Omit<BrowserWindowConstructorOptions, 'webPreferences'>,
     webPreferences
   };
 }

lib/node/asar-fs-wrapper.ts

@@ -135,10 +135,10 @@ const asarStatsToFsStats = function (stats: NodeJS.AsarFileStat) {
     uid,
     gid,
     0, // rdev
-    undefined, // blksize
+    4096, // blksize
     ++nextInode, // ino
     stats.size,
-    undefined, // blocks,
+    Math.ceil(stats.size / 512), // blocks (512-byte units)
     fakeTime.getTime(), // atim_msec
     fakeTime.getTime(), // mtim_msec
     fakeTime.getTime(), // ctim_msec
@@ -1232,6 +1232,8 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   // has filesystem caching.
   overrideAPI(fs, 'copyFile');
   overrideAPISync(fs, 'copyFileSync');
+  overrideAPI(fs, 'cp');
+  overrideAPISync(fs, 'cpSync');
 
   overrideAPI(fs, 'open');
   overrideAPISync(process, 'dlopen', 1);

npm/package.json

@@ -7,6 +7,16 @@
   "scripts": {
     "postinstall": "node install.js"
   },
+  "files": [
+    "LICENSE",
+    "README.md",
+    "abi_version",
+    "checksums.json",
+    "cli.js",
+    "electron.d.ts",
+    "index.js",
+    "install.js"
+  ],
   "dependencies": {
     "@electron/get": "^2.0.0",
     "@types/node": "^24.9.0",

package.json

@@ -14,6 +14,7 @@
     "@electron/typescript-definitions": "^9.1.5",
     "@octokit/rest": "^20.1.2",
     "@primer/octicons": "^10.0.0",
+    "@sentry/cli": "1.72.0",
     "@types/minimist": "^1.2.5",
     "@types/node": "^24.9.0",
     "@types/semver": "^7.5.8",
@@ -85,7 +86,7 @@
     "gn-typescript-definitions": "npm run create-typescript-definitions && node script/cp.mjs electron.d.ts",
     "pre-flight": "pre-flight",
     "gn-check": "node ./script/gn-check.js",
-    "gn-format": "python3 script/run-gn-format.py",
+    "gn-format": "node ./script/lint.js --gn --fix",
     "precommit": "lint-staged",
     "preinstall": "node -e 'process.exit(0)'",
     "pretest": "npm run create-typescript-definitions",
@@ -120,7 +121,7 @@
     ],
     "*.{gn,gni}": [
       "npm run gn-check",
-      "npm run gn-format"
+      "node ./script/lint.js --gn --fix --only --"
     ],
     "*.py": [
       "node script/lint.js --py --fix --only --"
@@ -155,6 +156,9 @@
     "spec/fixtures/native-addon/*"
   ],
   "dependenciesMeta": {
+    "@sentry/cli": {
+      "built": true
+    },
     "abstract-socket": {
       "built": true
     }

patches/angle/.patches

@@ -0,0 +1 @@
+cherry-pick-b149a5c62d76.patch

patches/angle/cherry-pick-b149a5c62d76.patch

@@ -0,0 +1,117 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Geoff Lang <geofflang@chromium.org>
+Date: Fri, 27 Mar 2026 16:13:31 -0400
+Subject: GL: Fix pack state for BlitGL::copySubTextureCPUReadback
+
+copySubTextureCPUReadback does both ReadPixels and TexImage calls and
+needs to make sure the client's pack states are not used. It does this
+but in the wrong order causing an invalid pack state to be used for the
+ReadPixels call.
+
+Bug: chromium:490170083
+Change-Id: I93dcabf52edd6e4e08f999aaa0d96d1fc325211a
+Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/7708753
+Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
+Commit-Queue: Geoff Lang <geofflang@chromium.org>
+
+diff --git a/src/libANGLE/renderer/gl/BlitGL.cpp b/src/libANGLE/renderer/gl/BlitGL.cpp
+index 19780ad029525229cae6a9d07bf6e82dd72ee1aa..787405f204c3adf773b96e943c5f70e8e2aa7e5e 100644
+--- a/src/libANGLE/renderer/gl/BlitGL.cpp
++++ b/src/libANGLE/renderer/gl/BlitGL.cpp
+@@ -852,10 +852,10 @@ angle::Result BlitGL::copySubTextureCPUReadback(const gl::Context *context,
+         readFunction     = angle::ReadColor<angle::R8G8B8A8, GLfloat>;
+     }
+ 
+-    gl::PixelUnpackState unpack;
+-    unpack.alignment = 1;
+-    ANGLE_TRY(mStateManager->setPixelUnpackState(context, unpack));
+-    ANGLE_TRY(mStateManager->setPixelUnpackBuffer(context, nullptr));
++    gl::PixelPackState pack;
++    pack.alignment = 1;
++    ANGLE_TRY(mStateManager->setPixelPackState(context, pack));
++    ANGLE_TRY(mStateManager->setPixelPackBuffer(context, nullptr));
+     ANGLE_GL_TRY(context, mFunctions->readPixels(readPixelsArea.x, readPixelsArea.y,
+                                                  readPixelsArea.width, readPixelsArea.height,
+                                                  readPixelsFormat, GL_UNSIGNED_BYTE, sourceMemory));
+@@ -870,10 +870,10 @@ angle::Result BlitGL::copySubTextureCPUReadback(const gl::Context *context,
+         destInternalFormatInfo.format, destInternalFormatInfo.componentType, readPixelsArea.width,
+         readPixelsArea.height, 1, unpackFlipY, unpackPremultiplyAlpha, unpackUnmultiplyAlpha);
+ 
+-    gl::PixelPackState pack;
+-    pack.alignment = 1;
+-    ANGLE_TRY(mStateManager->setPixelPackState(context, pack));
+-    ANGLE_TRY(mStateManager->setPixelPackBuffer(context, nullptr));
++    gl::PixelUnpackState unpack;
++    unpack.alignment = 1;
++    ANGLE_TRY(mStateManager->setPixelUnpackState(context, unpack));
++    ANGLE_TRY(mStateManager->setPixelUnpackBuffer(context, nullptr));
+ 
+     nativegl::TexSubImageFormat texSubImageFormat =
+         nativegl::GetTexSubImageFormat(mFunctions, mFeatures, destFormat, destType);
+diff --git a/src/tests/capture_replay_tests/capture_replay_expectations.txt b/src/tests/capture_replay_tests/capture_replay_expectations.txt
+index 74e572d7a9ecb1503fdb46d273b77ab07375719f..201c64ab200def996ffd7d0f8f85a60446e3ba5b 100644
+--- a/src/tests/capture_replay_tests/capture_replay_expectations.txt
++++ b/src/tests/capture_replay_tests/capture_replay_expectations.txt
+@@ -80,6 +80,7 @@
+ 42264831 : FramebufferTest_ES3.AttachmentsWithUnequalDimensions/* = SKIP_FOR_CAPTURE
+ 42264831 : FramebufferTest_ES3.ChangeAttachmentThenInvalidateAndDraw/* = SKIP_FOR_CAPTURE
+ 42264831 : FramebufferTest_ES3.RenderAndInvalidateImmutableTextureWithBeyondMaxLevel/* = SKIP_FOR_CAPTURE
++490170083 : CopyTextureTestES3.SRGBWithPackParameters/* = SKIP_FOR_CAPTURE
+ 
+ # The following tests fail with forceRobustResourceInit
+ # They were accidentally passing until http://crrev/c/5588816
+diff --git a/src/tests/gl_tests/CopyTextureTest.cpp b/src/tests/gl_tests/CopyTextureTest.cpp
+index cd9bc970b7f646b3e9f037cca3d9e623f8f6afb3..44effc45e132819396c792fbcf947c320bbed0a4 100644
+--- a/src/tests/gl_tests/CopyTextureTest.cpp
++++ b/src/tests/gl_tests/CopyTextureTest.cpp
+@@ -1988,6 +1988,50 @@ TEST_P(CopyTextureTestDest, AlphaCopyWithRGB)
+     EXPECT_PIXEL_COLOR_EQ(0, 0, expectedPixels);
+ }
+ 
++// Regression test for TextureGL doing CPU readback when a PBO is bound
++TEST_P(CopyTextureTestES3, SRGBWithPackParameters)
++{
++    ANGLE_SKIP_TEST_IF(!checkExtensions());
++    ANGLE_SKIP_TEST_IF(!EnsureGLExtensionEnabled("GL_EXT_sRGB"));
++
++    GLColor originalPixels(50u, 100u, 150u, 155u);
++
++    glBindTexture(GL_TEXTURE_2D, mTextures[1]);
++    glTexImage2D(GL_TEXTURE_2D, 0, GL_RGBA, 1, 1, 0, GL_RGBA, GL_UNSIGNED_BYTE, &originalPixels);
++    EXPECT_GL_NO_ERROR();
++
++    glBindTexture(GL_TEXTURE_2D, mTextures[0]);
++    glTexImage2D(GL_TEXTURE_2D, 0, GL_SRGB_ALPHA_EXT, 1, 1, 0, GL_SRGB_ALPHA_EXT, GL_UNSIGNED_BYTE,
++                 nullptr);
++    EXPECT_GL_NO_ERROR();
++
++    GLFramebuffer dstFBO;
++    glBindFramebuffer(GL_DRAW_FRAMEBUFFER, dstFBO);
++    glFramebufferTexture2D(GL_DRAW_FRAMEBUFFER, GL_COLOR_ATTACHMENT0, GL_TEXTURE_2D, mTextures[0],
++                           0);
++
++    // Should have no effect on the copy
++    glPixelStorei(GL_PACK_SKIP_PIXELS, 100);
++    glPixelStorei(GL_PACK_SKIP_ROWS, 100);
++    glPixelStorei(GL_PACK_ROW_LENGTH, 100);
++    glPixelStorei(GL_PACK_ALIGNMENT, 8);
++    EXPECT_GL_NO_ERROR();
++
++    std::array<uint8_t, 100 * 100 * 4 * 2> bigPackBuffer = {0};
++    glReadPixels(0, 0, 1, 1, GL_RGBA, GL_UNSIGNED_BYTE, bigPackBuffer.data());
++
++    glCopySubTextureCHROMIUM(mTextures[1], 0, GL_TEXTURE_2D, mTextures[0], 0, 0, 0, 0, 0, 1, 1,
++                             false, false, false);
++    EXPECT_GL_NO_ERROR();
++
++    glPixelStorei(GL_PACK_SKIP_PIXELS, 0);
++    glPixelStorei(GL_PACK_SKIP_ROWS, 0);
++    glPixelStorei(GL_PACK_ROW_LENGTH, 0);
++    glPixelStorei(GL_PACK_ALIGNMENT, 1);
++
++    EXPECT_PIXEL_COLOR_EQ(0, 0, originalPixels);
++}
++
+ // Bug where TEXTURE_SWIZZLE_RGBA was not reset after the Luminance workaround. (crbug.com/1022080)
+ TEST_P(CopyTextureTestES3, LuminanceWorkaroundTextureSwizzleBug)
+ {

patches/chromium/.patches

@@ -121,7 +121,7 @@ build_disable_thin_lto_mac.patch
 feat_corner_smoothing_css_rule_and_blink_painting.patch
 build_add_public_config_simdutf_config.patch
 fix_multiple_scopedpumpmessagesinprivatemodes_instances.patch
-revert_code_health_clean_up_stale_macwebcontentsocclusion.patch
+fix_handle_embedder_windows_shown_after_webcontentsviewcocoa_attach.patch
 feat_add_signals_when_embedder_cleanup_callbacks_run_for.patch
 feat_separate_content_settings_callback_for_sync_and_async_clipboard.patch
 fix_win32_synchronous_spellcheck.patch
@@ -147,3 +147,30 @@ fix_update_dbus_signal_signature_for_xdg_globalshortcuts_portal.patch
 fix_set_correct_app_id_on_linux.patch
 fix_pass_trigger_for_global_shortcuts_on_wayland.patch
 feat_plumb_node_integration_in_worker_through_workersettings.patch
+fix_fire_menu_popup_start_for_dynamically_created_aria_menus.patch
+extensions_return_early_from_urlpattern_isvalidscheme.patch
+feat_allow_enabling_extensions_on_custom_protocols.patch
+cherry-pick-1fd9cf824950.patch
+cherry-pick-fc10b0d6304d.patch
+cherry-pick-41c622eea273.patch
+fix_initialize_com_on_desktopmedialistcapturethread_on_windows.patch
+fix_use_fresh_lazynow_for_onendworkitemimpl_after_didruntask.patch
+cherry-pick-4073d491fb55.patch
+cherry-pick-8c1ead5a699f.patch
+cherry-pick-c215f8e6f049.patch
+cherry-pick-a6357144e7bf.patch
+cherry-pick-41bfbc009df8.patch
+cherry-pick-4002a66778d2.patch
+cherry-pick-c81f01b469c4.patch
+cherry-pick-1b69067db7d2.patch
+cherry-pick-d513cd2fe668.patch
+cherry-pick-847b11ad2fa3.patch
+cherry-pick-fccaeb9e0967.patch
+cherry-pick-d141d62357df.patch
+cherry-pick-c75f63de7188.patch
+cherry-pick-7687618.patch
+patch_osr_control_screen_info.patch
+cherry-pick-cve-2026-6920.patch
+fix_make_macos_text_replacement_work_on_contenteditable.patch
+fix-dcheck-failure-when-starting-heap-profiler-for-renderer.patch
+fix_use_bundled_devtools_frontend_url_for_remote_debugging.patch

patches/chromium/build_do_not_depend_on_packed_resource_integrity.patch

@@ -33,10 +33,10 @@ index 4a742db71f62f9ac891ceeb0604ca0b99d1d89c1..2c5af6482e2b6905552a05b16d3df0a4
          "//base",
          "//build:branding_buildflags",
 diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
-index 2fc3a991d89093ff9139eb09d74123197155caff..0862aa96c2a7b496338ac0593f84fcfa21f25572 100644
+index a2a14349d40ce34831ab063cd5eb55cd5085c814..1a861ff7867f19935178c8368a9a720230fee026 100644
 --- a/chrome/browser/BUILD.gn
 +++ b/chrome/browser/BUILD.gn
-@@ -4749,7 +4749,7 @@ static_library("browser") {
+@@ -4751,7 +4751,7 @@ static_library("browser") {
        ]
      }
  
@@ -46,10 +46,10 @@ index 2fc3a991d89093ff9139eb09d74123197155caff..0862aa96c2a7b496338ac0593f84fcfa
        # than here in :chrome_dll.
        deps += [ "//chrome:packed_resources_integrity_header" ]
 diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
-index 7d5a246787bc3cc3bcb883aa78121d3d3f124780..b5de35620bc636d5e1d0d5770d898f564843bcef 100644
+index 40ea51f97470e2b86f8d2d373ea99a2a71ad185e..db6a2291ce77d89c8e28a1435336fd939e436906 100644
 --- a/chrome/test/BUILD.gn
 +++ b/chrome/test/BUILD.gn
-@@ -7728,9 +7728,12 @@ test("unit_tests") {
+@@ -7731,9 +7731,12 @@ test("unit_tests") {
        "//chrome/notification_helper",
      ]
  
@@ -63,7 +63,7 @@ index 7d5a246787bc3cc3bcb883aa78121d3d3f124780..b5de35620bc636d5e1d0d5770d898f56
        "//chrome//services/util_win:unit_tests",
        "//chrome/app:chrome_dll_resources",
        "//chrome/app:win_unit_tests",
-@@ -8698,6 +8701,10 @@ test("unit_tests") {
+@@ -8703,6 +8706,10 @@ test("unit_tests") {
        "../browser/performance_manager/policies/background_tab_loading_policy_unittest.cc",
      ]
  
@@ -74,7 +74,7 @@ index 7d5a246787bc3cc3bcb883aa78121d3d3f124780..b5de35620bc636d5e1d0d5770d898f56
      sources += [
        # The importer code is not used on Android.
        "../common/importer/firefox_importer_utils_unittest.cc",
-@@ -8755,7 +8762,6 @@ test("unit_tests") {
+@@ -8760,7 +8767,6 @@ test("unit_tests") {
      # TODO(crbug.com/417513088): Maybe merge with the non-android `deps` declaration above?
      deps += [
        "../browser/screen_ai:screen_ai_install_state",

patches/chromium/can_create_window.patch

@@ -9,10 +9,10 @@ potentially prevent a window from being created.
 TODO(loc): this patch is currently broken.
 
 diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
-index 46368e70af175d8d0ab0fb5a36d258e48270371e..8d7be769a6c76650ae999338578215dcd324c199 100644
+index 2d8a70f5fc0f6c2dc2a7587b7bc2e43dbcee8f0e..a87bd09d7a12c5f003488792843cd1807ee1e30f 100644
 --- a/content/browser/renderer_host/render_frame_host_impl.cc
 +++ b/content/browser/renderer_host/render_frame_host_impl.cc
-@@ -9990,6 +9990,7 @@ void RenderFrameHostImpl::CreateNewWindow(
+@@ -9997,6 +9997,7 @@ void RenderFrameHostImpl::CreateNewWindow(
            last_committed_origin_, params->window_container_type,
            params->target_url, params->referrer.To<Referrer>(),
            params->frame_name, params->disposition, *params->features,

patches/chromium/cherry-pick-1b69067db7d2.patch

@@ -0,0 +1,103 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Vasilii Sukhanov <vasilii@chromium.org>
+Date: Wed, 8 Apr 2026 07:48:21 -0700
+Subject: Fix cross-domain password leak via manual-fallback preview
+
+In PasswordManualFallbackFlow::DidSelectSuggestion, when a user selects
+a password suggestion, the browser process sends the cleartext password
+to the renderer for previewing. If the suggestion is cross-domain, this
+leak happens without consent or auth.
+
+This CL fixes this by omitting the password in the preview message for
+all the cases by sending the fake string.
+
+Fixed: 498269651
+Change-Id: Ic9546114c453f05de1030f05c7a9830b39d73038
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7735152
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Anna Tsvirchkova <atsvirchkova@google.com>
+Cr-Commit-Position: refs/heads/main@{#1611490}
+
+diff --git a/components/password_manager/core/browser/password_manual_fallback_flow.cc b/components/password_manager/core/browser/password_manual_fallback_flow.cc
+index d65be8e82a2a8dd202d5eb1644ea3db9f59c18d4..14e18916fbac51665f9f94d99c8bc6ef8afbc112 100644
+--- a/components/password_manager/core/browser/password_manual_fallback_flow.cc
++++ b/components/password_manager/core/browser/password_manual_fallback_flow.cc
+@@ -211,12 +211,13 @@ void PasswordManualFallbackFlow::DidSelectSuggestion(
+       if (!form) {
+         return;
+       }
++      const auto payload =
++          suggestion.GetPayload<Suggestion::PasswordSuggestionDetails>();
+       password_manager_driver_->PreviewSuggestionById(
+           form->username_element_renderer_id,
+           form->password_element_renderer_id,
+           GetUsernameFromLabel(suggestion.labels[0][0].value),
+-          suggestion.GetPayload<Suggestion::PasswordSuggestionDetails>()
+-              .password);
++          std::u16string(payload.password.length(), '*'));
+       break;
+     }
+     case autofill::SuggestionType::kPasswordFieldByFieldFilling:
+diff --git a/components/password_manager/core/browser/password_manual_fallback_flow_unittest.cc b/components/password_manager/core/browser/password_manual_fallback_flow_unittest.cc
+index 866ca1f10b017f48a444742788f3965320647f7c..8789288a9630a921fe0cf79680cf41a54c619e38 100644
+--- a/components/password_manager/core/browser/password_manual_fallback_flow_unittest.cc
++++ b/components/password_manager/core/browser/password_manual_fallback_flow_unittest.cc
+@@ -656,7 +656,7 @@ TEST_F(PasswordManualFallbackFlowTest,
+   EXPECT_CALL(driver(), PreviewSuggestionById(form.username_element_renderer_id,
+                                               form.password_element_renderer_id,
+                                               std::u16string(u"username"),
+-                                              std::u16string(u"password")));
++                                              std::u16string(u"********")));
+   Suggestion suggestion = autofill::test::CreateAutofillSuggestion(
+       SuggestionType::kPasswordEntry, u"google.com",
+       CreateTestPasswordDetails());
+@@ -667,6 +667,40 @@ TEST_F(PasswordManualFallbackFlowTest,
+   flow().DidSelectSuggestion(suggestion);
+ }
+ 
++// Test that password manual fallback suggestion is previewed without password
++// if the suggestion is cross-domain.
++TEST_F(PasswordManualFallbackFlowTest,
++       SelectFillFullFormSuggestion_CrossDomain_TriggeredOnAPasswordForm) {
++  InitializeFlow();
++  ProcessPasswordStoreUpdates();
++
++  PasswordForm form;
++  form.username_element_renderer_id = MakeFieldRendererId();
++  form.password_element_renderer_id = MakeFieldRendererId();
++  // Simulate that the field is/isn't classified as target filling password.
++  EXPECT_CALL(password_form_cache(),
++              GetPasswordForm(_, form.username_element_renderer_id))
++      .WillRepeatedly(Return(&form));
++
++  flow().RunFlow(form.username_element_renderer_id, gfx::RectF{},
++                 TextDirection::LEFT_TO_RIGHT);
++
++  // Expect that the password is empty in the preview call.
++  EXPECT_CALL(driver(), PreviewSuggestionById(form.username_element_renderer_id,
++                                              form.password_element_renderer_id,
++                                              std::u16string(u"username"),
++                                              std::u16string(u"********")));
++  Suggestion suggestion = autofill::test::CreateAutofillSuggestion(
++      SuggestionType::kPasswordEntry, u"google.com",
++      Suggestion::PasswordSuggestionDetails(u"username", u"password",
++                                            "https://cross-domain.com/",
++                                            u"cross-domain.com",
++                                            /*is_cross_domain=*/true));
++  suggestion.labels = {{Suggestion::Text(u"username")}};
++  suggestion.acceptability = Suggestion::Acceptability::kAcceptable;
++  flow().DidSelectSuggestion(suggestion);
++}
++
+ // Test that only password field is previewed if the credential doesn't have
+ // a username saved for it.
+ TEST_F(PasswordManualFallbackFlowTest,
+@@ -687,7 +721,7 @@ TEST_F(PasswordManualFallbackFlowTest,
+   EXPECT_CALL(driver(), PreviewSuggestionById(FieldRendererId(),
+                                               form.password_element_renderer_id,
+                                               std::u16string(),
+-                                              std::u16string(u"password")));
++                                              std::u16string(u"********")));
+   Suggestion suggestion = autofill::test::CreateAutofillSuggestion(
+       SuggestionType::kPasswordEntry, u"google.com",
+       CreateTestPasswordDetails());

patches/chromium/cherry-pick-1fd9cf824950.patch

@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Tue, 31 Mar 2026 14:10:01 -0700
+Subject: Limit file size for GTK3 file chooser preview images
+
+The GTK3 file chooser preview loads selected files via
+gdk_pixbuf_new_from_file_at_size(), which decodes the entire file into
+memory before scaling. For very large images (e.g. uncompressed TIFFs
+over 1 GB), this causes excessive memory allocation and can crash the
+process.
+
+Add a 100 MB file size limit to OnUpdatePreview() so that oversized
+files are skipped rather than decoded. The limit is applied alongside
+the existing regular-file check using the stat result already available.
+
+Bug: none
+Change-Id: I4cf6f7e03b5d26af82b0f1fd2742108aa8883db3
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7715599
+Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
+Reviewed-by: Avi Drissman <avi@chromium.org>
+Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#1608089}
+
+diff --git a/ui/gtk/select_file_dialog_linux_gtk.cc b/ui/gtk/select_file_dialog_linux_gtk.cc
+index 6674bd0e8aeabf1d2c356239ce874181b230f085..9eaec5331bde260824ffa73cf044783fef274233 100644
+--- a/ui/gtk/select_file_dialog_linux_gtk.cc
++++ b/ui/gtk/select_file_dialog_linux_gtk.cc
+@@ -16,6 +16,7 @@
+ #include <utility>
+ #include <vector>
+ 
++#include "base/byte_size.h"
+ #include "base/logging.h"
+ #include "base/memory/ptr_util.h"
+ #include "base/no_destructor.h"
+@@ -679,8 +680,12 @@ void SelectFileDialogLinuxGtk::OnUpdatePreview(GtkWidget* chooser) {
+ 
+   // Don't attempt to open anything which isn't a regular file. If a named pipe,
+   // this may hang. See https://crbug.com/534754.
++  // Don't attempt to preview files over 100MB to avoid excessive memory use
++  // and crashes when decoding very large images.
+   struct stat stat_buf;
+-  if (stat(filename, &stat_buf) != 0 || !S_ISREG(stat_buf.st_mode)) {
++  constexpr base::ByteSize kMaxPreviewFileSize = base::MiBU(100);
++  if (stat(filename, &stat_buf) != 0 || !S_ISREG(stat_buf.st_mode) ||
++      static_cast<uint64_t>(stat_buf.st_size) > kMaxPreviewFileSize.InBytes()) {
+     g_free(filename);
+     gtk_file_chooser_set_preview_widget_active(GTK_FILE_CHOOSER(chooser),
+                                                FALSE);

patches/chromium/cherry-pick-4002a66778d2.patch

@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Vasiliy Telezhnikov <vasilyt@chromium.org>
+Date: Wed, 1 Apr 2026 11:19:52 -0700
+Subject: Fix potential double free in deserializing CopyOutputResults
+
+Skia always runs release proc of the SkBitmap::installPixels [1].
+
+[1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/skia/include/core/SkBitmap.h;drc=405f385dce2db578ff3b2301686d231ee8f0b042;l=586
+
+Bug: 497846428
+Change-Id: I4d3fd2e676fa7aa74e1022cbd2c9d9db8970a90c
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7718978
+Commit-Queue: Vasiliy Telezhnikov <vasilyt@chromium.org>
+Reviewed-by: Joe Mason <joenotcharles@google.com>
+Cr-Commit-Position: refs/heads/main@{#1608675}
+
+diff --git a/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc b/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
+index 59fbc85e257778d1743688716b314ed983f2f324..9d6bdd42622dffd90d39d6977bdec169baf98170 100644
+--- a/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
++++ b/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
+@@ -111,12 +111,14 @@ bool StructTraits<viz::mojom::BitmapInSharedMemoryDataView, SkBitmap>::Read(
+     return false;
+   }
+ 
+-  if (!sk_bitmap->installPixels(image_info, mapping_ptr->memory(),
++  // Skia guarantees that it will call release proc, so we pass release()'ed
++  // pointer into it.
++  void* bitmap_memory = mapping_ptr->memory();
++  if (!sk_bitmap->installPixels(image_info, bitmap_memory,
+                                 data.row_bytes(), &DeleteSharedMemoryMapping,
+-                                mapping_ptr.get())) {
++                                mapping_ptr.release())) {
+     return false;
+   }
+-  mapping_ptr.release();
+   return true;
+ }
+ 

patches/chromium/cherry-pick-4073d491fb55.patch

@@ -0,0 +1,213 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Matt Menke <mmenke@chromium.org>
+Date: Fri, 27 Mar 2026 09:19:35 -0700
+Subject: Make SpdySession::CreateStream() call DoDrainSession()
+ asynchronously.
+
+Calling it synchronously would tear down all SpdyStreams immediately,
+informing their consumers of the error. This could have side effects
+that affect the caller trying to create the stream, so was unsafe.
+
+This does introduce a state where a SpdySession is going away, but
+neither DoDrainSession() nor StartGoingAway() was invoked. The
+SpdySession never reached such a state before this CL, but this state
+was used before - when there was a network change, we used to move
+SpdySessions into such a state. This behavior was removed because we
+ended up never actually closing those sockets, which could effectively
+blackhole a destination. Since this CL posts a task to drain the
+session, that shouldn't happen here.
+
+The code is robust against extra DoDrainSession() calls, so it should
+be fine if the session discovers through another path it should start
+draining or otherwise going away,
+
+Bug: 493628982
+Change-Id: I23f1517b67fb55edd50d6e8fc8f1b4d8328e8ec5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7701714
+Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
+Commit-Queue: mmenke <mmenke@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#1606281}
+
+diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc
+index 957ebf883fef96af8fea16cb883e8c663dce8b2b..eb811b8b5dc382cf1fbd4cc75a63c416d71f746b 100644
+--- a/net/socket/socket_test_util.cc
++++ b/net/socket/socket_test_util.cc
+@@ -1251,7 +1251,7 @@ void MockTCPClientSocket::Disconnect() {
+ bool MockTCPClientSocket::IsConnected() const {
+   if (!data_)
+     return false;
+-  return connected_ && !peer_closed_connection_;
++  return connected_ && !peer_closed_connection_ && !data_->silently_closed();
+ }
+ 
+ bool MockTCPClientSocket::IsConnectedAndIdle() const {
+diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
+index 204fcd3eb95a283783f508153137328e162bbde9..78ebf2140902f14e1f6506c6a1e3654e5fc8c4ff 100644
+--- a/net/socket/socket_test_util.h
++++ b/net/socket/socket_test_util.h
+@@ -447,6 +447,12 @@ class SocketDataProvider {
+   MockConnect connect_data() const { return connect_; }
+   void set_connect_data(const MockConnect& connect) { connect_ = connect; }
+ 
++  // Makes IsConnected() start returning false for any socket using `this`,
++  // without any read or write error. Useful for simulating cases where an
++  // IsConnected() call is the first time a socket is revealed to be closed.
++  void set_silently_closed() { silently_closed_ = true; }
++  bool silently_closed() const { return silently_closed_; }
++
+  private:
+   // Called to inform subclasses of initialization.
+   virtual void Reset() = 0;
+@@ -459,6 +465,8 @@ class SocketDataProvider {
+   // This reflects the default state of TCPClientSockets.
+   bool no_delay_ = true;
+ 
++  bool silently_closed_ = false;
++
+   KeepAliveState keep_alive_state_ = KeepAliveState::kDefault;
+   int keep_alive_delay_ = 0;
+ 
+diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc
+index 7465a28030a65eb4964e537134c60ac64ab54f25..9dfbb5dd63802add67931d2aa0b06aa62d6d7be1 100644
+--- a/net/spdy/spdy_session.cc
++++ b/net/spdy/spdy_session.cc
+@@ -1682,7 +1682,9 @@ int SpdySession::CreateStream(const SpdyStreamRequest& request,
+   UMA_HISTOGRAM_BOOLEAN("Net.SpdySession.CreateStreamWithSocketConnected",
+                         socket_->IsConnected());
+   if (!socket_->IsConnected()) {
+-    DoDrainSession(
++    // Since there may be a consumer of the session on the stack, can't call
++    // DoDrainSession() synchronously, as it may result in reentrancy.
++    DoDrainSessionAsync(
+         ERR_CONNECTION_CLOSED,
+         "Tried to create SPDY stream for a closed socket connection.");
+     return ERR_CONNECTION_CLOSED;
+@@ -2674,6 +2676,23 @@ void SpdySession::DoDrainSession(Error err,
+   MaybePostWriteLoop();
+ }
+ 
++void SpdySession::DoDrainSessionAsync(Error err,
++                                      std::string description,
++                                      bool force_send_go_away) {
++  // Make this unavailable to prevent consumers from pulling it from the session
++  // pool again, which could result in an infinite loop, or otherwise running
++  // into this error again rather than trying a new connection.
++  MakeUnavailable(err);
++
++  // This will close the socket and inform consumers asynchronously. If
++  // something happens before this task runs (like a read error), that should
++  // not cause issues, since DoDrainSession() does nothing if already draining.
++  base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
++      FROM_HERE,
++      base::BindOnce(&SpdySession::DoDrainSession, weak_factory_.GetWeakPtr(),
++                     err, std::move(description), force_send_go_away));
++}
++
+ void SpdySession::LogAbandonedStream(SpdyStream* stream, Error status) {
+   DCHECK(stream);
+   stream->LogStreamError(status, "Abandoned.");
+diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h
+index b36f8fae637e49cb82141cf59d123a49c9c931ac..a5896d76fbd73c5dfd0abcae77d5dfaadbaa3d54 100644
+--- a/net/spdy/spdy_session.h
++++ b/net/spdy/spdy_session.h
+@@ -857,6 +857,15 @@ class NET_EXPORT SpdySession
+                       const std::string& description,
+                       bool force_send_go_away = false);
+ 
++  // Immediately marks a session as unavailable, to prevent reuse, and posts a
++  // task to call DoDrainSession (if the session is drained for some other
++  // reason in the meantime, that is fine). This should be used instead of
++  // DoDrainSession when there may be a consumer of the SpdySession on the
++  // stack, so as to avoid reentrancy.
++  void DoDrainSessionAsync(Error err,
++                           std::string description,
++                           bool force_send_go_away = false);
++
+   // Called right before closing a (possibly-inactive) stream for a
+   // reason other than being requested to by the stream.
+   void LogAbandonedStream(SpdyStream* stream, Error status);
+diff --git a/net/spdy/spdy_session_unittest.cc b/net/spdy/spdy_session_unittest.cc
+index 44c9ea47b39fe8c3efbe5e39f0b6d028fa73af97..6e808d05d16f144afdfdae229ec4c8f110d4fde0 100644
+--- a/net/spdy/spdy_session_unittest.cc
++++ b/net/spdy/spdy_session_unittest.cc
+@@ -976,10 +976,14 @@ TEST_F(SpdySessionTest, CreateStreamAfterGoAway) {
+   EXPECT_TRUE(session_->IsStreamActive(1));
+ 
+   SpdyStreamRequest stream_request;
++  // Note that `can_send_early` is needed to bypass confirming the handshake. If
++  // this regresses, may need to do what other tests to, and use
++  // CreateStreamSynchronously() to create an initial SpdyStream and set up the
++  // socket.
+   int rv = stream_request.StartRequest(
+-      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, false, MEDIUM,
+-      SocketTag(), NetLogWithSource(), CompletionOnceCallback(),
+-      TRAFFIC_ANNOTATION_FOR_TESTS);
++      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_,
++      /*can_send_early=*/true, MEDIUM, SocketTag(), NetLogWithSource(),
++      CompletionOnceCallback(), TRAFFIC_ANNOTATION_FOR_TESTS);
+   EXPECT_THAT(rv, IsError(ERR_FAILED));
+ 
+   EXPECT_TRUE(session_);
+@@ -2835,6 +2839,62 @@ TEST_F(SpdySessionTest, CancelTwoStalledCreateStream) {
+   EXPECT_EQ(0u, pending_create_stream_queue_size(LOWEST));
+ }
+ 
++// Check that SpdyStreamRequest::StartRequest() does not synchronously notify
++// live streams of their destruction when it notices the socket has been closed.
++// This can racily happen when a new request occurs before a read error from the
++// socket is processed. This synchronously informing other streams of their
++// destruction could result in modifying objects that are on the top of the
++// callstack due to shared state, which can lead to bugs.
++TEST_F(SpdySessionTest,
++       SpdyStreamRequestStartRequestAsynchronouslyNotifiesOtherStreams) {
++  StaticSocketDataProvider data;
++  session_deps_.socket_factory->AddSocketDataProvider(&data);
++  AddSSLSocketData();
++
++  CreateNetworkSession();
++  CreateSpdySession();
++
++  // Create a stream on the session, and set up a delegate to watch it.
++  base::WeakPtr<SpdyStream> spdy_stream =
++      CreateStreamSynchronously(SPDY_REQUEST_RESPONSE_STREAM, session_,
++                                test_url_, MEDIUM, NetLogWithSource());
++  test::StreamDelegateDoNothing delegate(spdy_stream);
++  spdy_stream->SetDelegate(&delegate);
++
++  // Close the socket, without a read/write event, to simulate the
++  // StartRequest() being the first call to notice the socket is closed.
++  data.set_silently_closed();
++
++  // Start a StreamRequest request. Note that `can_send_early` must be true to
++  // avoid calling MockSSLClientSocket::ConfirmHandshake(), will cause the
++  // request not to check the state of the connection, while it waits for the
++  // SSL handshake to be confirmed (that handshake confirmation check will also
++  // cause the MockSSLClientSocket to CHECK, if it happens, as the socket is
++  // closed).
++  SpdyStreamRequest request;
++  int rv = request.StartRequest(
++      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_,
++      /*can_send_early=*/true, LOWEST, SocketTag(), NetLogWithSource(),
++      base::BindOnce([](int result) {
++        ADD_FAILURE()
++            << "Callback should not be invoked on synchronous completion";
++      }),
++      TRAFFIC_ANNOTATION_FOR_TESTS);
++  // The request should synchronously fail.
++  EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED));
++
++  // The session should be flagged as going away, and should no longer be
++  // available but should still exist.
++  EXPECT_TRUE(session_->IsGoingAway());
++  EXPECT_FALSE(HasSpdySession(spdy_session_pool_, key_));
++  // The first stream should not have been closed synchronously. Instead, a task
++  // should have been posted to close it.
++  EXPECT_FALSE(delegate.StreamIsClosed());
++
++  // Wait for the stream to be closed.
++  EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_CONNECTION_CLOSED));
++}
++
+ // Test that SpdySession::DoReadLoop reads data from the socket
+ // without yielding.  This test makes 32k - 1 bytes of data available
+ // on the socket for reading. It then verifies that it has read all

patches/chromium/cherry-pick-41bfbc009df8.patch

@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tommy Steimel <steimel@chromium.org>
+Date: Tue, 31 Mar 2026 16:11:55 -0700
+Subject: [Media Session] Don't assume there is still 1 normal player
+
+There are some actions in MediaSessionImpl that are only available when
+there is exactly 1 normal player, so when they're called, there's a
+DCHECK that we do in fact have 1 normal player. However, since Mojo
+calls are asynchronous, it's possible for one of these actions to be
+legitimately called with 1 normal player, but by the time it runs there
+are either 0 or 2+ normal players.
+
+This CL changes these instances to no longer DCHECK that there is 1
+normal player and instead just early return if there isn't.
+
+Bug: 497412658
+Change-Id: I0fdf3c6779c224db996091b2fd463bc3cb9464f3
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7719021
+Reviewed-by: Benjamin Keen <bkeen@google.com>
+Commit-Queue: Tommy Steimel <steimel@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#1608166}
+
+diff --git a/content/browser/media/session/media_session_impl.cc b/content/browser/media/session/media_session_impl.cc
+index 542bd7ee9ab011b94d41517286334b75a94b47f8..24115ab4024a981334f1f9111d9017b37bf634b4 100644
+--- a/content/browser/media/session/media_session_impl.cc
++++ b/content/browser/media/session/media_session_impl.cc
+@@ -1290,7 +1290,6 @@ void MediaSessionImpl::EnterPictureInPicture() {
+     return;
+   }
+ 
+-  DCHECK_EQ(normal_players_.size(), 1u);
+   if (normal_players_.size() != 1u) {
+     // There should be one and only one player when we enter picture-in-picture.
+     return;
+@@ -1355,13 +1354,23 @@ void MediaSessionImpl::Raise() {
+ }
+ 
+ void MediaSessionImpl::SetMute(bool mute) {
+-  DCHECK_EQ(normal_players_.size(), 1u);
++  // The SetMute action should only be available when there is one normal
++  // player, though due to the asynchronous nature of mojo, we may no longer
++  // have 1 normal player. In that case, just return.
++  if (normal_players_.size() != 1u) {
++    return;
++  }
+   normal_players_.begin()->first.observer->OnSetMute(
+       normal_players_.begin()->first.player_id, mute);
+ }
+ 
+ void MediaSessionImpl::RequestMediaRemoting() {
+-  DCHECK_EQ(normal_players_.size(), 1u);
++  // The RequestMediaRemoting action should only be available when there is one
++  // normal player, though due to the asynchronous nature of mojo, we may no
++  // longer have 1 normal player. In that case, just return.
++  if (normal_players_.size() != 1u) {
++    return;
++  }
+   normal_players_.begin()->first.observer->OnRequestMediaRemoting(
+       normal_players_.begin()->first.player_id);
+ }