[pull] main from electron:main#5
Open
pull[bot] wants to merge 3468 commits into16CentAstrology:mainfrom
Open
Conversation
* fix: lazily initialize safeStorage async encryptor
The SafeStorage constructor previously registered a browser observer that
called os_crypt_async()->GetInstance() on app-ready. Because ESM named
imports (import { x } from 'electron') eagerly evaluate all electron
module getters, simply importing electron in an ESM entrypoint would
construct SafeStorage and touch the OS keychain on app-ready, even when
safeStorage was never used.
This showed up as a macOS CI hang: the esm-spec import-meta fixture
triggers a keychain access prompt that blocks the test runner until
timeout.
Now the async encryptor is requested lazily on the first call to
encryptStringAsync, decryptStringAsync, or isAsyncEncryptionAvailable.
isAsyncEncryptionAvailable now returns a Promise that resolves once
initialization completes, matching what the docs already stated.
* chore: lint
* fix: add HandleScope in OnOsCryptReady for pending operations
OnOsCryptReady fires asynchronously from a posted task without an active
V8 HandleScope. Previously this was harmless because eager init meant the
pending queues were always empty when it fired. With lazy init, operations
queue up first, then the callback processes them and needs to create V8
handles (Buffer::Copy, Dictionary::CreateEmpty, Promise::Resolve).
) Bumps [dsanders11/project-actions](https://github.com/dsanders11/project-actions) from 1.7.0 to 2.0.0. - [Release notes](https://github.com/dsanders11/project-actions/releases) - [Commits](dsanders11/project-actions@2134fe7...5767984) --- updated-dependencies: - dependency-name: dsanders11/project-actions dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci: upload object change stats to Datadog Assisted-by: Claude Opus 4.6 * ci: bump actions/upload-artifact version * chore: only output new object count if non-zero * chore: skip object change tracking on ASan builds * chore: handle pull requests as well * chore: always set chromium-version-changed * chore: remove npx usage
* fix: remove ELECTRON_SKIP_BINARY_DOWNLOAD it is redundant as of electron v42 its purpose was to skip the binary download for post install script but as of electron v42, post install script is gone and replaced with a lazy download it was also slated for removal in [this comment](electron/rfcs#22 (comment)) * docs: remove ELECTRON_SKIP_BINARY_DOWNLOAD section the env is redundant as of electron v42 so docs don't have to mention it anymore * docs: add ELECTRON_SKIP_BINARY_DOWNLOAD to breaking changes
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7.0.1...ed59741) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.33.0 to 4.34.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b1bff81...3869755) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [actions-cool/issues-helper](https://github.com/actions-cool/issues-helper) from 3.7.6 to 3.8.0. - [Release notes](https://github.com/actions-cool/issues-helper/releases) - [Changelog](https://github.com/actions-cool/issues-helper/blob/main/CHANGELOG.md) - [Commits](actions-cool/issues-helper@71b62d7...200c786) --- updated-dependencies: - dependency-name: actions-cool/issues-helper dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
docs: handle cold-start deep links on Windows/Linux add a check for `process.argv` in the `app.whenReady()` callback to handle deep links when the application is cold-started on Windows and Linux.
* refactor: SafeV8Function to be backed by cppgc * spec: focus renderer before attempting paste * spec: remove listeners to prevent leak on failed tests
Add wg-infra as code owners for the .claude folder to protect Claude Code configuration files from unauthorized modifications. https://claude.ai/code/session_01YK2mEzC3DLrhqbcXW9jwUr Co-authored-by: Claude <noreply@anthropic.com>
- export_gin_v8platform_pageallocator_for_usage_outside_of_the_gin.patch: gin::V8Platform::GetPageAllocator() is now exported upstream via the public v8::Platform interface, so we no longer need to patch gin to expose a custom accessor. Update javascript_environment.cc to use the upstream API instead. - fix_getcursorscreenpoint_wrongly_returns_0_0.patch: this fix has landed upstream in Chromium and is no longer needed as a local patch.
* fix: hex-encode Windows notification icon temp filenames NotificationPresenterWin was using SHA1HashString(origin.spec()) directly as the basename for the temporary PNG written for toast icons. SHA1HashString returns raw digest bytes, so the generated filename could contain invalid path characters on Windows. That caused WriteFile to fail when saving notification icons, which left toast XML without the expected icon path. Hex-encode the digest before appending .png so the temporary filename is filesystem-safe while keeping deterministic naming for a given origin. * Update shell/browser/notifications/win/notification_presenter_win.cc Co-authored-by: Robo <hop2deep@gmail.com> --------- Co-authored-by: Robo <hop2deep@gmail.com>
Use platform_util::GetXdgAppId() with fallback to argv0 as PA_PROP_APPLICATION_ICON_NAME. Use electron::GetPossiblyOverriddenApplicationName() to set environment variable "ELECTRON_PA_APP_NAME" in audio_service.cc, to use it in pulse_util.cc for setting input/output pa_context name. This replaces hard-codded kBrowserDisplayName that was used for PA_PROP_APPLICATION_ICON_NAME, and PRODUCT_STRING that was used for pa_context names. This is done to make audio streams recognizable in tools like qpwgrapth and general audio managers, instead of having 20 "Chromium" outputs and "Chromium input" inputs, that are actually coming from completely different applications.
fix: register PrintDialogLinuxFactory on Linux Chromium 145 refactored Linux print dialog creation to use a factory pattern instead of directly calling LinuxUi::CreatePrintDialog(). Chrome registers this factory in ChromeBrowserMainExtraPartsViewsLinux::ToolkitInitialized(), but Electron did not, causing PrintingContextLinux::EnsurePrintDialog() to leave print_dialog_ null on every call. Without a dialog, UseDefaultSettings() and UpdatePrinterSettings() return success but with empty/unprocessed settings, causing PrintMsgPrintParamsIsValid() to fail. This broke both window.print() (no dialog appears) and webContents.print() (callback stuck until app close with "Invalid printer settings").
GetDefaultPrinterDPI() creates a blank GtkPrintSettings and reads its resolution, which returns 0 for uninitialized settings. With DPI=0, SetPrintableAreaIfValid() computes a zero scale factor, producing empty page dimensions that fail PrintMsgPrintParamsIsValid(). Fall back to kDefaultPdfDpi (72) when GTK returns 0, matching the existing Windows fallback pattern when CreateDC fails.
gfx::PNGCodec::Decode() returns a null SkBitmap when it fails to decode the clipboard contents as a PNG. Passing that null bitmap to gfx::Image::CreateFrom1xBitmap() triggers a crash. Return an empty gfx::Image instead, matching the existing null-check pattern in skia_util.cc.
…50474) The frameNamesToWindow map was a holdover from the BrowserWindowProxy IPC shim. Since nativeWindowOpen became the only code path, Blink's FrameTree::FindOrCreateFrameForNavigation resolves named window targets directly in the renderer, scoped to the opener's browsing context group. When a matching named window exists, Blink navigates it without ever sending a CreateNewWindow IPC to the browser, so this map was never consulted in the legitimate same-opener case. The only time the map found a match was when two unrelated renderers happened to use the same target name, in which case openGuestWindow would short-circuit before consuming the guest WebContents that Chromium had already created for the new window, leaking it. Adds a test verifying Blink handles same-opener named-target reuse end-to-end without any browser-side tracking.
…50473) The weak persistent tracking the OffscreenReleaseHolderMonitor was tied to the texture object, but the release() closure holds a raw pointer to the monitor via its v8::External data. If JS retained texture.release while dropping the texture itself, the monitor would be freed on GC and a later release() call would crash. Track the release function instead of the texture object. Since the texture holds release as a property, this keeps the monitor alive as long as either is reachable.
…s label (#50316) * remove comment based label removal * ci: add functionality for programmatic add/remove needs-signed-commits label * add new line to pull-request-opened-synchronized
…50377) * fix: fire AXMenuOpened event when a visible ARIA menu instance is added to the DOM * fix: remove redundent FireMenuPopupEndForDeletedMenus MENU_POPUP_END for deleted menus is already handled by AXTreeManager::OnNodeWillBeDeleted, which fires the event directly on the menu node before destruction. * chore: add feature flag (kDynamicMenuPopupEvents) * chore: update patches
* fix: harden GitHub Actions against script injection vulnerabilities
Replace direct ${{ }} expression interpolation in run: blocks with
environment variables to prevent script injection attacks. Changes:
- archaeologist-dig.yml: move clone_url, head.sha, base.ref to env vars
- non-maintainer-dependency-change.yml: move user.login to env var
- issue-unlabeled.yml: move toJSON(labels) to env var
- issue-labeled.yml: move issue.number to env var
- pipeline-electron-lint.yml: validate chromium_revision format
- cipd-install/action.yml: move all inputs to env vars and quote them
- set-chromium-cookie/action.yml: reference secrets via $ENV_VAR
- Add security comments to all 5 pull_request_target workflows
https://claude.ai/code/session_01UUWmLxn5hyyxrhK8rGxU2s
* fix: allow version strings in chromium_revision validation
The previous regex `^[a-f0-9]+$` only matched git SHAs but
chromium_revision is a version string like `148.0.7741.0`.
Broaden to `^[a-zA-Z0-9._-]+$` which still blocks shell
metacharacters.
https://claude.ai/code/session_01UUWmLxn5hyyxrhK8rGxU2s
---------
Co-authored-by: Claude <noreply@anthropic.com>
* chore: bump chromium in DEPS to 148.0.7749.0 * chore: bump chromium in DEPS to 148.0.7751.0 * chore: update patches * 7681299: Introduce OccludedWidgetInputProtector to track always-on-top widgets Refs https://chromium-review.googlesource.com/c/chromium/src/+/7681299 * 7685453: chrome://accessibility: Don't AllowJavascript() in async calls Refs https://chromium-review.googlesource.com/c/chromium/src/+/7685453 * 7665878: Prefer browser runtime over Node.js in HostRuntime detection Refs https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/7665878 * 7674037: Rename the bookmark-related interfaces of the Clipboard class to URL. Refs https://chromium-review.googlesource.com/c/chromium/src/+/7674037 * 7621713: Migrate ServiceWorker framework to ChildProcessId Refs https://chromium-review.googlesource.com/c/chromium/src/+/7621713 * 7680500: Migrate ServiceWorkerHost to ChildProcessId Refs https://chromium-review.googlesource.com/c/chromium/src/+/7680500 * chore: update roller commit message lint script to handle devtools CLs --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
* fix: outdated execution path * fix: use stub exe when detected
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...3e5f45b) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: correct linux zygote process titles * pass argv on mac as well * lint
fix: reset printToPDF queue after a rejection The module-scoped `pendingPromise` in `webContents.printToPDF` was chained with `.then(onFulfilled)` and never cleared. Once a call rejected (e.g. an out-of-range `pageRanges` like `"999"`), subsequent calls chained onto the rejected promise and short-circuited without ever invoking `_printToPDF` — so every following call re-surfaced the original error. Replace the shared variable with a per-`WebContents` `WeakMap` queue that swallows prior rejections before chaining and clears its entry once the tail drains.
* refactor: api::cookies managed by cppgc * chore: remove unused header
) * build: use Yarn JsZipImpl for node-modules link step Patch the vendored .yarn/releases/yarn-4.12.0.cjs so the node-modules (and pnpm-loose) linker constructs its read-only ZipOpenFS with customZipImplementation = JsZipImpl instead of the default WASM LibZipImpl. LibZipImpl loads each cache zip fully into the Emscripten WASM heap and malloc's a WASM buffer per file read. With up to 80 zips held open, the 32-bit arm32v7 test container intermittently fails to allocate the ~9 MB buffer for typescript/lib/typescript.js. Yarn's cross-FS copyFilePromise swallows the real error and surfaces it as a generic "EINVAL: invalid argument, copyfile", which has been failing ~1-in-3 linux-arm test shards at Install Dependencies since 2026-04-13. JsZipImpl opens zips by fd, reads only the central directory, and pulls individual entries into plain Node Buffers — no WASM heap involved. There is no .yarnrc.yml or env knob for this, so the vendored release is edited directly. .claude/README.md documents the patch and how to re-apply it on Yarn upgrades. Refs: yarnpkg/berry#3972, yarnpkg/berry#6722, yarnpkg/berry#6550 * docs: move JsZipImpl patch notes to .yarn/README.md Relocate the patch rationale next to the vendored release it documents, reword the intro for its new home, and update the header comment in yarn-4.12.0.cjs to point at .yarn/README.md.
fix: ignore draggable regions in hidden WebContentsView Hidden child WebContentsViews were still contributing their draggable regions to the parent window's non-client hit test, so clicks in the area where a hidden view's draggable element would render still dragged the window. Early-return HTNOWHERE when the view is not visible.
fix: FTBFS when pdf is disabled pdf_features.h has a static_assert that pdf is enabled
* chore: remove calls to DeprecatedLayoutImmediately
Replace the calls to `DeprecatedLayoutImmediately` that have test
coverage.
- The docked DevTools test added last week covers the three calls in IWCV.
- api-web-contents-view-spec covers the calls from NativeWindow{Views,Mac}.
There are a couple of remaining calls that don't have test coverage yet.
I'll get to them in a followup.
* test: handle both sync or microtask layout
* refactor: add a FlushPendingRootLayout() helper
* fix: track PDL files as inputs in inspector GN build * chore: address review feedback
The wrapper returned by `deprecate.removeFunction` dropped the wrapped function's return value because it did not `return` from `fn.apply`. Every other function wrapper in this module (`renameFunction`, `moveAPI`) forwards the return value, and the generic type signature `<T extends Function>(fn: T, ...): T` promises that `T`'s return type is preserved. Callers that relied on the return value of a function wrapped by `removeFunction` would silently receive `undefined` from the wrapper. Mirror the forwarding done by `renameFunction` / `moveAPI` and extend the existing spec to assert that the wrapper preserves both the return value and the `this` context of the deprecated function. Assisted-By: Claude Opus 4.6 Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
Add Linux-only app tests to check the default protocol handler. This includes adding reusable XDG mock fixtures.
* build: use 32-core Windows ARC runners for build jobs * ci: add siso patch to retry ERROR_INVALID_PARAMETER on ninja file open The existing patch removes the redundant per-chunk re-open in fileParser.readFile, but the single remaining os.Open per subninja can still hit the bindflt race under the ~90k-file concurrent open burst on the 32-core Windows runners. Layer a second patch on top that wraps that open in a Windows-only 5-attempt retry (5-80ms backoff) so a single transient failure no longer aborts the whole manifest load.
…rameless windows (#51252)
…tocol()` (#51251) perf: use GIO instead of xdg-mime for app.getApplicationNameForProtocol() The Linux impl of app.getApplicationNameForProtocol() now uses `g_app_info_get_default_for_uri_scheme()` + `g_app_info_get_display_name()` instead of spawning a call to the `xdg-mime` shell command. Clean up the related tests: remove the xdg-mime mock.
* chore: bump chromium in DEPS to 149.0.7779.0 * chore: bump chromium in DEPS to 149.0.7781.0 * 7726883: Add secondary label support to SimpleMenuModel and update views_examples Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7726883 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: update patches (trivial only) Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix: IWYU for base/logging.h Upstream is removing transitive includes of base/logging.h as part of crbug.com/499476145. Several CLs landed in this roll that required adding explicit includes across Electron source and patches. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7732103 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7735571 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7732482: [bedrock] Create BrowserProcess setters for system tray icons Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7732482 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: update patches (trivial only) Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * 7739543: Add RenderWidgetHostView::HasSavedFrame Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7739543 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: bump chromium in DEPS to 149.0.7783.0 * chore: bump chromium in DEPS to 149.0.7789.0 * chore: update patches (trivial only) * 7703728: DedicatedWorker: Enforce same-origin check for main script fetch. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7703728 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7720140: Remove GetPrefServiceForContext from ExtensionsBrowserClient Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7720140 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: update patches (trivial only) * 7728375: Disable reentrancy by default except for Android and iOS Upstream changed the default ObserverList reentrancy policy from kAllowReentrancy to kDisallowReentrancy. Electron's observer lists are re-entered when macOS AppKit delivers synchronous window notifications (e.g. windowDidResignMain: during windowDidChangeOcclusionState:) because JS event handlers can trigger window state changes mid-iteration. Explicitly opt into kAllowReentrancy for now. A follow-up should convert synchronous Emit calls in window observer callbacks to EmitEventSoon to eliminate the reentrancy. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7728375 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump chromium in DEPS to 149.0.7791.1 * chore: update patches (trivial only) * 7696481: [pdf] Rename PdfViewerStreamManager to MimeHandlerStreamManager Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7696481 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7745796: Printing: Remove parameter from ShowScriptedPrintPreview() interface Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7745796 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7688714: [Lens / Cookies] Grant secure cookie exemptions for Lens side panel Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7688714 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7752609: don't show glic button for non-normal BWIs. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7752609 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * 7749860: [media] Remove VideoFrame::WrapSharedImage with coded_size Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7749860 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump chromium in DEPS to 149.0.7793.0 * chore: bump chromium in DEPS to 149.0.7795.0 * chore: bump chromium in DEPS to 149.0.7797.0 * chore: update patches * chore: remove upstreamed patches - fix_pass_trigger_for_global_shortcuts_on_wayland.patch: https://chromium-review.googlesource.com/c/chromium/src/+/7620219 - gin_mark_argumentholder_as_cppgc_stack_allocated.patch: https://chromium-review.googlesource.com/c/chromium/src/+/7728865 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: bump chromium in DEPS to 149.0.7798.0 * chore: update filenames.libcxx.gni * 7760061: Reland Reland Add a client-side decorated frame view for non-browser widgets on Linux Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7760061 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7760945: Rename WebString::UTF8ConversionMode to Utf8ConversionMode Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7760945 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: update patches * chore: remove upstreamed patches - patches/devtools_frontend/fix_context_selector_not_showing_execution_contexts.patch: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/7761316 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7719004: [extensions] Gate dict-format mime_types_handler parsing Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7719004 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7716681: [pdf] Introduce MimeHandlerStreamDelegate and plumb ownership Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7716681 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7725342: Rename WebString::FromUTF8 to FromUtf8 in Blink Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7725342 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7615475: Add a native frame view for non-browser widgets on Linux Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7615475 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7735248: Move ManifestV2ExperimentManager to //extensions Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7735248 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7725187: linux: set env FC_FONTATIONS and EGL_PLATFORM early Move Ozone pre-init from ElectronBrowserMainParts::PreEarlyInitialization() to ElectronMainDelegate::PreSandboxStartup() to match upstream's rename and relocation. The call has to run before threads are created. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7725187 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 7743280: Introduce client ID for network throttling conditions. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7743280 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: disable ml-kem node test incompatible with BoringSSL test-crypto-pqc-key-objects-ml-kem: BoringSSL's ML-KEM support is inconsistent with the test's OpenSSL-version-based assumptions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: update V8 serialization wire format version to 16 V8 14.9 (Chromium 149) bumped the serialization wire format from version 15 to 16. Update the hardcoded expected bytes in the test-v8-serdes.js test. Remove this patch once upstream Node.js catches up via its next V8 roll. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org> Co-authored-by: Claude <svc-devxp-claude@slack-corp.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: clavin <clavin@electronjs.org>
* build: restrict npm tarball contents to an explicit allowlist The npm publish flow runs `npm pack` in a staging temp dir, but `npm/package.json` had no `files` field — so any file that happened to land in that dir was packed into the published tarball. Recent releases (41.2.1+, 40.9.1+, 39.8.8+) shipped a self-referential `.npm-cache/_logs/*-debug-0.log` (npm's own debug log, written into the pack dir before pack finishes reading files) and a stray copy of `SHASUMS256.txt` that duplicates the info already in `checksums.json`. Add an explicit `files` allowlist so only the intended contents are packaged, regardless of staging-dir contamination. `package.json`, `README.md`, and `LICENSE` are auto-included by npm. Fixes #51290. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * build: include LICENSE and README.md in files allowlist These are auto-included by npm regardless, but listing them makes the intended contents of the tarball self-documenting alongside the other entries. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Chromium 149.0.7798.0 roll bumped the pinned siso revision, and upstream added a `path/filepath` import to file_parser.go. That broke the import-block context for the 0002 ERROR_INVALID_PARAMETER retry patch, so `git am --3way` could no longer build a fake ancestor and the build-siso-windows job started failing at the apply step. Re-export both patches against the new siso SHA. No functional change to the patched code; only line offsets, index hashes and the import context move.
…51292) * fix: pre-create thinlto-cache dir on Windows to avoid bindflt race Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix: discover ThinLTO cache path from GN instead of hardcoding Addresses review feedback from @deepak1556: the hardcoded `out\Default\thinlto-cache` path goes out of sync if upstream changes `cache_dir` in Chromium's build/config/compiler/BUILD.gn. Read the `/lldltocache:` flag from `gn desc` on a linked target (`//electron:electron_app`) and pre-create whatever path GN actually configured. Skips the pre-create entirely when ThinLTO is disabled (non-official builds), which is the correct no-op. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: run gn gen before discovering ThinLTO cache path Previous attempt failed on Windows CI for two reasons: 1. `e init` does not run `gn gen` — out/Default is still unpopulated when the build step starts, so `gn desc` had nothing to introspect. 2. `e` writes informational lines to stderr (e.g. "INFO Auto-updates disabled"), which GitHub Actions' default $ErrorActionPreference = 'Stop' turned into a terminating NativeCommandError before e build could run. Run `gn gen` explicitly here so `gn desc` can report the effective `/lldltocache:` path, and shell each `e` invocation through cmd.exe so its informational stderr stays out of PowerShell's error stream. `e build` re-uses the same generated build dir so gn gen is paid once. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: revert to hardcoded thinlto-cache path, document the coupling Dynamic discovery via `gn desc` required `gn gen` to run beforehand, and `gn gen` can't run before `e build` on Windows CI — gn.exe isn't installed in `src/third_party/gn/` or `src/buildtools/win/gn/` until a Chromium gclient hook that the current CI workflow doesn't trigger. `e build` works because the restored src cache lets it skip the gen step; any attempt to force `gn gen` earlier fails with exit 2. Go back to pre-creating the path the upstream default currently resolves to, and leave a comment explaining the coupling so a future upstream relocation fails loudly (via the original LLVM error) rather than silently. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude <svc-devxp-claude@slack-corp.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* ci: test with absolute paths for lld-link on windows * fix: exclude system libs * fix: skip abs wrapper for thin archive step
* ci: route rustc linker invocations through abs_link_wrapper * fix: abs path to generated cmd file * fix: remove extra quotes around args
* fix: add inputs to node_headers target for proper invalidation The `generate_node_headers` action had no `inputs` declared, so Ninja would not rebuild when node or V8 header files changed. This caused stale headers to remain in gen/node_headers after a Node.js bump, leading to build failures with errors in files like target_agent.h. Add inputs including the install.py script (which determines which headers to copy), key Node.js headers, inspector headers, and V8 version headers. Changes to any of these will now trigger regeneration. https://claude.ai/code/session_018qZ1FBZCEkmDC1sRvPQnqp * refactor: drive node_headers inputs from filenames.auto.gni Wire the `generate_node_headers` action's inputs through the existing auto_filenames mechanism so there is a single source of truth for which files should invalidate the generated node_headers directory. `script/gen-filenames.ts` now enumerates node and v8 header files via filesystem scan and records them under `auto_filenames.node_header_sources` in filenames.auto.gni, alongside install.py (which drives which headers get copied). BUILD.gn consumes the list directly as the action's `inputs` parameter. The list will repopulate fully the next time `ts-node script/gen-filenames.ts` runs (via lint-staged on any JS/TS commit), the same way webpack bundle deps are refreshed today. https://claude.ai/code/session_018qZ1FBZCEkmDC1sRvPQnqp * chore: update filenames * fmt --------- Co-authored-by: Claude <noreply@anthropic.com>
* ci: run siso build as part of Apply Patches workflow This adds a build-siso job that runs when DEPS or .github/siso-patches change, so siso patch issues are detected before chromium rolls land. https://claude.ai/code/session_01TggMjnXwKFFtuLQAsrGfA3 * ci: trigger rerun-apply-patches on siso-patches changes https://claude.ai/code/session_01TggMjnXwKFFtuLQAsrGfA3 --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )