Merge remote-tracking branch 'origin/master' into roller/chromium-ad1b791122c04bd91b825fbfbdf1ff4da82a0edb-1558011686736

2019-05-21 10:07:17 -07:00 · 2019-05-21 10:07:17 -07:00 · ca283c74c9
commit ca283c74c9
parent 446944c677 75609f784c
64 changed files with 2026 additions and 3216 deletions
--- a/docs/api/app.md
+++ b/docs/api/app.md
@ -343,6 +343,10 @@ app.on('login', (event, webContents, request, authInfo, callback) => {
 })
 ```

+### Event: 'gpu-info-update'
+
+Emitted whenever there is a GPU info update.
+
 ### Event: 'gpu-process-crashed'

 Returns:
@ -400,8 +404,10 @@ Returns:
 * `workingDirectory` String - The second instance's working directory

 This event will be emitted inside the primary instance of your application
-when a second instance has been executed. `argv` is an Array of the second instance's
-command line arguments, and `workingDirectory` is its current working directory. Usually
+when a second instance has been executed and calls `app.requestSingleInstanceLock()`.
+
+`argv` is an Array of the second instance's command line arguments,
+and `workingDirectory` is its current working directory. Usually
 applications respond to this by making their primary window focused and
 non-minimized.

@ -684,7 +690,7 @@ To set the locale, you'll want to use a command line switch at app startup, whic

 ### `app.getLocaleCountryCode()`

-Returns `string` - User operating system's locale two-letter [ISO 3166](https://www.iso.org/iso-3166-country-codes.html) country code. The value is taken from native OS APIs.
+Returns `String` - User operating system's locale two-letter [ISO 3166](https://www.iso.org/iso-3166-country-codes.html) country code. The value is taken from native OS APIs.

 **Note:** When unable to detect locale country code, it returns empty string.

@ -1012,6 +1018,8 @@ Returns [`ProcessMetric[]`](structures/process-metric.md): Array of `ProcessMetr

 Returns [`GPUFeatureStatus`](structures/gpu-feature-status.md) - The Graphics Feature Status from `chrome://gpu/`.

+**Note:** This information is only usable after the `gpu-info-update` event is emitted.
+
 ### `app.getGPUInfo(infoType)`

 * `infoType` String - Values can be either `basic` for basic info or `complete` for complete info.
--- a/docs/api/breaking-changes.md
+++ b/docs/api/breaking-changes.md
@ -1,4 +1,4 @@
-# API Contract
+# Breaking Changes

 Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least [one major version](../tutorial/electron-versioning.md#semver) before the change is made.

@ -8,6 +8,16 @@ The `FIXME` string is used in code comments to denote things that should be fixe

 ## Planned Breaking API Changes (7.0)

+### Node Headers URL
+
+This is the URL specified as `disturl` in a `.npmrc` file or as the `--dist-url`
+command line flag when building native Node modules.  Both will be supported for
+the forseeable future but it is reccomened that you switch.
+
+Deprecated: https://atom.io/download/electron
+
+Replace with: https://electronjs.org/headers
+
 ### `session.clearAuthCache(options)`

 The `session.clearAuthCache` API no longer accepts options for what to clear, and instead unconditionally clears the whole cache.
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@ -592,7 +592,7 @@ win.on('app-command', (e, cmd) => {
 })
 ```

-The following app commands are explictly supported on Linux:
+The following app commands are explicitly supported on Linux:

 * `browser-backward`
 * `browser-forward`
--- a/docs/api/menu.md
+++ b/docs/api/menu.md
@ -10,7 +10,7 @@ Creates a new menu.

 ### Static Methods

-The `menu` class has the following static methods:
+The `Menu` class has the following static methods:

 #### `Menu.setApplicationMenu(menu)`

--- a/docs/api/native-image.md
+++ b/docs/api/native-image.md
@ -177,7 +177,7 @@ Creates a new `NativeImage` instance from `dataURL`.
 Returns `NativeImage`

 Creates a new `NativeImage` instance from the NSImage that maps to the
-given image name. See [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename?language=objc)
+given image name. See [`System Icons`](https://developer.apple.com/design/human-interface-guidelines/macos/icons-and-images/system-icons/)
 for a list of possible values.

 The `hslShift` is applied to the image with the following rules
--- a/docs/api/sandbox-option.md
+++ b/docs/api/sandbox-option.md
@ -113,8 +113,8 @@ window.open = customWindowOpen
 Important things to notice in the preload script:

 - Even though the sandboxed renderer doesn't have Node.js running, it still has
-  access to a limited node-like environment: `Buffer`, `process`, `setImmediate`
-  and `require` are available.
+  access to a limited node-like environment: `Buffer`, `process`, `setImmediate`,
+  `clearImmediate` and `require` are available.
 - The preload script can indirectly access all APIs from the main process through the
  `remote` and `ipcRenderer` modules.
 - The preload script must be contained in a single script, but it is possible to have
@ -162,16 +162,17 @@ feature. We are still not aware of the security implications of exposing some
 Electron renderer APIs to the preload script, but here are some things to
 consider before rendering untrusted content:

- A preload script can accidentally leak privileged APIs to untrusted code.
+- A preload script can accidentally leak privileged APIs to untrusted code,
+  unless [`contextIsolation`](../tutorial/security.md#3-enable-context-isolation-for-remote-content)
+  is also enabled.
 - Some bug in V8 engine may allow malicious code to access the renderer preload
  APIs, effectively granting full access to the system through the `remote`
-  module.
+  module. Therefore, it is highly recommended to
+  [disable the `remote` module](../tutorial/security.md#15-disable-the-remote-module).
+  If disabling is not feasible, you should selectively
+  [filter the `remote` module](../tutorial/security.md#16-filter-the-remote-module).

 Since rendering untrusted content in Electron is still uncharted territory,
 the APIs exposed to the sandbox preload script should be considered more
 unstable than the rest of Electron APIs, and may have breaking changes to fix
 security issues.
-
-One planned enhancement that should greatly increase security is to block IPC
-messages from sandboxed renderers by default, allowing the main process to
-explicitly define a set of messages the renderer is allowed to send.
--- a/docs/api/session.md
+++ b/docs/api/session.md
@ -203,7 +203,7 @@ The `proxyBypassRules` is a comma separated list of rules described below:

 * `url` URL

-Returns `Promise<string>` - Resolves with the proxy information for `url`.
+Returns `Promise<String>` - Resolves with the proxy information for `url`.

 #### `ses.setDownloadPath(path)`

--- a/docs/tutorial/using-native-node-modules.md
+++ b/docs/tutorial/using-native-node-modules.md
@ -55,7 +55,7 @@ export npm_config_target=1.2.3
 export npm_config_arch=x64
 export npm_config_target_arch=x64
 # Download headers for Electron.
-export npm_config_disturl=https://atom.io/download/electron
+export npm_config_disturl=https://electronjs.org/headers
 # Tell node-pre-gyp that we are building for Electron.
 export npm_config_runtime=electron
 # Tell node-pre-gyp to build module from source code.
@ -72,7 +72,7 @@ use `node-gyp` directly to build for Electron:

 ```sh
 cd /path-to-module/
-HOME=~/.electron-gyp node-gyp rebuild --target=1.2.3 --arch=x64 --dist-url=https://atom.io/download/electron
+HOME=~/.electron-gyp node-gyp rebuild --target=1.2.3 --arch=x64 --dist-url=https://electronjs.org/headers
 ```

 * `HOME=~/.electron-gyp` changes where to find development headers.