Cherry picks: Godot sync 64bd2e3

[Arctis-Fireblight]

Pulled the latest changes from upstream's 4.5 branch.

Hopefully this will fix the GH Actions.

Summary by CodeRabbit

Release Notes

• New Features

  • Prevent duplicate entries in generated ZIP archives by detecting existing central-directory names.
  • Added size-optimized compression/decompression APIs (zlib 1.3.2) for handling large inputs more safely.

• Bug Fixes

  • Improved editor tile/theme selection color rendering for consistent overlay visuals.

• Chores

  • Refreshed CI GitHub Action versions across platforms.
  • Updated Android export tooling (Target SDK 36, newer NDK) and refreshed embedded ZIP/zlib component/copyright year ranges to 2026.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a22c9311-4bcc-4e7b-89da-11c6e50dfa04

📥 Commits

Reviewing files that changed from the base of the PR and between 00e87b1 and af6d2c2.

📒 Files selected for processing (1)

• scene/2d/physics/collision_polygon_2d.cpp

✅ Files skipped from review due to trivial changes (1)

• scene/2d/physics/collision_polygon_2d.cpp

---

Walkthrough

Updates thirdparty zlib from 1.3.1 to 1.3.2 with new _z size_t compression/decompression APIs, refactored deflate_stored logic, internal inflate_fixed generation, and updated memory helper signatures. Updates minizip with portable integer types (ints.h), a new skiplist-based set header for duplicate name detection, and UTF-8 ZIP flag logic. Bumps Android NDK to 29, compileSdk/targetSdk to 36, and updates Gradle dependencies. Modernizes GitHub Actions versions across all workflows, adds a pre-commit composite action with caching, clears CODEOWNERS, and fixes engine code with Color::from_hsv static constructors, Metal initializer style corrections, text_server pragma guards extended to MinGW + Clang >= 21, and collision_polygon_2d.cpp polygon size caching.

Changes

CI/CD and Infra Updates

Layer / File(s)	Summary
GitHub Actions version bumps and new pre-commit action .github/actions/pre-commit/action.yml, .github/actions/download-artifact/action.yml, .github/actions/redot-cpp-build/action.yml, .github/workflows/android_builds.yml, .github/workflows/ios_builds.yml, .github/workflows/linux_builds.yml, .github/workflows/macos_builds.yml, .github/workflows/static_checks.yml, .github/workflows/web_builds.yml, .github/workflows/windows_builds.yml, .github/actions/godot-deps/action.yml	actions/checkout bumped to v6 across all workflows and composite actions; actions/setup-java to v5, actions/setup-dotnet to v5, actions/download-artifact to v8, Emscripten setup changed to emscripten-core/setup-emsdk@v16, and godot-deps SCons version updated to 4.10.1; new pre-commit composite action added with actions/cache@v5 keyed by .pre-commit-config.yaml hash and configurable extra_args (default --all-files); windows workflow compilation step no longer passes tests input.
CODEOWNERS cleared and SConstruct GCC 16 warning .github/CODEOWNERS, SConstruct	CODEOWNERS content replaced with a single intentionally-empty comment. SConstruct adds -Wno-sfinae-incomplete to CXXFLAGS for GCC >= 16.

Android Platform Version Bumps

Layer / File(s)	Summary
Android SDK, NDK, and Gradle version updates platform/android/detect.py, platform/android/export/export_plugin.cpp, platform/android/java/app/config.gradle	get_ndk_version() returns NDK 29.0.14206865; DEFAULT_TARGET_SDK_VERSION set to 36; config.gradle updates compileSdk, targetSdk, buildTools, kotlinVersion, ndkVersion, and openxrVendorsVersion.

Engine Source Code Fixes

Layer / File(s)	Summary
Color::from_hsv static method usage editor/scene/2d/tiles/tile_data_editors.cpp, editor/scene/2d/tiles/tile_map_layer_editor.cpp, editor/themes/editor_theme_manager.cpp	All selection_color and property_color_* constructions changed from Color().from_hsv(...) to Color::from_hsv(...) for static constructor usage.
Metal driver initializer style corrections drivers/metal/metal_objects.mm, drivers/metal/pixel_formats.mm, drivers/metal/rendering_device_driver_metal.mm	SHADER_STAGE_NAMES and LOAD_ACTIONS/STORE_ACTIONS changed to positional initializers; pixel format descriptor structs changed to designated initializers for explicit field mapping.
text_server_adv pragma guards and collision_polygon_2d optimizations modules/text_server_adv/text_server_adv.h, scene/2d/physics/collision_polygon_2d.cpp	Warning push/pop pragma guards extended from __EMSCRIPTEN__-only to also cover __MINGW32__ with Clang >= 21. collision_polygon_2d.cpp BUILD_SEGMENTS path caches polygon.size() into a local variable for repeated access.

Thirdparty zlib 1.3.2 and minizip Vendor Update

Layer / File(s)	Summary
zlib 1.3.2 public header contracts and symbol mapping thirdparty/zlib/zlib.h, thirdparty/zlib/zconf.h, thirdparty/zlib/deflate.h, thirdparty/zlib/inflate.h, thirdparty/zlib/inftrees.h, thirdparty/zlib/zutil.h	ZLIB_VERSION bumped to 1.3.2; new _z size_t API declarations added (compress_z, compress2_z, compressBound_z, deflateBound_z, uncompress_z, uncompress2_z); deflate_state gains bi_used/slid fields; inflate_fixed declared; zutil.h adds z_once implementation, updated zmem* prototypes with z_size_t lengths, and z_off64_t combine helper type changes.
zlib 1.3.2 core implementation changes thirdparty/zlib/deflate.c, thirdparty/zlib/inflate.c, thirdparty/zlib/inftrees.c, thirdparty/zlib/crc32.c, thirdparty/zlib/compress.c, thirdparty/zlib/uncompr.c, thirdparty/zlib/trees.c, thirdparty/zlib/inffast.c, thirdparty/zlib/zutil.c, thirdparty/zlib/gzguts.h, thirdparty/zlib/inffixed.h, thirdparty/zlib/deflate.h, thirdparty/zlib/inflate.h	deflate.c: CLEAR_HASH/slide_hash track slid, deflateInit2_ zeroes state, deflateBound_z introduced, deflate_stored refactored with bi_used state, CRC updates use crc32_z; inflate.c: inflate_fixed replaces fixedtables, strm->msg uses z_const; inftrees.c: inflate_fixed added with z_once-guarded buildtables; crc32.c: multmodp/x2nmodp return uLong, z_once replaces once, crc32_combine_op gains op==0 guard; compress.c/uncompr.c: _z variants implemented; gzguts.h: gz_state gains junk/again fields, drops seek; zmem* signatures updated in zutil.c and zutil.h.
minizip portable integer types and ZPOS64_T simplification thirdparty/minizip/ints.h, thirdparty/minizip/ioapi.h, thirdparty/minizip/ioapi.c	New ints.h defines i8_t–i64_t and ui8_t–ui64_t via limits.h conditional checks with compile-time errors for missing widths. ioapi.h include guard renamed from _ZLIBIOAPI64_H, ZPOS64_T simplified to typedef ui64_t. ioapi.c adds Android API < 24 to the 64-bit function exclusion condition.
minizip skipset.h skiplist-based set thirdparty/minizip/skipset.h	New header-only skiplist set parameterized by set_key_t, set_cmp, and set_drop hooks; includes PCG32-like RNG, setjmp-based allocation-failure handling via set->env, and set_start/set_insert/set_found/set_end lifecycle functions. Optional SET_TRACK enables allocation counting and memory tracking.
minizip zip.c/h: zipAlreadyThere, UTF-8 flag, entry validation thirdparty/minizip/zip.h, thirdparty/minizip/zip.c	zip.h exports zip_copyright constant and zipAlreadyThere(zipFile, name) function. zip.c integrates set_t/block_t into zip64_internal, implements central-directory iteration and duplicate name detection via skipset, adds utf8len/isutf8 helpers to set ZIP flag bit 11 for UTF-8 names/comments, adds 16-bit size fit checks, calls set_end in zipClose, and refines zipRemoveExtraInfoBlock with explicit memset before rebuild.
minizip unzip.c/h and crypt.h fixups thirdparty/minizip/unzip.h, thirdparty/minizip/unzip.c, thirdparty/minizip/crypt.h	unzip.h adds unz_copyright declaration and clarifies buffer semantics. unzip.c adds ZLIB_DLL undef guard, refines CASESENSITIVITYDEFAULT_NO platform detection, explicitly nulls zopen32_file, casts zdecode result to char. crypt.h removes register from keyshift and updates srand cast expression.
Thirdparty attribution and license updates COPYRIGHT.txt, thirdparty/README.md, thirdparty/zlib/LICENSE, thirdparty/minizip/MiniZip64_info.txt	Copyright years extended to 2026; zlib upstream URL updated to github.com/madler/zlib; zlib version documented as 1.3.2; MiniZip64 URLs switched to https.

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~125 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.94% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Cherry picks: Godot sync 64bd2e3' is directly related to the main purpose of the changeset—cherry-picking upstream Godot changes into the Redot Engine codebase, as confirmed by the PR objectives.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 10

🧹 Nitpick comments (1)

.github/workflows/android_builds.yml (1)

34-34: Consider pinning GitHub Actions to commit SHAs instead of version tags (Lines 34 and 39).

Currently using mutable refs (@v6, @v5). Pinning to specific commit SHAs reduces supply-chain risk, though this is a best practice recommendation rather than an enforced repository policy.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/android_builds.yml at line 34, The workflow is using
mutable version tags (`@v6` and `@v5`) for GitHub Actions which presents a supply
chain risk. Replace the version tags with specific commit SHAs for the
actions/checkout action at line 34 and the other action at line 39. To do this,
look up the commit SHA for each version tag from the respective GitHub action
repositories and replace the version tag (e.g., `@v6`) with the full commit SHA
(e.g., `@abc123def456`). This pins the actions to immutable commits, reducing the
risk of malicious updates to those actions.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/actions/download-artifact/action.yml:
- Line 17: Replace the mutable version tag `@v8` in the `uses:
actions/download-artifact@v8` line with a full-length commit SHA to prevent
supply chain attacks. Add a comment above or on the same line indicating the
version tag (e.g., `# v8.1.0`) for maintainability reference, and consider
configuring Dependabot to automate future SHA updates.

In @.github/actions/pre-commit/action.yml:
- Line 13: The `actions/cache@v5` reference on line 13 uses a mutable version
tag which presents a security risk as maintainers or attackers could force-push
malicious code to that tag. Replace the mutable tag `@v5` with a full
40-character commit SHA, and include the version number as a trailing comment
for readability in the format `uses: actions/cache@<full-commit-sha> # v5`. Look
up the correct commit SHA for version 5 of the actions/cache action and use that
immutable reference instead.
- Line 24: The pre-commit run command in the action.yml file has a hardcoded
--files flag that conflicts with the default --all-files argument typically
passed in extra_args. Remove the --files flag from the pre-commit run command
line and pass the inputs.extra_args directly instead, allowing the extra_args
input to control the file selection behavior without conflicts.

In @.github/actions/redot-cpp-build/action.yml:
- Line 25: The actions/checkout action is using the mutable `@v6` tag instead of a
pinned commit SHA, which creates supply chain risk since the tag can be
force-pushed without PR visibility. Replace the mutable `@v6` tag reference in the
uses field with the full 40-character commit SHA of the specific version (for
example, de0fac2e4500dabe0009e67214ff5f5447ce83dd for v6.0.2), optionally
including a comment with the version tag for clarity. This ensures the workflow
runs only the exact, reviewed code.

In @.github/workflows/ios_builds.yml:
- Line 21: Replace the mutable version reference in the `actions/checkout`
action usage from `@v6` to a pinned full 40-character commit SHA to prevent
supply chain attacks. Include a comment above or on the same line indicating the
original version tag (v6) for future reference and maintainability. This ensures
the action cannot be force-pushed with malicious code while making it clear
which version was pinned.

In @.github/workflows/linux_builds.yml:
- Line 84: The actions/checkout and actions/setup-dotnet uses statements are
referencing mutable version tags (v6 and v5) instead of immutable commit SHAs,
which creates a security vulnerability. Replace the version tags with their
corresponding commit SHAs for both the actions/checkout action on line 84 and
the actions/setup-dotnet action on line 127. This ensures the workflow will
always use the exact same versions and prevents unexpected behavior changes on
workflow reruns.

In @.github/workflows/static_checks.yml:
- Line 15: The `actions/checkout@v6` action is pinned to a mutable version tag
which poses a security vulnerability as the tag can be retargeted by an
attacker. Replace the `uses: actions/checkout@v6` statement with the complete
40-character commit SHA instead of the version tag, and include an inline
comment with the semantic version (e.g., `actions/checkout@[40-char-sha] #
v6.x.x`) for maintainability and readability.

In @.github/workflows/web_builds.yml:
- Around line 37-42: Replace the floating action version tags with specific
commit SHAs to comply with the repo's pinning policy. For the
`actions/checkout@v6` action on line 37, replace `@v6` with the full commit SHA.
Similarly, for the `emscripten-core/setup-emsdk@v16` action on line 42, replace
`@v16` with the full commit SHA. This ensures the workflow uses fixed, immutable
versions of these external actions rather than floating tags that could change
unexpectedly.

In @.github/workflows/windows_builds.yml:
- Around line 51-52: The checkout action is currently pinned to a version tag
`actions/checkout@v6` which can float and pick up unexpected upstream changes.
Replace the `uses: actions/checkout@v6` line with a pinned full commit SHA
instead of the version tag to match the repository's action-pinning policy and
ensure deterministic builds.

In `@thirdparty/minizip/ioapi.h`:
- Line 24: The preprocessor condition on line 24 of ioapi.h uses OR operator in
the negated clause `!(defined(__ANDROID_API__) || __ANDROID_API__ >= 24)` which
incorrectly disables 64-bit support for all defined Android versions, but the
matching code in ioapi.c line 17 correctly enables 64-bit functions only for
Android < 24. Change the OR operator to AND in the negated Android API clause to
align with ioapi.c's intent, replacing the condition with
`!(defined(__ANDROID_API__) && __ANDROID_API__ < 24)` so that 64-bit file
operations are properly enabled on Android API 24 and above.

---

Nitpick comments:
In @.github/workflows/android_builds.yml:
- Line 34: The workflow is using mutable version tags (`@v6` and `@v5`) for GitHub
Actions which presents a supply chain risk. Replace the version tags with
specific commit SHAs for the actions/checkout action at line 34 and the other
action at line 39. To do this, look up the commit SHA for each version tag from
the respective GitHub action repositories and replace the version tag (e.g.,
`@v6`) with the full commit SHA (e.g., `@abc123def456`). This pins the actions to
immutable commits, reducing the risk of malicious updates to those actions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0a7973da-b8cf-4a1f-8014-d41d889c35a8

📥 Commits

Reviewing files that changed from the base of the PR and between 69c73e8 and 9970517.

⛔ Files ignored due to path filters (1)

• servers/rendering/renderer_rd/shaders/effects/cubemap_roughness_inc.glsl is excluded by !**/*.glsl

📒 Files selected for processing (52)

• .github/CODEOWNERS
• .github/actions/download-artifact/action.yml
• .github/actions/pre-commit/action.yml
• .github/actions/redot-cpp-build/action.yml
• .github/workflows/android_builds.yml
• .github/workflows/ios_builds.yml
• .github/workflows/linux_builds.yml
• .github/workflows/macos_builds.yml
• .github/workflows/static_checks.yml
• .github/workflows/web_builds.yml
• .github/workflows/windows_builds.yml
• COPYRIGHT.txt
• SConstruct
• drivers/metal/metal_objects.mm
• drivers/metal/pixel_formats.mm
• drivers/metal/rendering_device_driver_metal.mm
• editor/scene/2d/tiles/tile_data_editors.cpp
• editor/scene/2d/tiles/tile_map_layer_editor.cpp
• editor/themes/editor_theme_manager.cpp
• modules/text_server_adv/text_server_adv.h
• platform/android/detect.py
• platform/android/export/export_plugin.cpp
• platform/android/java/app/config.gradle
• thirdparty/README.md
• thirdparty/minizip/MiniZip64_info.txt
• thirdparty/minizip/crypt.h
• thirdparty/minizip/ints.h
• thirdparty/minizip/ioapi.c
• thirdparty/minizip/ioapi.h
• thirdparty/minizip/skipset.h
• thirdparty/minizip/unzip.c
• thirdparty/minizip/unzip.h
• thirdparty/minizip/zip.c
• thirdparty/minizip/zip.h
• thirdparty/zlib/LICENSE
• thirdparty/zlib/compress.c
• thirdparty/zlib/crc32.c
• thirdparty/zlib/deflate.c
• thirdparty/zlib/deflate.h
• thirdparty/zlib/gzguts.h
• thirdparty/zlib/inffast.c
• thirdparty/zlib/inffixed.h
• thirdparty/zlib/inflate.c
• thirdparty/zlib/inflate.h
• thirdparty/zlib/inftrees.c
• thirdparty/zlib/inftrees.h
• thirdparty/zlib/trees.c
• thirdparty/zlib/uncompr.c
• thirdparty/zlib/zconf.h
• thirdparty/zlib/zlib.h
• thirdparty/zlib/zutil.c
• thirdparty/zlib/zutil.h