The crates from https://github.com/open-i18n/rust-unic are unmaintained but they are still being pulled in via `tauri`. Unfortunately, we have to wait for an MSRV bump from `tauri` before the update of `urlpattern` can be completed. Until then, we need to ignore these advisories to keep our CI passing.
Related: https://github.com/tauri-apps/tauri/pull/14195
We haven't updated `aya` in a while. Unfortunately, the update is not without problems. For one, the logging infrastructure changed, requiring us to drop the error details from `xdp_adjust_head`. See https://github.com/aya-rs/aya/issues/1348. Two, the `tokio` feature flag got removed but luckily that can be worked around quite easily.
Resolves: #10344
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to
0.4.42.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/chrono/releases">chrono's
releases</a>.</em></p>
<blockquote>
<h2>0.4.42</h2>
<h2>What's Changed</h2>
<ul>
<li>Add fuzzer for DateTime::parse_from_str by <a
href="https://github.com/tyler92"><code>@tyler92</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li>
<li>Fix wrong amount of micro/milliseconds by <a
href="https://github.com/nmlt"><code>@nmlt</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li>
<li>Add warning about MappedLocalTime and wasm by <a
href="https://github.com/lutzky"><code>@lutzky</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li>
<li>Fix incorrect parsing of fixed-length second fractions by <a
href="https://github.com/chris-leach"><code>@chris-leach</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li>
<li>Fix cfgs for <code>wasm32-linux</code> support by <a
href="https://github.com/arjunr2"><code>@arjunr2</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li>
<li>Fix OpenHarmony's <code>tzdata</code> parsing by <a
href="https://github.com/ldm0"><code>@ldm0</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li>
<li>Convert NaiveDate to/from days since unix epoch by <a
href="https://github.com/findepi"><code>@findepi</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li>
<li>Add <code>?Sized</code> bound to related methods of
<code>DelayedFormat::write_to</code> by <a
href="https://github.com/Huliiiiii"><code>@Huliiiiii</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li>
<li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code>
by <a href="https://github.com/jasonaowen"><code>@jasonaowen</code></a>
in <a
href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li>
<li>Migrate to core::error::Error by <a
href="https://github.com/benbrittain"><code>@benbrittain</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li>
<li>Upgrade to windows-bindgen 0.63 by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li>
<li>strftime: simplify error handling by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3fd15f976"><code>f3fd15f</code></a>
Bump version to 0.4.42</li>
<li><a
href="5cf5603500"><code>5cf5603</code></a>
strftime: add regression test case</li>
<li><a
href="a6231701ee"><code>a623170</code></a>
strftime: simplify error handling</li>
<li><a
href="36fbfb1221"><code>36fbfb1</code></a>
strftime: move specifier handling out of match to reduce rightward
drift</li>
<li><a
href="7f413c363b"><code>7f413c3</code></a>
strftime: yield None early</li>
<li><a
href="9d5dfe1640"><code>9d5dfe1</code></a>
strftime: outline constants</li>
<li><a
href="e5f6be7db4"><code>e5f6be7</code></a>
strftime: move error() method below caller</li>
<li><a
href="d516c2764d"><code>d516c27</code></a>
strftime: merge impl blocks</li>
<li><a
href="0ee2172fb9"><code>0ee2172</code></a>
strftime: re-order items to keep impls together</li>
<li><a
href="757a8b0226"><code>757a8b0</code></a>
Upgrade to windows-bindgen 0.63</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/chrono/compare/v0.4.41...v0.4.42">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps the cargo group in /rust with 1 update:
[tracing-subscriber](https://github.com/tokio-rs/tracing).
Updates `tracing-subscriber` from 0.3.19 to 0.3.20
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's
releases</a>.</em></p>
<blockquote>
<h2>tracing-subscriber 0.3.20</h2>
<p><strong>Security Fix</strong>: ANSI Escape Sequence Injection
(CVE-TBD)</p>
<h2>Impact</h2>
<p>Previous versions of tracing-subscriber were vulnerable to ANSI
escape sequence injection attacks. Untrusted user input containing ANSI
escape sequences could be injected into terminal output when logged,
potentially allowing attackers to:</p>
<ul>
<li>Manipulate terminal title bars</li>
<li>Clear screens or modify terminal display</li>
<li>Potentially mislead users through terminal manipulation</li>
</ul>
<p>In isolation, impact is minimal, however security issues have been
found in terminal emulators that enabled an attacker to use ANSI escape
sequences via logs to exploit vulnerabilities in the terminal
emulator.</p>
<h2>Solution</h2>
<p>Version 0.3.20 fixes this vulnerability by escaping ANSI control
characters in when writing events to destinations that may be printed to
the terminal.</p>
<h2>Affected Versions</h2>
<p>All versions of tracing-subscriber prior to 0.3.20 are affected by
this vulnerability.</p>
<h2>Recommendations</h2>
<p>Immediate Action Required: We recommend upgrading to
tracing-subscriber 0.3.20 immediately, especially if your
application:</p>
<ul>
<li>Logs user-provided input (form data, HTTP headers, query parameters,
etc.)</li>
<li>Runs in environments where terminal output is displayed to
users</li>
</ul>
<h2>Migration</h2>
<p>This is a patch release with no breaking API changes. Simply update
your Cargo.toml:</p>
<pre lang="toml"><code>[dependencies]
tracing-subscriber = "0.3.20"
</code></pre>
<h2>Acknowledgments</h2>
<p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a>
who responsibly reported the issue at
<code>security@tokio.rs</code>.</p>
<p>If you believe you have found a security vulnerability in any
tokio-rs project, please email us at <code>security@tokio.rs</code>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c52ca5266"><code>4c52ca5</code></a>
fmt: fix ANSI escape sequence injection vulnerability (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li>
<li><a
href="f71cebe41e"><code>f71cebe</code></a>
subscriber: impl Clone for EnvFilter (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li>
<li><a
href="3a1f571102"><code>3a1f571</code></a>
Fix CI (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li>
<li><a
href="e63ef57f3d"><code>e63ef57</code></a>
chore: prepare tracing-attributes 0.1.30 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li>
<li><a
href="6e59a13b1a"><code>6e59a13</code></a>
attributes: fix tracing::instrument regression around shadowing (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li>
<li><a
href="e4df761275"><code>e4df761</code></a>
tracing: update core to 0.1.34 and attributes to 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li>
<li><a
href="643f392ebb"><code>643f392</code></a>
chore: prepare tracing-attributes 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li>
<li><a
href="d08e7a6eea"><code>d08e7a6</code></a>
chore: prepare tracing-core 0.1.34 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li>
<li><a
href="6e70c571d3"><code>6e70c57</code></a>
tracing-subscriber: count numbers of enters in <code>Timings</code> (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li>
<li><a
href="c01d4fd9de"><code>c01d4fd</code></a>
fix docs and enable CI on <code>main</code> branch (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
With the removal of the NAT64/46 modules, we can now simplify the
internals of our `IpPacket` struct. The requirements for our `IpPacket`
struct are somewhat delicate.
On the one hand, we don't want to be overly restrictive in our parsing /
validation code because there is a lot of broken software out there that
doesn't necessarily follow RFCs. Hence, we want to be as lenient as
possible in what we accept.
On the other hand, we do need to verify certain aspects of the packet,
like the payload lengths. At the moment, we are somewhat too lenient
there which causes errors on the Gateway where we have to NAT or
otherwise manipulate the packets. See #9567 or #9552 for example.
To fix this, we make the parsing in the `IpPacket` constructor more
restrictive. If it is a UDP, TCP or ICMP packet, we attempt to fully
parse its headers and validate the payload lengths.
This parsing allows us to then rely on the integrity of the packet as
part of the implementation. This does create several code paths that can
in theory panic but in practice, should be impossible to hit. To ensure
that this does in fact not happen, we also tackle an issue that is long
overdue: Fuzzing.
Resolves: #6667Resolves: #9567Resolves: #9552
Despite still being in development, the `tauri-specta` project already
proves to be quite useful. It allows us to generate TypeScript bindings
for our commands and events, creating a type-safe contract between the
frontend and the backend.
For example, this ensures that the TypeScript code calls a command
actually with the required parameters and thus avoids runtime failures.
Similarly, the frontend can listen on type-safe events without having to
use any magic strings.
Bumps the tauri group in /rust with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace)
| `2.2.2` | `2.3.0` |
|
[tauri-plugin-notification](https://github.com/tauri-apps/plugins-workspace)
| `2.2.2` | `2.3.0` |
| [tauri-plugin-opener](https://github.com/tauri-apps/plugins-workspace)
| `2.2.7` | `2.4.0` |
| [tauri-plugin-shell](https://github.com/tauri-apps/plugins-workspace)
| `2.2.1` | `2.3.0` |
| [tauri-runtime](https://github.com/tauri-apps/tauri) | `2.6.0` |
`2.7.0` |
| [tauri-utils](https://github.com/tauri-apps/tauri) | `2.4.0` | `2.5.0`
|
Updates `tauri-plugin-dialog` from 2.2.2 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-dialog's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.2...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-notification` from 2.2.2 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-notification's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.2...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-opener` from 2.2.7 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-opener's
releases</a>.</em></p>
<blockquote>
<h2>cli-js v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-cli@2.4.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.4kB README.md
npm notice 1.1kB dist-js/index.cjs
npm notice 1.3kB dist-js/index.d.ts
npm notice 1.0kB dist-js/index.js
npm notice 653B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-cli
npm notice version: 2.4.0
npm notice filename: tauri-apps-plugin-cli-2.4.0.tgz
npm notice package size: 2.9 kB
npm notice unpacked size: 8.4 kB
npm notice shasum: 8d6eacb113a377bb690a36676c63c7b426212f46
npm notice integrity: sha512-3AUUaaqj3Pkac[...]WBNAL4I4iIZRg==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=249977649
+ @tauri-apps/plugin-cli@2.4.0
</code></pre>
<!-- raw HTML omitted -->
<h2>cli v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/opener-v2.2.7...fs-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-shell` from 2.2.1 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-shell's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.1...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-runtime` from 2.6.0 to 2.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-runtime's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.7.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.4)
Adding cargo_metadata v0.19.2 (available: v0.20.0)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.2)
Adding elf v0.7.4 (available: v0.8.0)
Adding getrandom v0.2.16 (available: v0.3.3)
Adding html5ever v0.29.1 (available: v0.32.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding jsonrpsee v0.24.9 (available: v0.25.1)
Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1)
Adding jsonrpsee-core v0.24.9 (available: v0.25.1)
Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1)
Adding minisign v0.7.3 (available: v0.7.9)
Adding muda v0.16.1 (available: v0.17.0)
Adding object v0.36.7 (available: v0.37.1)
Adding oxc_allocator v0.36.0 (available: v0.74.0)
Adding oxc_ast v0.36.0 (available: v0.74.0)
Adding oxc_parser v0.36.0 (available: v0.74.0)
Adding oxc_span v0.36.0 (available: v0.74.0)
Adding phf v0.11.3 (available: v0.12.1)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.1)
Adding rpm v0.16.0 (available: v0.17.0)
Adding schemars v0.8.22 (available: v1.0.1)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding which v7.0.3 (available: v8.0.0)
Adding worker v0.5.0 (available: v0.6.0)
Adding worker-macros v0.5.0 (available: v0.6.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594822aa55"><code>594822a</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13282">#13282</a>)</li>
<li><a
href="e4aa35e083"><code>e4aa35e</code></a>
fix(cli): init tests</li>
<li><a
href="9c16eefa31"><code>9c16eef</code></a>
Update kuchikiki, html5ever, tao, wry, webview2-com (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13629">#13629</a>)</li>
<li><a
href="3242e1c946"><code>3242e1c</code></a>
feat(cli): allow passing Cargo commands to mobile dev/build commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13659">#13659</a>)</li>
<li><a
href="4a880ca697"><code>4a880ca</code></a>
feat(cli): synchronize productName changes with iOS Xcode project (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13658">#13658</a>)</li>
<li><a
href="d1ce9af628"><code>d1ce9af</code></a>
feat(cli): add <code>--config</code> arg to the mobile init cmds, closes
<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13284">#13284</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13660">#13660</a>)</li>
<li><a
href="ec6065fa4a"><code>ec6065f</code></a>
fix(cli): use original identifier to fix mobile options reading (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13625">#13625</a>)</li>
<li><a
href="18b5299952"><code>18b5299</code></a>
docs: where does resource dir resolve to (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13640">#13640</a>)</li>
<li><a
href="eb3f0248c2"><code>eb3f024</code></a>
fix: write default permission words if not empty (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13646">#13646</a>)</li>
<li><a
href="c03cc586e3"><code>c03cc58</code></a>
chore: check generated file on package lock change (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13641">#13641</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-runtime-v2.6.0...tauri-runtime-v2.7.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-utils` from 2.4.0 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-utils's
releases</a>.</em></p>
<blockquote>
<h2>tauri-utils v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.4)
Adding cargo_metadata v0.19.2 (available: v0.20.0)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.2)
Adding elf v0.7.4 (available: v0.8.0)
Adding getrandom v0.2.16 (available: v0.3.3)
Adding html5ever v0.29.1 (available: v0.32.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding jsonrpsee v0.24.9 (available: v0.25.1)
Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1)
Adding jsonrpsee-core v0.24.9 (available: v0.25.1)
Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1)
Adding minisign v0.7.3 (available: v0.7.9)
Adding muda v0.16.1 (available: v0.17.0)
Adding object v0.36.7 (available: v0.37.1)
Adding oxc_allocator v0.36.0 (available: v0.74.0)
Adding oxc_ast v0.36.0 (available: v0.74.0)
Adding oxc_parser v0.36.0 (available: v0.74.0)
Adding oxc_span v0.36.0 (available: v0.74.0)
Adding phf v0.11.3 (available: v0.12.1)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.1)
Adding rpm v0.16.0 (available: v0.17.0)
Adding schemars v0.8.22 (available: v1.0.1)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding which v7.0.3 (available: v8.0.0)
Adding worker v0.5.0 (available: v0.6.0)
Adding worker-macros v0.5.0 (available: v0.6.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594822aa55"><code>594822a</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13282">#13282</a>)</li>
<li><a
href="e4aa35e083"><code>e4aa35e</code></a>
fix(cli): init tests</li>
<li><a
href="9c16eefa31"><code>9c16eef</code></a>
Update kuchikiki, html5ever, tao, wry, webview2-com (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13629">#13629</a>)</li>
<li><a
href="3242e1c946"><code>3242e1c</code></a>
feat(cli): allow passing Cargo commands to mobile dev/build commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13659">#13659</a>)</li>
<li><a
href="4a880ca697"><code>4a880ca</code></a>
feat(cli): synchronize productName changes with iOS Xcode project (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13658">#13658</a>)</li>
<li><a
href="d1ce9af628"><code>d1ce9af</code></a>
feat(cli): add <code>--config</code> arg to the mobile init cmds, closes
<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13284">#13284</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13660">#13660</a>)</li>
<li><a
href="ec6065fa4a"><code>ec6065f</code></a>
fix(cli): use original identifier to fix mobile options reading (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13625">#13625</a>)</li>
<li><a
href="18b5299952"><code>18b5299</code></a>
docs: where does resource dir resolve to (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13640">#13640</a>)</li>
<li><a
href="eb3f0248c2"><code>eb3f024</code></a>
fix: write default permission words if not empty (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13646">#13646</a>)</li>
<li><a
href="c03cc586e3"><code>c03cc58</code></a>
chore: check generated file on package lock change (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13641">#13641</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-utils-v2.4.0...tauri-utils-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
To make our FFI layer between Android and Rust safer, we adopt the
UniFFI tool from Mozilla. UniFFI allows us to create a dedicated crate
(here `client-ffi`) that contains Rust structs annotated with various
attributes. These macros then generate code at compile time that is
built into the shared object. Using a dedicated CLI from the UniFFI
project, we can then generate Kotlin bindings from this shared object.
The primary motivation for this effort is memory safety across the FFI
boundary. Most importantly, we want to ensure that:
- The session pointer is not used after it has been free'd
- Disconnecting the session frees the pointer
- Freeing the session does not happen as part of a callback as that
triggers a cyclic dependency on the Rust side (callbacks are executed on
a runtime and that runtime is dropped as part of dropping the session)
To achieve all of these goals, we move away from callbacks altogether.
UniFFI has great support for async functions. We leverage this support
to expose a `suspend fn` to Android that returns `Event`s. These events
map to the current callback functions. Internally, these events are read
from a channel with a capacity of 1000 events. It is therefore not very
time-critical that the app reads from this channel. `connlib` will
happily continue even if the channel is full. 1000 events should be more
than sufficient though in case the host app cannot immediately process
them. We don't send events very often after all.
This event-based design has major advantages: It allows us to make use
of `AutoCloseable` on the Kotlin side, meaning the `session` pointer is
only ever accessed as part of a `use` block and automatically closed
(and therefore free'd) at the end of the block.
To communicate with the session, we introduce a `TunnelCommand` which
represents all actions that the host app can send to `connlib`. These
are passed through a channel to the `suspend fn` which continuously
listens for events and commands.
Resolves: #9499
Related: #3959
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
The frontend of the GUI client is written in TypeScript and communicates
with the backend via event listeners. Currently, we only have
type-safety within either of those parts of the codebase but not across
it. The payloads of these events are JSON-encoded. Any change to this
interface therefore needs to be applied on either end.
To avoid this, we add `tslink` to the GUI client which generates
TypeScript interfaces from Rust structs. We still check those into Git
into order to make local builds easy (otherwise every dev would have to
set `TSLINK_BUILD=true` on their machine). Our Tauri CI build already
has a check to ensure the Git workspace isn't modified after building so
any changes to these generated files will fail CI.
This adds a bit more type-safety to the codebase and makes refactorings
on the GUI client easier.
Bumps [dirs](https://github.com/soc/dirs-rs) from 5.0.1 to 6.0.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/soc/dirs-rs/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
A mass upgrade of our Rust dependencies. Most crucially, these remove
several duplicated dependencies from our tree.
- The Tauri plugins have been stuck on `windows v0.60` for a while. They
are now updated to use `windows v0.61` which is what the rest of our
dependency tree uses.
- By bumping `axum`, can also bump `reqwest` which reduces a few more
duplicated dependencies.
- By removing `env_logger`, we can get rid of a few dependencies.
In order to harvest some of the fruits of our lobbying efforts upstream,
we bump `moka` to latest `main` whilst they are still preparing the next
release.
This removes several dependencies from our dependency tree & lockfile.
Related: https://github.com/moka-rs/moka/pull/509
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.13.0 to
3.19.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.1</h2>
<ul>
<li>Don't unlink temporary files immediately on Windows (fixes <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>).
Unfortunately, this seemed to corrupt the file object (possibly a
Windows kernel bug) in rare cases and isn't strictly speaking
necessary.</li>
</ul>
<h2>3.19.0</h2>
<ul>
<li>Remove direct dependency on <code>cfg-if</code>. It's still in the
tree, but we didn't really need to use it in this crate.</li>
<li>Add an unstable feature
(<code>unstable-windows-keep-open-tempfile</code>) to test a potential
fix to <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>.</li>
</ul>
<h2>3.18.0</h2>
<ul>
<li>Update <code>rustix</code> to 1.0.0.</li>
<li>Make <code>NamedTempFile::persist_noclobber</code> atomic on Apple
operating systems. It's now atomic on MacOS, Windows, and Linux
(depending on the OS version and filesystem used).</li>
</ul>
<h2>3.17.1</h2>
<ul>
<li>Fix build with <code>windows-sys</code> 0.52. Unfortunately, we have
no CI for older <code>windows-sys</code> versions at the moment...</li>
</ul>
<h2>3.17.0</h2>
<ul>
<li>Make sure to use absolute paths in when creating unnamed temporary
files (avoids a small race in the "immediate unlink" logic)
and in <code>Builder::make_in</code> (when creating temporary files of
arbitrary types).</li>
<li>Prevent a theoretical crash that could (maybe) happen when a
temporary file is created from a drop function run in a TLS destructor.
Nobody has actually reported a case of this happening in practice and I
have been unable to create this scenario in a test.</li>
<li>When reseeding with <code>getrandom</code>, use platform (e.g., CPU)
specific randomness sources where possible.</li>
<li>Clarify some documentation.</li>
<li>Unlink unnamed temporary files on windows <em>immediately</em> when
possible instead of waiting for the handle to be closed. We open files
with "Unix" semantics, so this is generally possible.</li>
</ul>
<h2>3.16.0</h2>
<ul>
<li>Update <code>getrandom</code> to <code>0.3.0</code> (thanks to <a
href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a>).</li>
<li>Allow <code>windows-sys</code> versions <code>0.59.x</code> in
addition to <code>0.59.0</code> (thanks <a
href="https://github.com/ErichDonGubler"><code>@ErichDonGubler</code></a>).</li>
<li>Improved security documentation (thanks to <a
href="https://github.com/n0toose"><code>@n0toose</code></a> for
collaborating with me on this).</li>
</ul>
<h2>3.15.0</h2>
<p>Re-seed the per-thread RNG from system randomness when we repeatedly
fail to create temporary files (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>).
This resolves a potential DoS vector (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>)
while avoiding <code>getrandom</code> in the common case where it's
necessary. The feature is optional but enabled by default via the
<code>getrandom</code> feature.</p>
<p>For libc-free builds, you'll either need to disable this feature or
opt-in to a different <a
href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code>
backend</a>.</p>
<h2>3.14.0</h2>
<ul>
<li>Make the wasip2 target work (requires tempfile's "nightly"
feature to be enabled). <a
href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li>
<li>Allow older windows-sys versions <a
href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95540ed3fc"><code>95540ed</code></a>
chore: release v3.19.1</li>
<li><a
href="b60aae49c1"><code>b60aae4</code></a>
fix(windows): don't automatically delete files on open (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/344">#344</a>)</li>
<li><a
href="167f544abe"><code>167f544</code></a>
ci(cargo-deny): remove windows-sys exception (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/343">#343</a>)</li>
<li><a
href="42fff6813d"><code>42fff68</code></a>
chore: release v3.19.0</li>
<li><a
href="61b4283c20"><code>61b4283</code></a>
feat(windows): add a feature to immediate tempfile deletion (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/340">#340</a>)</li>
<li><a
href="c2d16b3bc3"><code>c2d16b3</code></a>
ci: downgrade once-cell on old rustc versions (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/342">#342</a>)</li>
<li><a
href="35c204d7c2"><code>35c204d</code></a>
chore: remove cfg-if dependency (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/338">#338</a>)</li>
<li><a
href="b8bddaf0cf"><code>b8bddaf</code></a>
release 3.18.0</li>
<li><a
href="0e17869470"><code>0e17869</code></a>
update rustix (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/336">#336</a>)</li>
<li><a
href="6cf65365a4"><code>6cf6536</code></a>
doc: fix markdown</li>
<li>Additional commits viewable in <a
href="https://github.com/Stebalien/tempfile/compare/v3.13.0...v3.19.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps the tauri group with 2 updates in the /rust directory:
[tauri](https://github.com/tauri-apps/tauri) and
[tauri-winrt-notification](https://github.com/tauri-apps/winrt-notification).
Updates `tauri` from 2.4.1 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.1)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.30.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.61.0)
Adding oxc_ast v0.36.0 (available: v0.61.0)
Adding oxc_parser v0.36.0 (available: v0.61.0)
Adding oxc_span v0.36.0 (available: v0.61.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding webview2-com v0.36.0 (available: v0.37.0)
Adding windows v0.60.0 (available: v0.61.1)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 742 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.50.5
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.4.1...tauri-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-build` from 2.1.1 to 2.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-build's
releases</a>.</em></p>
<blockquote>
<h2>tauri-build v2.2.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.1.1...tauri-build-v2.2.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-runtime` from 2.5.1 to 2.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-runtime's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.6.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-runtime-v2.5.1...tauri-runtime-v2.6.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-utils` from 2.3.1 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-utils's
releases</a>.</em></p>
<blockquote>
<h2>tauri-utils v2.4.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-utils-v2.3.1...tauri-utils-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-winrt-notification` from 0.7.1 to 0.7.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/releases">tauri-winrt-notification's
releases</a>.</em></p>
<blockquote>
<h2>tauri-winrt-notification v0.7.2</h2>
<p>Updating crates.io index
Locking 20 packages to latest compatible versions</p>
<!-- raw HTML omitted -->
<pre><code>Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 751 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (21 crate dependencies)
</code></pre>
<!-- raw HTML omitted -->
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
Packaging tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
Updating crates.io index
Packaged 33 files, 100.8KiB (45.7KiB compressed)
Uploading tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
Uploaded tauri-winrt-notification v0.7.2 to registry `crates-io`
note: waiting for `tauri-winrt-notification v0.7.2` to be available at
registry `crates-io`.
You may press ctrl-c to skip waiting; the crate should be available
shortly.
Published tauri-winrt-notification v0.7.2 at registry `crates-io`
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/blob/dev/CHANGELOG.md">tauri-winrt-notification's
changelog</a>.</em></p>
<blockquote>
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1cbe2d98ec"><code>1cbe2d9</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/48">#48</a>)</li>
<li><a
href="b835cab9e6"><code>b835cab</code></a>
ci: Update action dependencies</li>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
chore(deps): update rust crate windows to 0.61 (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/46">#46</a>)</li>
<li><a
href="2893beae07"><code>2893bea</code></a>
ci: Create renovate.json</li>
<li><a
href="f25d9114a1"><code>f25d911</code></a>
ci: Delete renovate.json</li>
<li><a
href="daeb2631ab"><code>daeb263</code></a>
chore: Add <code>unpackaged-app</code> example (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/45">#45</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/winrt-notification/compare/tauri-winrt-notification-v0.7.1...tauri-winrt-notification-v0.7.2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
We no longer have multiple versions of `tauri-winrt-notification` in our
dependency tree and can therefore remove this exclusion rule.
To ensure that we don't forget to update these in the future, we now
deny the `unnecessary-skip` lint that warns us when we have one of those
entries.
Perf events are designed to be an extremely efficient way of
transferring data from an eBPF kernel to the user-space program. In
order to monitor, how much traffic we are actually relaying via eBPF, we
introduce a dedicated `STATS` map that is a `PerfEventArray`.
The events from that array are read asynchronously in user-space and fed
into our OTEL metrics. They will show up in our Google Cloud metrics as
`data_relayed_ebpf_bytes`. We already have a metric for the total
relayed bytes. That counter is renamed to `data_relayed_userspace_bytes`
so we can clearly differentiate the two.
Dependabot appears to have a hard time to bump the Tauri dependencies in
a group together. Additionally, our dependency linter `cargo deny`
disallows duplicate dependencies by default. To avoid introducing more
duplicate dependencies, we depend on the upstream `main` branch of two
projects that have already updated their dependencies but did not yet
cut a release.
Bumps the tauri group in /rust with 1 update:
[tauri](https://github.com/tauri-apps/tauri).
Updates `tauri` from 2.2.3 to 2.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-cli v2.2.5</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
Locking 1053 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.1)
Adding colored v2.2.0 (available: v3.0.0)
Adding dirs v5.0.1 (available: v6.0.0)
Adding html5ever v0.26.0 (available: v0.29.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.47.0)
Adding oxc_ast v0.36.0 (available: v0.47.0)
Adding oxc_parser v0.36.0 (available: v0.47.0)
Adding oxc_span v0.36.0 (available: v0.47.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding webview2-com v0.34.0 (available: v0.35.0)
Adding windows v0.58.0 (available: v0.59.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 724 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1078 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.48.1
│ └── tauri-runtime-wry 2.3.0
│ └── tauri 2.2.3
│ ├── tauri-plugin-sample 0.1.0
│ │ └── api 0.1.0
│ ├── tauri-plugin-log 2.2.0
│ │ └── api 0.1.0
│ ├── tauri-file-associations-demo 0.1.0
│ ├── tauri 2.2.3
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5a3647bdfe"><code>5a3647b</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12515">#12515</a>)</li>
<li><a
href="477e9c0496"><code>477e9c0</code></a>
fix(core): Use safe_block_on in mobile proxy (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12514">#12514</a>)</li>
<li><a
href="82d634f4a9"><code>82d634f</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12512">#12512</a>)</li>
<li><a
href="8e9134c4a2"><code>8e9134c</code></a>
fix(cli): Apply --bins flag on build instead of dev (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12511">#12511</a>)</li>
<li><a
href="dc1997b77d"><code>dc1997b</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12439">#12439</a>)</li>
<li><a
href="1a86974aa3"><code>1a86974</code></a>
fix(cli): let xcode handle building for <code>ios build --open</code>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12406">#12406</a>)</li>
<li><a
href="fb294af8e3"><code>fb294af</code></a>
fix(tauri-driver): Parse ms:edgeOptions separately (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12383">#12383</a>)</li>
<li><a
href="46c7b16111"><code>46c7b16</code></a>
ci(renovate): Disable oxc_ PRs</li>
<li><a
href="9dac2863af"><code>9dac286</code></a>
fix(bundler): Don't self-sign dmg (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12323">#12323</a>)</li>
<li><a
href="9a9d1205b0"><code>9a9d120</code></a>
chore(deps): update dependency rollup to v4.32.0 (dev) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12502">#12502</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.2.3...tauri-v2.2.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Firezone's authentication scheme uses deep-links to transfer the secret
token via the login-flow using the browser to the application. Such a
deep-link can be opened multiple times, even if we are already signed
in. In such a case, and in any other where we don't have a pending
sign-in request, we currently generate an error.
This is unnecessary as we can simply discard the token received from the
deep-link.
Rust 1.83 comes with a bunch of new lints for elidible lifetimes. Those
also trigger in the generated code of `derivative`. That crate is
actually unmaintained so we replace our usages of it with `derive_more`.
We ignore some advisories of unmaintained crates flagged by `cargo
deny`. As long as the crates work for us, there is not much reason to
directly remove them, especially if it requires upstream effort. We will
get rid of these as they cause problems.
To avoid having to look up what they correspond to, we add a comment to
each line.
One of Rust's promises is "if it compiles, it works". However, there are
certain situations in which this isn't true. In particular, when using
dynamic typing patterns where trait objects are downcast to concrete
types, having two versions of the same dependency can silently break
things.
This happened in #7379 where I forgot to patch a certain Sentry
dependency. A similar problem exists with our `tracing-stackdriver`
dependency (see #7241).
Lastly, duplicate dependencies increase the compile-times of a project,
so we should aim for having as few duplicate versions of a particular
dependency as possible in our dependency graph.
This PR introduces `cargo deny`, a linter for Rust dependencies. In
addition to linting for duplicate dependencies, it also enforces that
all dependencies are compatible with an allow-list of licenses and it
warns when a dependency is referred to from multiple crates without
introducing a workspace dependency. Thanks to existing tooling
(https://github.com/mainmatter/cargo-autoinherit), transitioning all
dependencies to workspace dependencies was quite easy.
Resolves: #7241.
Thomas Eizinger