Skip to content

chore(deps): update dependencies of tauri-cli#15641

Merged
FabianLars merged 17 commits into
devfrom
deps/tauri-cli
Jul 6, 2026
Merged

chore(deps): update dependencies of tauri-cli#15641
FabianLars merged 17 commits into
devfrom
deps/tauri-cli

Conversation

@FabianLars

@FabianLars FabianLars commented Jul 2, 2026

Copy link
Copy Markdown
Member

Don't want to see 20 renovate PRs :)

Closes #14878

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Package Changes Through 3cfab09

There are 14 changes which include tauri-bundler with minor, tauri-cli with minor, @tauri-apps/cli with minor, tauri-utils with minor, tauri with minor, tauri-build with minor, tauri-macos-sign with minor, tauri-runtime-wry with minor, tauri-runtime with minor, tauri-codegen with minor, tauri-macros with minor, tauri-plugin with minor, tauri-driver with minor, @tauri-apps/api with minor

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package current next
@tauri-apps/api 2.11.1 2.12.0
tauri-utils 2.9.3 2.10.0
tauri-macos-sign 2.3.4 2.4.0
tauri-bundler 2.9.4 2.10.0
tauri-runtime 2.11.3 2.12.0
tauri-runtime-wry 2.11.4 2.12.0
tauri-codegen 2.6.3 2.7.0
tauri-macros 2.6.3 2.7.0
tauri-plugin 2.6.3 2.7.0
tauri-build 2.6.3 2.7.0
tauri 2.11.5 2.12.0
@tauri-apps/cli 2.11.4 2.12.0
tauri-cli 2.11.4 2.12.0
tauri-driver 2.0.6 2.1.0

Add another change file through the GitHub UI by following this link.


Read about change files or the docs at github.com/jbolda/covector

@FabianLars FabianLars marked this pull request as ready for review July 2, 2026 19:25
@FabianLars FabianLars requested a review from a team as a code owner July 2, 2026 19:25
Comment thread crates/tauri-macos-sign/Cargo.toml
Comment thread crates/tauri-bundler/Cargo.toml Outdated
Comment thread crates/tauri-cli/Cargo.toml Outdated
Legend-Master
Legend-Master previously approved these changes Jul 6, 2026
zip = { version = "4", default-features = false, features = ["deflate"] }
sha1 = "0.11"
sha2 = "0.11"
zip = { version = "8", default-features = false, features = ["deflate"] }

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is technically also a breaking change... But honestly I don't care any of those small breakages in tauri-bundler at this point

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we have so much shit in the public api... but yeah don't care about the bundler anymore either. want me to re-add goblin (or merge your pr) while we're at it?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This crate never really had stable APIs... Like we regularly add in new fields to public types 😂 Maybe add a stability note and remove goblin?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good. 2.12 is a special version anyway, might as well abuse it a bit.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh damn, i never really thought about but every struct change we ever did was breaking lol

Legend-Master
Legend-Master previously approved these changes Jul 6, 2026

@Legend-Master Legend-Master left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer we add a change file for tauri-bundler since there're breaking changes, otherwise looks good to me

@socket-security

socket-security Bot commented Jul 6, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: cargo zune-jpeg is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?cargo/resvg@0.47.0cargo/image@0.25.10cargo/zune-jpeg@0.5.15

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/zune-jpeg@0.5.15. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@Legend-Master

Copy link
Copy Markdown
Contributor

Obfuscated code: cargo zune-jpeg is 90.0% likely obfuscated
https://socket.dev/cargo/package/zune-jpeg/files/0.5.15/zune-jpeg-0.5.15/src/idct.rs

Like how?

@FabianLars

FabianLars commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

I think it's the tests? idk i don't see the issue either

@FabianLars FabianLars merged commit 7632efd into dev Jul 6, 2026
29 checks passed
@FabianLars FabianLars deleted the deps/tauri-cli branch July 6, 2026 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants