Apply Version Updates From Current Changes (v1)

[github-actions]

Version Updates

Merging this PR will release new versions of the following packages based on your change files.

tauri-utils

[1.6.1]

New Features

• 0aa0378 (feat(cli): add macos hardened runtime signing config option (#9318) #10199 by @FabianLars) Added a configuration option to disable hardened runtime on macOS codesign.

Enhancements

• 220bf92 (fix(core/updater): pass /NS to nsis installer to disable creating shortcuts on updates #9413 by @amrbashir) Added /NS flag in the return of WindowsUpdateInstallMode::nsis_args.

Dependencies

• 48a7415 (chore(deps): update serialize-to-javascript to 0.1.2 #10594 by @lucasfernog) Update serialize-to-javascript to v0.1.2.

tauri-bundler

[1.6.1]

New Features

• 0aa0378 (feat(cli): add macos hardened runtime signing config option (#9318) #10199 by @FabianLars) Added a configuration option to disable hardened runtime on macOS codesign.

Bug Fixes

• 297cd55 (fix: Fix bundler&cli MSRV #10499 by @github-actions) Changed the MSRV in Cargo.toml for tauri-bundler and tauri-cli to 1.71. The crates effectively required 1.70/1.71 to build for a while already.
• 1c2ff81 (fix(bundler): update nsis_tauri_utils to 0.4.1 #10183 by @amrbashir) Fix NSIS installer failing to launch apps that contain spaces after installation.

Dependencies

• Upgraded to [email protected]

tauri-runtime

[0.14.5]

What's Changed

• fbcbc5e (chore: emit rustc-check-cfg for rust 1.80 #10392 by @github-actions) Emit cargo:rustc-check-cfg instruction so Cargo validates custom cfg attributes on Rust 1.80 (or nightly-2024-05-05).

Dependencies

• Upgraded to [email protected]

tauri-runtime-wry

[0.14.10]

Bug Fixes

• c3a90e5 (fix(tauri-runtime-wry): ensure tray is created when event loop ready #10611 by @lucasfernog) Ensure system tray is created when the event loop is ready. Menu item modifications are not applied unless it is ready.
• 937849f (refactor(tauri-runtime-wry): Arc instead of Rc, closes #9775 #10587 by @lucasfernog) Use Arc instead of Rc on global shortcut and tray types to prevent crashes on macOS.

What's Changed

• fbcbc5e (chore: emit rustc-check-cfg for rust 1.80 #10392 by @github-actions) Emit cargo:rustc-check-cfg instruction so Cargo validates custom cfg attributes on Rust 1.80 (or nightly-2024-05-05).

Dependencies

• Upgraded to [email protected]
• Upgraded to [email protected]

tauri-codegen

[1.4.5]

Enhancements

• 67b7ca6 (feat(core): fallback to file system for AssetResolver::get, closes #8411 #10356 by @github-actions) Enhance AssetResolver::get in development mode by reading distDir directly as a fallback to the embedded assets.

Bug Fixes

• a394622 (fix(core): usage without the compression feature #10433 by @github-actions) Fixes asset resolving when not using the compression feature.

Dependencies

• Upgraded to [email protected]

tauri-macros

[1.4.6]

Dependencies

• Upgraded to [email protected]
• Upgraded to [email protected]

tauri-build

[1.5.4]

What's Changed

• fbcbc5e (chore: emit rustc-check-cfg for rust 1.80 #10392 by @github-actions) Emit cargo:rustc-check-cfg instruction so Cargo validates custom cfg attributes on Rust 1.80 (or nightly-2024-05-05).

Dependencies

• Upgraded to [email protected]
• Upgraded to [email protected]

tauri

[1.7.2]

Enhancements

• 67b7ca6 (feat(core): fallback to file system for AssetResolver::get, closes #8411 #10356 by @github-actions) Enhance AssetResolver::get in development mode by reading distDir directly as a fallback to the embedded assets.
• 51d0432 (integration tests related to recent security advisory #9983 by @chippers) tracing for ipc invoke key errors, integration tests related
  to recent security advisory

Bug Fixes

• eb58ac3 (fix(core): Return early in core.js if it's inside an iframe #10300 by @github-actions) Fixed an issue causing native apis such as window.alert to break inside iframes on Windows.
• 56ffd29 (fix(core/windows): Remove UNC prefix from tempdir fn #10288 by @github-actions) Fixed a regression that added the \\?\ UNC prefix to the path returned from the tempdir() command.
• a394622 (fix(core): usage without the compression feature #10433 by @github-actions) Fixes asset resolving when not using the compression feature.
• 220bf92 (fix(core/updater): pass /NS to nsis installer to disable creating shortcuts on updates #9413 by @amrbashir) Fix NSIS updater creating new shortcuts on update.

What's Changed

• fbcbc5e (chore: emit rustc-check-cfg for rust 1.80 #10392 by @github-actions) Emit cargo:rustc-check-cfg instruction so Cargo validates custom cfg attributes on Rust 1.80 (or nightly-2024-05-05).

Dependencies

• Upgraded to [email protected]
• Upgraded to [email protected]
• Upgraded to [email protected]
• Upgraded to [email protected]
• 48a7415 (chore(deps): update serialize-to-javascript to 0.1.2 #10594 by @lucasfernog) Update serialize-to-javascript to v0.1.2.

@tauri-apps/cli

[1.6.1]

New Features

• 0aa0378 (feat(cli): add macos hardened runtime signing config option (#9318) #10199 by @FabianLars) Added a configuration option to disable hardened runtime on macOS codesign.

Bug Fixes

• 212001c (fix(cli): parse cargo--target-dir flag #10233 by @github-actions) Fix cli failing to rename application when using cargo --target-dir flag with tauri build or tauri dev

Dependencies

• Upgraded to [email protected]

tauri-cli

[1.6.1]

New Features

• 0aa0378 (feat(cli): add macos hardened runtime signing config option (#9318) #10199 by @FabianLars) Added a configuration option to disable hardened runtime on macOS codesign.

Bug Fixes

• 297cd55 (fix: Fix bundler&cli MSRV #10499 by @github-actions) Changed the MSRV in Cargo.toml for tauri-bundler and tauri-cli to 1.71. The crates effectively required 1.70/1.71 to build for a while already.
• 212001c (fix(cli): parse cargo--target-dir flag #10233 by @github-actions) Fix cli failing to rename application when using cargo --target-dir flag with tauri build or tauri dev

Dependencies

• Upgraded to [email protected]
• Upgraded to [email protected]

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/[email protected]	Install script: postinstall Source: echo "[svelte-preprocess] Don't forget to install the preprocessors packages that will be used: node-sass/sass, stylus, less, postcss & postcss-load-config, coffeescript, pug, etc..."	examples/web/package.json examples/web/yarn.lock	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[github-actions]

Package Changes Through 4e13463

No changes.

Add a change file through the GitHub UI by following this link.

---

Read about change files or the docs at github.com/jbolda/covector

[socket-security]

Report too large to display inline

View full report↗︎