Skip to content

Apply Version Updates From Current Changes #9279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 2, 2024
Merged

Apply Version Updates From Current Changes #9279

merged 3 commits into from
Apr 2, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Mar 26, 2024
edited by lucasfernog
Loading

Version Updates

Merging this PR will release new versions of the following packages based on your change files.

@tauri-apps/api

[2.0.0-beta.7]

Bug Fixes

  • c33f6e6cf(#9211) Re-added the TauriEvent.WINDOW_CREATED (tauri://window-created) event.

Breaking Changes

  • 06833f4fa(#9100) Rename FileDrop to DragDrop on structs, enums and enum variants. Also renamed file_drop to drag_drop on fields and function names.

tauri-utils

[2.0.0-beta.11]

New Features

  • 259d84529(#9209) Added preInstallScript, postInstallScript, preRemoveScript and postRemoveScript options for bundler > deb and bundler > rpm configs.

Enhancements

  • 7c334cb18(#9327) Make the isolation pattern encrypt key unextractable.
  • a804a70a7(#9328) The isolation iframe script now removes itself after execution.

Breaking Changes

  • 06833f4fa(#9100) Rename FileDrop to DragDrop on structs, enums and enum variants. Also renamed file_drop to drag_drop on fields and function names.

tauri-bundler

[2.0.1-beta.8]

New Features

  • 259d84529(#9209) Add suport for include preinstall, postinstall, preremove and postremove scripts into Debian and RPM packages.

Dependencies

tauri-runtime

[2.0.0-beta.11]

What's Changed

Dependencies

Breaking Changes

  • 06833f4fa(#9100) The IPC handler closure now receives a http::Request instead of a String representing the request body.
  • 06833f4fa(#9100) Rename FileDrop to DragDrop on structs, enums and enum variants. Also renamed file_drop to drag_drop on fields and function names.
  • 06833f4fa(#9100) Moved window::dpi module to the root of the crate.

tauri-runtime-wry

[2.0.0-beta.11]

Bug Fixes

What's Changed

Dependencies

Breaking Changes

  • 06833f4fa(#9100) The IPC handler closure now receives a http::Request instead of a String representing the request body.
  • 06833f4fa(#9100) Rename FileDrop to DragDrop on structs, enums and enum variants. Also renamed file_drop to drag_drop on fields and function names.

tauri-codegen

[2.0.0-beta.11]

Dependencies

tauri-macros

[2.0.0-beta.11]

Dependencies

tauri-plugin

[2.0.0-beta.11]

Dependencies

tauri-build

[2.0.0-beta.11]

Dependencies

tauri

[2.0.0-beta.14]

New Features

Enhancements

  • 06833f4fa(#9100) Enhance the IPC URL check by using the Origin header on the custom protocol IPC and the new request URI field on the postMessage IPC instead of using Webview::url() which only returns the URL of the main frame and is not suitable for iframes (iframe URL fetch is still not supported on Android and on Linux when using the postMessage IPC).

Bug Fixes

  • c33f6e6cf(#9211) Fixed an issue preventing webview/window creation events to not be emitted. This also fixed the getByLabel and getAll JavaScript functions.

What's Changed

Dependencies

Breaking Changes

  • 06833f4fa(#9100) Rename FileDrop to DragDrop on structs, enums and enum variants. Also renamed file_drop to drag_drop on fields and function names.

  • 284eca9ef(#9272) Manager::resources_table is now scoped so each App/AppHandle/Window/Webview/WebviewWindow has its own resource collection.

  • 06833f4fa(#9100) Refactored the tray icon event struct:

    • Changed TrayIconEvent.icon_rect type to use the new tauri::Rect type.
    • Removed TrayIconEvent.x and TrayIconEvent.y fields and combined them into TrayIconEvent.position field.
    • Removed tauri::tray::Rectangle struct.

@tauri-apps/cli

[2.0.0-beta.12]

New Features

Dependencies

tauri-cli

[2.0.0-beta.12]

New Features

Enhancements

  • 6703b7cbc(#9310) Use $CARGO_MANIFEST_DIR when including templates at build-time.

Dependencies

@github-actions github-actions bot requested a review from a team as a code owner March 26, 2024 14:58
@github-actions github-actions bot force-pushed the release/version-updates branch 2 times, most recently from 5fffd4a to 9b52706 Compare March 28, 2024 03:31
@socket-security Socket Security
Copy link

socket-security bot commented Mar 28, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@sveltejs/[email protected] environment, eval, filesystem, unsafe +3 758 kB svelte-admin
npm/[email protected] Transitive: environment, shell +14 267 kB sindresorhus
npm/[email protected] None +1 44.8 kB lukeed
npm/[email protected] None 0 31.8 kB rich_harris
npm/[email protected] Transitive: environment +4 4.59 MB svelte-language-tools-deploy
npm/[email protected] environment, filesystem Transitive: eval +17 4.98 MB dummdidumm
npm/[email protected] None 0 8.93 MB conduitry
npm/[email protected] None 0 10.6 MB conduitry
npm/[email protected] None 0 52.8 kB typescript-bot
npm/[email protected] None 0 68.8 MB typescript-bot
npm/[email protected] environment, filesystem +4 160 kB sapphi-red
npm/[email protected] unsafe Transitive: environment, filesystem, shell +11 677 MB menci
npm/[email protected] filesystem, network 0 16.2 kB menci
npm/[email protected] environment, eval, filesystem, network, shell, unsafe +26 196 MB vitebot
npm/[email protected] environment, eval, filesystem, network, shell, unsafe +10 10.6 MB vitebot

🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@types/[email protected], npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Mar 28, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: echo "[svelte-preprocess] Don't forget to install the preprocessors packages that will be used: node-sass/sass, stylus, less, postcss & postcss-load-config, coffeescript, pug, etc..."

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@github-actions github-actions bot force-pushed the release/version-updates branch 8 times, most recently from 755fd39 to 477e76c Compare April 2, 2024 17:56
@lucasfernog lucasfernog force-pushed the release/version-updates branch from 477e76c to f780364 Compare April 2, 2024 18:02
@lucasfernog lucasfernog merged commit 1a58cdf into dev Apr 2, 2024
33 of 34 checks passed
@lucasfernog lucasfernog deleted the release/version-updates branch April 2, 2024 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucasfernog lucasfernog lucasfernog approved these changes

Assignees
No one assigned
Labels
version updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lucasfernog