Skip to content

deps: update dependencies and document glib vulnerability #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SuperKali merged 1 commit into from
Jan 22, 2026
Merged

deps: update dependencies and document glib vulnerability #88

SuperKali merged 1 commit into from
Jan 22, 2026

Conversation

@SuperKali
Copy link
Member

@SuperKali SuperKali commented Jan 21, 2026

Summary

  • Update 79 Rust dependencies to latest compatible versions
  • Document security tracking for transitive glib vulnerability in Cargo.toml
  • All quality checks pass: cargo check ✅, clippy ✅, fmt ✅

Dependency Updates

Key updates include:

  • Tauri plugins: tauri-plugin-dialog 2.4.2 → 2.6.0, tauri-plugin-shell 2.3.3 → 2.3.4, tauri-plugin-store 2.4.1 → 2.4.2
  • Core runtime: tokio 1.48.0 → 1.49.0, reqwest 0.12.24 → 0.12.28
  • Compression: lzma-rust2 0.15.4 → 0.15.7, flate2 1.1.5 → 1.1.8
  • Utilities: chrono 0.4.42 → 0.4.43, serde_json 1.0.145 → 1.0.149

Security Note

Added documentation for GHSA-wrw7-89jp-8q8g (glib 0.18.5 NULL pointer dereference).

Current status:

  • glib 0.18.5 remains in use as it's a transitive dependency: tauri → wry → gtk → glib
  • This application does NOT use glib directly
  • Fix must come from upstream
  • Only affects Linux builds (macOS/Windows use different webview backends)

Testing

  • cargo check - no compilation errors
  • cargo clippy - no linter warnings
  • cargo fmt --check - code properly formatted

Breaking Changes

None. All updates are backward compatible within SemVer constraints.

@SuperKali
deps: update dependencies and document glib vulnerability
46f900f 
Update 79 packages to latest compatible versions including Tauri plugins,
tokio, reqwest, and other core dependencies. Add security documentation
for GHSA-wrw7-89jp-8qg (glib 0.18.5 NULL pointer dereference).

Note: glib remains at 0.18.5 as it's a transitive dependency via
tauri→wry→gtk. Fix must come from upstream (tauri-apps/tauri#12048).
@github-actions
Copy link

github-actions bot commented Jan 21, 2026

🧪 Test Builds

Version: 0.0.0-pr.88 | PR: #88 | Status: ready for testing

Platform Download
Linux x64 📦 .deb / .AppImage
Windows x64 📦 .exe
macOS ARM64 📦 .dmg
ℹ️ About these builds
  • 🔓 Public downloads via nightly.link (no GitHub login required)
  • ⚠️ Unsigned builds for testing purposes only
  • Expires in 7 days
  • 🔄 Updated on every push to this PR

@github-actions github-actions bot added the status: ready for review Ready to be reviewed label Jan 21, 2026
@SuperKali SuperKali merged commit a507c5d into main Jan 22, 2026
8 checks passed
@SuperKali SuperKali deleted the deps/update-security-track-glib-vuln branch January 22, 2026 06:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: ready for review Ready to be reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SuperKali