Update dependency @tauri-apps/cli to v1.5.6 [SECURITY] - autoclosed

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tauri-apps/cli	1.2.3 -> 1.5.6

GitHub Vulnerability Alerts

CVE-2023-46115

Impact

This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration.

The Tauri documentation used an insecure example configuration in the Vite guide to showcase how to use Tauri together with Vite.

Copying the following snippet envPrefix: ['VITE_', 'TAURI_'], from this guide into the vite.config.ts of a Tauri project possibly leads to bundling the TAURI_PRIVATE_KEY and TAURI_KEY_PASSWORD into the Vite frontend code and therefore leaking this value to the debug built of a Tauri application.

The value is automatically bundled into debug builds but for production builds it is not embedded, as long as it is not directly referenced in the frontend code. Vite statically replaces these values in production builds. This reduces the amount of affected applications to a very small amount of affected applications.

To verify if you are affected you can search for the private key value or the TAURI_PRIVATE_KEY variable inside the release build frontend assets (dist/).

Example: grep -r "TAURI_PRIVATE_KEY" dist/

Using only the envPrefix: ['VITE_'], or any other framework than Vite means you are not impacted by this advisory.

Patches

The documentation has been patched but as the root cause is not in Tauri itself the issue is not fixed by updating Tauri. The vite.config.ts configuration of the project needs to be adapted.

We recommend rotating your updater private key if you are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with tauri signer generate, saving the new private key and updating the updater's pubkey value on tauri.conf.json with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.

Workarounds

The envPrefix: ['VITE_'],should be used and the desired TAURI variables manually added. Respective these variables could be added TAURI_PLATFORM, TAURI_ARCH, TAURI_FAMILY, TAURI_PLATFORM_VERSION, TAURI_PLATFORM_TYPE and TAURI_DEBUG without leaking sensitive information.

We urge affected users to implement the workaround as the 1.x branch will not receive a general prevention fix as it would break systems.

References

The issue was originally disclosed in our discord here. The affected guide is https://tauri.app/v1/guides/getting-started/setup/vite/.

Update: We lowered the severity from high to low, as the likelihood of impact was found to only affect a very limited amount of applications.

Update2: We changed the affected versions to make clear that after 2.0.0-alpha.16 or 1.5.6 the potentially vulnerable recommendation was no longer visible on our website and should not affect projects by default. A lot of users were confused and we believe this advisory reached the necessary user base.

---

Release Notes

tauri-apps/tauri (@​tauri-apps/cli)

### [`v1.5.6`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/api-v1.5.6): @​tauri-apps/api v1.5.6 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.5...@tauri-apps/cli-v1.5.6)

Yarn Audit

yarn audit v1.22.22 info No lockfile found. 0 vulnerabilities found - Packages audited: 146 Done in 1.64s.

#### \[1.5.6] ##### Bug Fixes - [`3b69c1384`](https://www.github.com/tauri-apps/tauri/commit/3b69c1384bd089ad5dcff0c1b12fbfadeb585c6a)([#​9792](https://www.togithub.com/tauri-apps/tauri/pull/9792)) Revert [#​9706](https://togithub.com/tauri-apps/tauri/pull/9706) which broke compatability between `tauri` crate and the JS `@tauri-apps/api` npm package in a patch release where it should've been in a minor release.

Yarn Publish

yarn run v1.22.22 $ yarn build && cd ./dist && yarn publish --access public --loglevel silly $ rollup -c --configPlugin typescript  ./src/app.ts, ./src/cli.ts, ./src/clipboard.ts, ./src/dialog.ts, ./src/event.ts, ./src/fs.ts, ./src/globalShortcut.ts, ./src/http.ts, ./src/index.ts, ./src/mocks.ts, ./src/notification.ts, ./src/os.ts, ./src/path.ts, ./src/process.ts, ./src/shell.ts, ./src/tauri.ts, ./src/updater.ts, ./src/window.ts → ./dist, ./dist... created ./dist, ./dist in 1.4s  src/index.ts → ../../core/tauri/scripts/bundle.global.js... created ../../core/tauri/scripts/bundle.global.js in 1.7s [1/4] Bumping version... info Current version: 1.5.6 [2/4] Logging in... [3/4] Publishing... success Published. [4/4] Revoking token... info Not revoking login token, specified via config file. Done in 8.11s.

### [`v1.5.5`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/api-v1.5.5): @​tauri-apps/api v1.5.5 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.4...@tauri-apps/cli-v1.5.5)

Yarn Audit

yarn audit v1.22.22 info No lockfile found. 0 vulnerabilities found - Packages audited: 146 Done in 1.84s.

#### \[1.5.5] ##### Enhancements - [`7f885bd5e`](https://www.github.com/tauri-apps/tauri/commit/7f885bd5edf3e179ddf0b674c3ea7a96e26ce39e)([#​9706](https://www.togithub.com/tauri-apps/tauri/pull/9706)) Enhance the speed of The JS `Command.execute` API from `shell` module. ##### Bug Fixes - [`7f885bd5e`](https://www.github.com/tauri-apps/tauri/commit/7f885bd5edf3e179ddf0b674c3ea7a96e26ce39e)([#​9706](https://www.togithub.com/tauri-apps/tauri/pull/9706)) Fix The JS `Command.execute` API from `shell` module including extra new lines.

Yarn Publish

yarn run v1.22.22 $ yarn build && cd ./dist && yarn publish --access public --loglevel silly $ rollup -c --configPlugin typescript  ./src/app.ts, ./src/cli.ts, ./src/clipboard.ts, ./src/dialog.ts, ./src/event.ts, ./src/fs.ts, ./src/globalShortcut.ts, ./src/http.ts, ./src/index.ts, ./src/mocks.ts, ./src/notification.ts, ./src/os.ts, ./src/path.ts, ./src/process.ts, ./src/shell.ts, ./src/tauri.ts, ./src/updater.ts, ./src/window.ts → ./dist, ./dist... created ./dist, ./dist in 1.3s  src/index.ts → ../../core/tauri/scripts/bundle.global.js... created ../../core/tauri/scripts/bundle.global.js in 1.6s [1/4] Bumping version... info Current version: 1.5.5 [2/4] Logging in... [3/4] Publishing... success Published. [4/4] Revoking token... info Not revoking login token, specified via config file. Done in 8.46s.

### [`v1.5.4`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/api-v1.5.4): @​tauri-apps/api v1.5.4 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.2...@tauri-apps/cli-v1.5.4)

Yarn Audit

yarn audit v1.22.22 info No lockfile found. 0 vulnerabilities found - Packages audited: 148 Done in 1.53s.

#### \[1.5.4] ##### Bug Fixes - [`e3b6d38d2`](https://www.github.com/tauri-apps/tauri/commit/e3b6d38d26d27b292f98d6c0e8603a15265a5b43)([#​9166](https://www.togithub.com/tauri-apps/tauri/pull/9166)) Fix `basename(path, 'ext')` JS API when removing all occurances of `ext` where it should only remove the last one. - [`705da977a`](https://www.github.com/tauri-apps/tauri/commit/705da977a9c941a4b2d90219b34925498f507ab2)([#​9529](https://www.togithub.com/tauri-apps/tauri/pull/9529)) Do not use JS optional chaining to prevent script errors on older webviews such as macOS 10.14.

Yarn Publish

yarn run v1.22.22 $ yarn build && cd ./dist && yarn publish --access public --loglevel silly $ rollup -c --configPlugin typescript  ./src/app.ts, ./src/cli.ts, ./src/clipboard.ts, ./src/dialog.ts, ./src/event.ts, ./src/fs.ts, ./src/globalShortcut.ts, ./src/http.ts, ./src/index.ts, ./src/mocks.ts, ./src/notification.ts, ./src/os.ts, ./src/path.ts, ./src/process.ts, ./src/shell.ts, ./src/tauri.ts, ./src/updater.ts, ./src/window.ts → ./dist, ./dist... created ./dist, ./dist in 1.6s  src/index.ts → ../../core/tauri/scripts/bundle.global.js... created ../../core/tauri/scripts/bundle.global.js in 1.8s [1/4] Bumping version... info Current version: 1.5.4 [2/4] Logging in... [3/4] Publishing... success Published. [4/4] Revoking token... info Not revoking login token, specified via config file. Done in 9.52s.

### [`v1.5.2`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/api-v1.5.2): @​tauri-apps/api v1.5.2 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.1...@tauri-apps/cli-v1.5.2)

Yarn Audit

yarn audit v1.22.21 info No lockfile found. 0 vulnerabilities found - Packages audited: 148 Done in 2.28s.

#### \[1.5.2] ##### Bug Fixes - [`50462702`](https://www.github.com/tauri-apps/tauri/commit/504627027303ef5a0e855aab2abea64c6964223b)([#​8267](https://www.togithub.com/tauri-apps/tauri/pull/8267)) Add top-level `main`, `module` and `types` fields in `package.json` to be compliant with typescripts's `"moduleResolution": "node"` - [`14544e4b`](https://www.github.com/tauri-apps/tauri/commit/14544e4b87269c06c89fed3647d80f492e0a1d34)([#​8219](https://www.togithub.com/tauri-apps/tauri/pull/8219)) Avoid crashing in `clearMocks`

Yarn Publish

yarn run v1.22.21 $ yarn build && cd ./dist && yarn publish --access public --loglevel silly --tag next $ rollup -c --configPlugin typescript  ./src/app.ts, ./src/cli.ts, ./src/clipboard.ts, ./src/dialog.ts, ./src/event.ts, ./src/fs.ts, ./src/globalShortcut.ts, ./src/http.ts, ./src/index.ts, ./src/mocks.ts, ./src/notification.ts, ./src/os.ts, ./src/path.ts, ./src/process.ts, ./src/shell.ts, ./src/tauri.ts, ./src/updater.ts, ./src/window.ts → ./dist, ./dist... created ./dist, ./dist in 1.6s  src/index.ts → ../../core/tauri/scripts/bundle.global.js... created ../../core/tauri/scripts/bundle.global.js in 1.8s [1/4] Bumping version... info Current version: 1.5.2 [2/4] Logging in... [3/4] Publishing... success Published. [4/4] Revoking token... info Not revoking login token, specified via config file. Done in 8.45s.

### [`v1.5.1`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/cli-v1.5.1): @​tauri-apps/cli v1.5.1 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.0...@tauri-apps/cli-v1.5.1) #### \[1.5.1] ##### Bug Fixes - [`d6eb46cf`](https://www.github.com/tauri-apps/tauri/commit/d6eb46cf1116d147121f6b6db9d390b5e2fb238d)([#​7934](https://www.togithub.com/tauri-apps/tauri/pull/7934)) On macOS, fix the `apple-id` option name when using `notarytools submit`. ##### Dependencies - Upgraded to `tauri-cli@1.5.1` ### [`v1.5.0`](https://togithub.com/tauri-apps/tauri/releases/tag/%40tauri-apps/api-v1.5.0): @​tauri-apps/api v1.5.0 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.4.0...@tauri-apps/cli-v1.5.0)

Yarn Audit

yarn audit v1.22.19 info No lockfile found. 0 vulnerabilities found - Packages audited: 148 Done in 2.63s.

#### \[1.5.0] ##### New Features - [`6c408b73`](https://www.github.com/tauri-apps/tauri/commit/6c408b736c7aa2a0a91f0a40d45a2b7a7dedfe78)([#​7269](https://www.togithub.com/tauri-apps/tauri/pull/7269)) Add option to specify notification sound. ##### Enhancements - [`58d6b899`](https://www.github.com/tauri-apps/tauri/commit/58d6b899e21d37bb42810890d289deb57f2273bd)([#​7636](https://www.togithub.com/tauri-apps/tauri/pull/7636)) Add `append` option to `FsOptions` in the `fs` JS module, used in `writeTextFile` and `writeBinaryFile`, to be able to append to existing files instead of overwriting it. ##### Bug Fixes - [`2eab1505`](https://www.github.com/tauri-apps/tauri/commit/2eab1505632ff71431d4c31c49b5afc78fa5b9dd)([#​7394](https://www.togithub.com/tauri-apps/tauri/pull/7394)) Fix `Body.form` static not reading and sending entries of type `Blob` (including subclasses such as `File`)

Yarn Publish

yarn run v1.22.19 $ yarn build && cd ./dist && yarn publish --access public --loglevel silly $ yarn tsup && node ./scripts/after-build.cjs $ /home/runner/work/tauri/tauri/tooling/api/node_modules/.bin/tsup CLI Building entry: {"bundle":"src/index.ts"} CLI Using tsconfig: tsconfig.json CLI tsup v6.7.0 CLI Using tsup config: /home/runner/work/tauri/tauri/tooling/api/tsup.config.ts CLI Building entry: src/app.ts, src/cli.ts, src/clipboard.ts, src/dialog.ts, src/event.ts, src/fs.ts, src/globalShortcut.ts, src/http.ts, src/index.ts, src/mocks.ts, src/notification.ts, src/os.ts, src/path.ts, src/process.ts, src/shell.ts, src/tauri.ts, src/updater.ts, src/window.ts CLI Using tsconfig: tsconfig.json CLI tsup v6.7.0 CLI Using tsup config: /home/runner/work/tauri/tauri/tooling/api/tsup.config.ts CLI Target: es2020 IIFE Build start CLI Target: es2020 CLI Cleaning output folder ESM Build start CJS Build start IIFE ../../core/tauri/scripts/bundle.global.js 29.82 KB IIFE ⚡️ Build success in 68ms ESM dist/updater.js 216.00 B ESM dist/window.js 479.00 B ESM dist/index.js 940.00 B ESM dist/chunk-Q3NLRNFY.js 922.00 B ESM dist/chunk-O3VGRXBA.js 11.87 KB ESM dist/mocks.js 409.00 B ESM dist/notification.js 202.00 B ESM dist/chunk-GVGSF52N.js 578.00 B ESM dist/os.js 249.00 B ESM dist/chunk-IMQ6WMNM.js 749.00 B ESM dist/path.js 960.00 B ESM dist/chunk-NHNOAMBN.js 3.91 KB ESM dist/chunk-V5J25SYE.js 73.00 B ESM dist/process.js 154.00 B ESM dist/chunk-VMHYR3EJ.js 322.00 B ESM dist/shell.js 186.00 B ESM dist/chunk-FLLON6OW.js 2.47 KB ESM dist/tauri.js 131.00 B ESM dist/app.js 206.00 B ESM dist/chunk-ABEBB25G.js 608.00 B ESM dist/cli.js 144.00 B ESM dist/chunk-LJU7PBE7.js 209.00 B ESM dist/clipboard.js 159.00 B ESM dist/chunk-V3WRXIRX.js 335.00 B ESM dist/dialog.js 191.00 B ESM dist/chunk-5T7M5CMW.js 1.18 KB ESM dist/event.js 202.00 B ESM dist/chunk-5NWA45Z3.js 1.53 KB ESM dist/fs.js 372.00 B ESM dist/chunk-X7QPDZPI.js 2.75 KB ESM dist/globalShortcut.js 220.00 B ESM dist/chunk-B2CR7GBE.js 804.00 B ESM dist/http.js 218.00 B ESM dist/chunk-6MO6VEFR.js 2.48 KB ESM dist/chunk-J2IGCSS2.js 91.00 B ESM dist/chunk-SELMD7YX.js 677.00 B ESM dist/chunk-FEIY7W7S.js 106.00 B ESM ⚡️ Build success in 124ms CJS dist/app.cjs 1.39 KB CJS dist/cli.cjs 1.04 KB CJS dist/clipboard.cjs 1.15 KB CJS dist/dialog.cjs 1.99 KB CJS dist/event.cjs 2.27 KB CJS dist/fs.cjs 3.51 KB CJS dist/globalShortcut.cjs 1.54 KB CJS dist/http.cjs 3.28 KB CJS dist/index.cjs 29.77 KB CJS dist/mocks.cjs 837.00 B CJS dist/notification.cjs 1.38 KB CJS dist/os.cjs 1.53 KB CJS dist/path.cjs 5.13 KB CJS dist/process.cjs 1.13 KB CJS dist/shell.cjs 3.23 KB CJS dist/tauri.cjs 1.03 KB CJS dist/updater.cjs 2.24 KB CJS dist/window.cjs 12.97 KB CJS ⚡️ Build success in 125ms DTS Build start DTS ⚡️ Build success in 2801ms DTS dist/index.d.ts 1.21 KB DTS dist/mocks.d.ts 3.45 KB DTS dist/app.d.ts 111.00 B DTS dist/cli.d.ts 107.00 B DTS dist/clipboard.d.ts 73.00 B DTS dist/dialog.d.ts 220.00 B DTS dist/window.d.ts 494.00 B DTS dist/event.d.ts 155.00 B DTS dist/fs.d.ts 395.00 B DTS dist/globalShortcut.d.ts 158.00 B DTS dist/http.d.ts 273.00 B DTS dist/notification.d.ts 149.00 B DTS dist/path.d.ts 640.00 B DTS dist/process.d.ts 66.00 B DTS dist/shell.d.ts 132.00 B DTS dist/tauri.d.ts 113.00 B DTS dist/updater.d.ts 213.00 B DTS dist/os.d.ts 162.00 B DTS dist/app-5190a154.d.ts 1.67 KB DTS dist/cli-373e13ed.d.ts 1.61 KB DTS dist/clipboard-79413165.d.ts 941.00 B DTS dist/dialog-20ff401c.d.ts 7.54 KB DTS dist/event-41a9edf5.d.ts 50.79 KB DTS dist/fs-9d7de754.d.ts 9.69 KB DTS dist/globalShortcut-003b7421.d.ts 3.04 KB DTS dist/http-840f7a7f.d.ts 9.66 KB DTS dist/notification-e8316aac.d.ts 4.01 KB DTS dist/path-9b1e7ad5.d.ts 17.85 KB DTS dist/process-63838be1.d.ts 925.00 B DTS dist/shell-efff51a2.d.ts 9.35 KB DTS dist/tauri-5afe4a59.d.ts 3.36 KB DTS dist/updater-f9814f36.d.ts 2.84 KB DTS dist/os-076a31d4.d.ts 3.20 KB [1/4] Bumping version... info Current version: 1.5.0 [2/4] Logging in... [3/4] Publishing... success Published. [4/4] Revoking token... info Not revoking login token, specified via config file. Done in 10.01s.

### [`v1.4.0`](https://togithub.com/tauri-apps/tauri/releases/tag/tauri-build-v1.4.0): tauri-build v1.4.0 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/24490bca197a30e12ac59f421e95e4ab799f3c0a...@tauri-apps/cli-v1.4.0) Updating crates.io index

Cargo Audit

Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 550 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (515 crate dependencies) Crate: kuchiki Version: 0.8.1 Warning: unmaintained Title: `kuchiki` is unmaintained Date: 2023-01-21 ID: RUSTSEC-2023-0019 URL: https://rustsec.org/advisories/RUSTSEC-2023-0019 Dependency tree: kuchiki 0.8.1 ├── wry 0.24.3 │ └── tauri-runtime-wry 0.14.0 │ └── tauri 1.4.0 │ ├── tauri 1.4.0 │ ├── restart 0.1.0 │ └── app-updater 0.1.0 └── tauri-utils 1.4.0 ├── tauri-runtime-wry 0.14.0 ├── tauri-runtime 0.14.0 │ ├── tauri-runtime-wry 0.14.0 │ └── tauri 1.4.0 ├── tauri-macros 1.4.0 │ └── tauri 1.4.0 ├── tauri-config-schema 0.0.0 ├── tauri-codegen 1.4.0 │ ├── tauri-macros 1.4.0 │ └── tauri-build 1.4.0 │ └── app-updater 0.1.0 ├── tauri-build 1.4.0 └── tauri 1.4.0 Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 ├── colored 2.0.0 │ └── mockito 0.31.1 │ └── tauri 1.4.0 │ ├── tauri 1.4.0 │ ├── restart 0.1.0 │ └── app-updater 0.1.0 └── clap 3.2.25 └── tauri 1.4.0 warning: 2 allowed warnings found

#### \[1.4.0] ##### Enhancements - [`52474e47`](https://www.github.com/tauri-apps/tauri/commit/52474e479d695865299d8c8d868fb98b99731020)([#​7141](https://www.togithub.com/tauri-apps/tauri/pull/7141)) Enhance Cargo features check. - [`af937290`](https://www.github.com/tauri-apps/tauri/commit/af93729031565a69d1fde6cf16bea3b9b6e43a65)([#​6676](https://www.togithub.com/tauri-apps/tauri/pull/6676)) On Windows, set `LegalCopyright` and `FileDescription` file properties on the executable from `tauri.bundle.copyright` and `tauri.bundle.shortDescription`, - [`d2710e9d`](https://www.github.com/tauri-apps/tauri/commit/d2710e9d2e8fd93975ef6494512370faa8cb3b7e)([#​6944](https://www.togithub.com/tauri-apps/tauri/pull/6944)) Unpin `time`, `ignore`, and `winnow` crate versions. Developers now have to pin crates if needed themselves. A list of crates that need pinning to adhere to Tauri's MSRV will be visible in Tauri's GitHub workflow: https://github.com/tauri-apps/tauri/blob/dev/.github/workflows/test-core.yml#L85. ### [`v1.3.1`](https://togithub.com/tauri-apps/tauri/compare/21cc1de171837a4313e28d063c9d839b6d858e9e...24490bca197a30e12ac59f421e95e4ab799f3c0a) [Compare Source](https://togithub.com/tauri-apps/tauri/compare/21cc1de171837a4313e28d063c9d839b6d858e9e...24490bca197a30e12ac59f421e95e4ab799f3c0a) ### [`v1.3.0`](https://togithub.com/tauri-apps/tauri/releases/tag/tauri-build-v1.3.0): tauri-build v1.3.0 [Compare Source](https://togithub.com/tauri-apps/tauri/compare/ca45fdb01397f0ed527f359f3bf7fc664d04300f...21cc1de171837a4313e28d063c9d839b6d858e9e) Updating crates.io index

Cargo Audit

Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 543 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (520 crate dependencies) Crate: kuchiki Version: 0.8.1 Warning: unmaintained Title: `kuchiki` is unmaintained Date: 2023-01-21 ID: RUSTSEC-2023-0019 URL: https://rustsec.org/advisories/RUSTSEC-2023-0019 Dependency tree: kuchiki 0.8.1 ├── wry 0.24.1 │ └── tauri-runtime-wry 0.13.0 │ └── tauri 1.3.0 │ ├── tauri 1.3.0 │ ├── restart 0.1.0 │ └── app-updater 0.1.0 └── tauri-utils 1.3.0 ├── tauri-tauri-config-schema 0.0.0 ├── tauri-runtime-wry 0.13.0 ├── tauri-runtime 0.13.0 │ ├── tauri-runtime-wry 0.13.0 │ └── tauri 1.3.0 ├── tauri-macros 1.3.0 │ └── tauri 1.3.0 ├── tauri-codegen 1.3.0 │ ├── tauri-macros 1.3.0 │ └── tauri-build 1.3.0 │ └── app-updater 0.1.0 ├── tauri-build 1.3.0 └── tauri 1.3.0 Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 ├── colored 2.0.0 │ └── mockito 0.31.1 │ └── tauri 1.3.0 │ ├── tauri 1.3.0 │ ├── restart 0.1.0 │ └── app-updater 0.1.0 └── clap 3.2.25 └── tauri 1.3.0 warning: 2 allowed warnings found

#### \[1.3.0] - Bump minimum supported Rust version to 1.60. - [5fdc616d](https://www.github.com/tauri-apps/tauri/commit/5fdc616df9bea633810dcb814ac615911d77222c) feat: Use the zbus-backed of notify-rust ([#​6332](https://www.togithub.com/tauri-apps/tauri/pull/6332)) on 2023-03-31 - Add initial support for building `nsis` bundles on non-Windows platforms. - [60e6f6c3](https://www.github.com/tauri-apps/tauri/commit/60e6f6c3f1605f3064b5bb177992530ff788ccf0) feat(bundler): Add support for creating NSIS bundles on unix hosts ([#​5788](https://www.togithub.com/tauri-apps/tauri/pull/5788)) on 2023-01-19 - Add `WindowsAttributes::app_manifest` to specify the application manifest on Windows. - [bca09f7f](https://www.github.com/tauri-apps/tauri/commit/bca09f7f5ff1c9c5a4b51da043bdd5da668a179b) feat(tauri-build): add option to specify Windows manifest, closes [#​5584](https://www.togithub.com/tauri-apps/tauri/pull/5584) ([#​5730](https://www.togithub.com/tauri-apps/tauri/pull/5730)) on 2022-12-14 - Added support for Cargo's workspace inheritance for package information. The cli now also detects inherited `tauri` and `tauri-build` dependencies and disables manifest rewrites accordingly. - [cd8c074a](https://www.github.com/tauri-apps/tauri/commit/cd8c074ae6592303d3f6844a4fb6d262eae913b2) feat(cli): add support for Cargo's workspace inheritance for the package version, closes [#​5070](https://www.togithub.com/tauri-apps/tauri/pull/5070) ([#​5775](https://www.togithub.com/tauri-apps/tauri/pull/5775)) on 2022-12-14 - [d20a7288](https://www.github.com/tauri-apps/tauri/commit/d20a728892eee1858ab525ab6216cd721f473ab5) feat: Further improve workspace inheritance, closes [#​6122](https://www.togithub.com/tauri-apps/tauri/pull/6122), [#​5070](https://www.togithub.com/tauri-apps/tauri/pull/5070) ([#​6144](https://www.togithub.com/tauri-apps/tauri/pull/6144)) on 2023-01-26 - Pin `winnow` crate to 0.4.1 to keep the 1.60 MSRV.

Cargo Publish

Updating crates.io index Packaging tauri-build v1.3.0 (/home/runner/work/tauri/tauri/core/tauri-build) Verifying tauri-build v1.3.0 (/home/runner/work/tauri/tauri/core/tauri-build) Downloading crates ... Downloaded tauri-winres v0.1.0 Downloaded cargo_toml v0.15.2 Downloaded winnow v0.4.1 Compiling proc-macro2 v1.0.56 Compiling quote v1.0.26 Compiling unicode-ident v1.0.8 Compiling libc v0.2.142 Compiling cfg-if v1.0.0 Compiling syn v2.0.15 Compiling ppv-lite86 v0.2.17 Compiling siphasher v0.3.10 Compiling getrandom v0.1.16 Compiling serde_derive v1.0.160 Compiling serde v1.0.160 Compiling syn v1.0.109 Compiling rand_core v0.5.1 Compiling rand_chacha v0.2.2 Compiling rand_pcg v0.2.1 Compiling autocfg v1.1.0 Compiling rand v0.7.3 Compiling phf_shared v0.8.0 Compiling phf_generator v0.8.0 Compiling getrandom v0.2.9 Compiling rand_core v0.6.4 Compiling proc-macro-hack v0.5.20+deprecated Compiling rand_chacha v0.3.1 Compiling phf_shared v0.10.0 Compiling rand v0.8.5 Compiling phf_generator v0.10.0 Compiling phf_codegen v0.8.0 Compiling smallvec v1.10.0 Compiling lock_api v0.4.9 Compiling fnv v1.0.7 Compiling parking_lot_core v0.9.7 Compiling phf_macros v0.8.0 Compiling log v0.4.17 Compiling scopeguard v1.1.0 Compiling new_debug_unreachable v1.0.4 Compiling phf v0.8.0 Compiling string_cache_codegen v0.5.2 Compiling byteorder v1.4.3 Compiling precomputed-hash v0.1.1 Compiling strsim v0.10.0 Compiling mac v0.1.1 Compiling ident_case v1.0.1 Compiling darling_core v0.20.1 Compiling futf v0.1.5 Compiling markup5ever v0.10.1 Compiling parking_lot v0.12.1 Compiling indexmap v1.9.3 Compiling cssparser v0.27.2 Compiling dtoa v0.4.8 Compiling serde_json v1.0.96 Compiling utf-8 v0.7.6 Compiling once_cell v1.17.1 Compiling tinyvec_macros v0.1.1 Compiling tinyvec v1.6.0 Compiling string_cache v0.8.7 Compiling tendril v0.4.3 Compiling dtoa-short v0.3.3 Compiling darling_macro v0.20.1 Compiling selectors v0.22.0 Compiling html5ever v0.25.2 Compiling cssparser-macros v0.6.0 Compiling stable_deref_trait v1.2.0 Compiling matches v0.1.10 Compiling thiserror v1.0.40 Compiling nodrop v0.1.14 Compiling hashbrown v0.12.3 Compiling convert_case v0.4.0 Compiling ryu v1.0.13 Compiling itoa v1.0.6 Compiling itoa v0.4.8 Compiling derive_more v0.99.17 Compiling servo_arc v0.1.1 Compiling darling v0.20.1 Compiling unicode-normalization v0.1.22 Compiling fxhash v0.2.1 Compiling toml_datetime v0.6.1 Compiling serde_spanned v0.6.1 Compiling thiserror-impl v1.0.40 Compiling memchr v2.5.0 Compiling semver v1.0.17 Compiling uuid v1.3.2 Compiling thin-slice v0.1.1 Compiling winnow v0.4.1 Compiling percent-encoding v2.2.0 Compiling unicode-bidi v0.3.13 Compiling bitflags v1.3.2 Compiling toml_edit v0.19.8 Compiling idna v0.3.0 Compiling form_urlencoded v1.1.0 Compiling cfb v0.7.3 Compiling serde_with_macros v2.3.3 Compiling treediff v4.0.2 Compiling phf_macros v0.10.0 Compiling same-file v1.0.6 Compiling anyhow v1.0.71 Compiling phf v0.10.1 Compiling walkdir v2.3.3 Compiling serde_with v2.3.3 Compiling json-patch v1.0.0 Compiling kuchiki v0.8.1 Compiling infer v0.12.0 Compiling url v2.3.1 Compiling toml v0.7.3 Compiling toml v0.5.11 Compiling ctor v0.1.26 Compiling heck v0.4.1 Compiling glob v0.3.1 Compiling version_check v0.9.4 Compiling tauri-utils v1.3.0 Compiling tauri-winres v0.1.0 Compiling cargo_toml v0.15.2 Compiling tauri-build v1.3.0 (/home/runner/work/tauri/tauri/target/package/tauri-build-1.3.0) Finished dev [unoptimized + debuginfo] target(s) in 51.49s Packaged 11 files, 43.3KiB (14.4KiB compressed) Uploading tauri-build v1.3.0 (/home/runner/work/tauri/tauri/core/tauri-build) Updating crates.io index Waiting on `tauri-build` to propagate to crates.io index (ctrl-c to wait asynchronously) Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index Updating crates.io index

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.