Skip to content

chore(deps): bump the npm-apps-desktop-patch-minor group across 1 directory with 6 updates#168

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/apps/desktop/npm-apps-desktop-patch-minor-852db5daef
Open

chore(deps): bump the npm-apps-desktop-patch-minor group across 1 directory with 6 updates#168
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/apps/desktop/npm-apps-desktop-patch-minor-852db5daef

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 2, 2026
edited by cubic-dev-ai Bot
Loading

Bumps the npm-apps-desktop-patch-minor group with 5 updates in the /apps/desktop directory:

Package From To
@tauri-apps/api 2.10.1 2.11.0
@tauri-apps/plugin-updater 2.10.0 2.10.1
@tauri-apps/cli 2.10.1 2.11.0
@vitest/coverage-v8 4.0.18 4.1.5
vite 7.3.1 7.3.2

Updates @tauri-apps/api from 2.10.1 to 2.11.0

Release notes

Sourced from @​tauri-apps/api's releases.

@​tauri-apps/api v2.11.0

No known vulnerabilities found

[2.11.0]

New Features

  • 074299c08 (#14307) Add Bring All to Front predefined menu item type
  • a12142a48 (#14357) Add macos support for setting the icon and icon template state in the same step of the main thread, to prevent flickering.
  • 001c8fe3d (#14722) Add a WebView option to control browser-level general autofill behavior. This option does not disable password or credit card autofill. On Windows (WebView2), setting it to true disables the general autofill "Suggestions" UI, which may appear even when autocomplete="off" is specified on input elements. On Linux, macOS, iOS, and Android, this option is currently unsupported and performs no operation.
  • eb0312ea9 (#15199) Propagates the Event::Suspended and Event::Resumed events from tao when they are emitted on mobile targets.
> @tauri-apps/api@2.11.0 npm-publish /home/runner/work/tauri/tauri/packages/api
> pnpm build && cd ./dist && pnpm publish --access public --loglevel silly --no-git-checks

> @​tauri-apps/api@​2.11.0 build /home/runner/work/tauri/tauri/packages/api
> rollup -c --configPlugin typescript


�[36m
�[1m./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts, ./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts, ./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts, ./src/window.ts�[22m → �[1m./dist, ./dist�[22m...�[39m
�[32mcreated �[1m./dist, ./dist�[22m in �[1m1s�[22m�[39m
�[36m
�[1msrc/index.ts�[22m → �[1m../../crates/tauri/scripts/bundle.global.js�[22m...�[39m
�[32mcreated �[1m../../crates/tauri/scripts/bundle.global.js�[22m in �[1m1.6s�[22m�[39m
npm verbose cli /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/npm
npm info using npm@11.11.0
npm info using node@v24.14.1
npm silly config load:file:/opt/hostedtoolcache/node/24.14.1/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/62753b73fd2498862aee9b07ed29cc21/.npmrc
npm silly config load:file:/home/runner/.npmrc
npm silly config load:file:/home/runner/.config/pnpm/rc
npm verbose title npm publish tauri-apps-api-2.11.0.tgz
npm verbose argv "publish" "--ignore-scripts" "tauri-apps-api-2.11.0.tgz" "--access" "public" "--loglevel" "silly"
npm verbose logfile logs-max:10 dir:/home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-
npm verbose logfile /home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-debug-0.log
npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "npm-globalconfig". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
</tr></table>

... (truncated)

Commits
  • e60834f Apply Version Updates From Current Changes (#15041)
  • df05c00 chore: minor bump for codegen crate
  • 13bea17 chore: fmt
  • 9808236 fix(macOS): correct value for work_area.position.y (#14655)
  • eb0312e feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...
  • 4ef5797 feat(ios): add --no-sign and --archive-only flags to ios build (#15061)
  • 110336c fix(macOS): fix incorrect window position on multi-monitor setups (#15250)
  • c00a3db feat(macros): add support for rename command macro in tauri-macros #14173 (#1...
  • 764b913 feat(cli): restart Android emulator if it is disconnected from adb (#14313)
  • 1035f12 fix(windows): tauri-bundler detect arm system (#14923)
  • Additional commits viewable in compare view

Updates @tauri-apps/plugin-updater from 2.10.0 to 2.10.1

Release notes

Sourced from @​tauri-apps/plugin-updater's releases.

updater-js v2.10.1

[2.10.1]

  • 31ab6f8d (#3285 by @​hrzlgnm) fix: preserve file extension of updater package, otherwise users may get confused when presented with a sudo dialog suggesting to install a file with the extension .rpm using dpkg -i
npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-updater@2.10.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.1kB README.md
npm notice 2.6kB dist-js/index.cjs
npm notice 2.3kB dist-js/index.d.ts
npm notice 2.6kB dist-js/index.js
npm notice 659B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-updater
npm notice version: 2.10.1
npm notice filename: tauri-apps-plugin-updater-2.10.1.tgz
npm notice package size: 3.7 kB
npm notice unpacked size: 12.1 kB
npm notice shasum: ea0efd766890394b6c719b9fc21de7da0029c69c
npm notice integrity: sha512-NFYMg+tWOZPJd[...]Y1WVCNHnh3eRA==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993797
+ @tauri-apps/plugin-updater@2.10.1

updater v2.10.1

[2.10.1]

  • 31ab6f8d (#3285 by @​hrzlgnm) fix: preserve file extension of updater package, otherwise users may get confused when presented with a sudo dialog suggesting to install a file with the extension .rpm using dpkg -i
</tr></table>

... (truncated)

Commits
  • d6a3898 Publish New Versions (v2) (#3268)
  • 2e5bcdf chore(deps): fix audits (#3373)
  • 4374b4f chore(notification): remove unused dev-deps (#3372)
  • f75d21d chore(deps): remove used of tauri-utils build feature (#3360)
  • 4b95f5e chore(deps): update dependency eslint to v10.1.0 (#3357)
  • 99c3e37 chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (#3352)
  • eaac19a chore(deps): update rust crate tar to v0.4.45 [security] (#3353)
  • 5183e31 chore(deps): update dependency typescript-eslint to v8.57.1 (#3344)
  • 2c0883e chore(deps): update dependency vite to v8 (#3346)
  • 024ec0c fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...
  • Additional commits viewable in compare view

Updates @tauri-apps/cli from 2.10.1 to 2.11.0

Release notes

Sourced from @​tauri-apps/cli's releases.

@​tauri-apps/cli v2.11.0

[2.11.0]

New Features

  • 926a57bb0 (#15201) Added uninstaller icon and uninstaller header image support for NSIS installer.

    Notes:

    • For tauri-bundler lib users, the NsisSettings now has 2 new fields uninstaller_icon and uninstaller_header_image which can be a breaking change
    • When bundling with NSIS, users can add uninstallerIcon and uninstallerHeaderImage under bundle > windows > nsis to configure them.

  • 764b9139a (#14313) Prompt to restart the Android emulator if it is not connected to adb.

  • 5dc2cee60 (#14793) Added support for minimumWebview2Version option support for the MSI (Wix) installer, the old bundle > windows > nsis > minimumWebview2Version is now deprecated in favor of bundle > windows > minimumWebview2Version

    Notes:

    • For anyone relying on the WVRTINSTALLED Property tag in main.wxs, it is now renamed to INSTALLED_WEBVIEW2_VERSION
    • For tauri-bundler lib users, the WindowsSettings now has a new field minimum_webview2_version which can be a breaking change

Enhancements

  • be0e4bd2d (#15218) Added Vietnamese translations for the NSIS installer
  • 8718d0816 (#15033) Show the context before prompting for updater signing key password

Bug Fixes

  • fcb702ec4 (#14954) Fix build --bundles to allow nsis arg in linux+macOS
  • 80c1425af (#14921) Fix iOS build failure when Metal Toolchain is installed by using explicit $(DEVELOPER_DIR)/Toolchains/XcodeDefault.xctoolchain path instead of $(TOOLCHAIN_DIR) for Swift library search paths.

What's Changed

Dependencies

  • Upgraded to tauri-cli@2.11.0
Commits
  • e60834f Apply Version Updates From Current Changes (#15041)
  • df05c00 chore: minor bump for codegen crate
  • 13bea17 chore: fmt
  • 9808236 fix(macOS): correct value for work_area.position.y (#14655)
  • eb0312e feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...
  • 4ef5797 feat(ios): add --no-sign and --archive-only flags to ios build (#15061)
  • 110336c fix(macOS): fix incorrect window position on multi-monitor setups (#15250)
  • c00a3db feat(macros): add support for rename command macro in tauri-macros #14173 (#1...
  • 764b913 feat(cli): restart Android emulator if it is disconnected from adb (#14313)
  • 1035f12 fix(windows): tauri-bundler detect arm system (#14923)
  • Additional commits viewable in compare view

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

... (truncated)

Commits

Updates vite from 7.3.1 to 7.3.2

Release notes

Sourced from vite's releases.

v7.3.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.2 (2026-04-06)

Bug Fixes

Commits

Updates vitest from 4.0.18 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

... (truncated)

Commits
  • e399846 chore: release v4.1.5
  • 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
  • 9787ded fix: respect diff config options in soft assertions (#8696)
  • 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
  • 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
  • 663b99f fix: alias agent reporter to minimal (#10157)
  • 122c25b fix: fix vi.defineHelper called as object method (#10163)
  • 6abd557 feat(api): make test-specification options writable (#10154)
  • 596f739 fix: project color label on html reporter (#10142)
  • 9423dc0 fix: --project negation excludes browser instances (#10131)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by cubic

Update desktop app dependencies to latest patch/minor to pick up Tauri 2.11, Vite 7.3.2 security fixes, and Vitest 4.1.5 improvements. This improves installer options on Windows, fixes Linux updater behavior, and hardens the dev server.

  • Dependencies
    • @tauri-apps/api → 2.11.0: macOS tray icon flicker fix, new menu item, optional Windows autofill control.
    • @tauri-apps/cli → 2.11.0: NSIS uninstaller icon/header support and Wix WebView2 minimum version option; various fixes.
    • @tauri-apps/plugin-updater → 2.10.1: preserves package file extension to avoid Linux install confusion.
    • vite → 7.3.2: security fixes for sourcemap handler and fs checks.
    • vitest and @vitest/coverage-v8 → 4.1.5: bug fixes and coverage updates; no config changes required.

Written for commit 19c9a2f. Summary will update on new commits.

@dependabot
chore(deps): bump the npm-apps-desktop-patch-minor group across 1 dir…
19c9a2f 
…ectory with 6 updates

Bumps the npm-apps-desktop-patch-minor group with 5 updates in the /apps/desktop directory:

| Package | From | To |
| --- | --- | --- |
| [@tauri-apps/api](https://github.com/tauri-apps/tauri) | `2.10.1` | `2.11.0` |
| [@tauri-apps/plugin-updater](https://github.com/tauri-apps/plugins-workspace) | `2.10.0` | `2.10.1` |
| [@tauri-apps/cli](https://github.com/tauri-apps/tauri) | `2.10.1` | `2.11.0` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.18` | `4.1.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |



Updates `@tauri-apps/api` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.10.1...@tauri-apps/api-v2.11.0)

Updates `@tauri-apps/plugin-updater` from 2.10.0 to 2.10.1
- [Release notes](https://github.com/tauri-apps/plugins-workspace/releases)
- [Commits](tauri-apps/plugins-workspace@updater-v2.10.0...updater-v2.10.1)

Updates `@tauri-apps/cli` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.10.1...@tauri-apps/cli-v2.11.0)

Updates `@vitest/coverage-v8` from 4.0.18 to 4.1.5
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8)

Updates `vite` from 7.3.1 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

Updates `vitest` from 4.0.18 to 4.1.5
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest)

---
updated-dependencies:
- dependency-name: "@tauri-apps/api"
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-apps-desktop-patch-minor
- dependency-name: "@tauri-apps/plugin-updater"
  dependency-version: 2.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-apps-desktop-patch-minor
- dependency-name: "@tauri-apps/cli"
  dependency-version: 2.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-apps-desktop-patch-minor
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-apps-desktop-patch-minor
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-apps-desktop-patch-minor
- dependency-name: vitest
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-apps-desktop-patch-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 2, 2026

Labels

The following labels could not be found: area:ci, type:chore. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 2, 2026
@codeant-ai
Copy link
Copy Markdown

codeant-ai Bot commented May 2, 2026

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 2, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0 (≤ 10 complexity)
Duplication 0 (≤ 0 duplication)

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@sentry
Copy link
Copy Markdown

sentry Bot commented May 2, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 2, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedvitest@​4.0.18 ⏵ 4.1.59610079 +198100
Added@​vitest/​coverage-v8@​4.1.5991007998100
Updatedvite@​7.3.1 ⏵ 7.3.296 +1100 +2382 +198100
Updated@​tauri-apps/​cli@​2.10.1 ⏵ 2.11.09510088 +197100
Updated@​tauri-apps/​api@​2.10.1 ⏵ 2.11.099 +110089 +194100
Updated@​tauri-apps/​plugin-updater@​2.10.0 ⏵ 2.10.110010010091 +2100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants