Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s Tauri toolchain/dependencies to newer patch/minor releases in order to pick up an upstream security fix related to IPC ACL enforcement.
Changes:
- Bump
@tauri-apps/clito2.11.0(rootpackage.json+pnpm-lock.yaml). - Bump Rust
taurito^2.11.0andtauri-buildto2.6.0in the Tauri backend crate. - Refresh
Cargo.lockto reflect the new Tauri dependency graph.
Reviewed changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
pnpm-lock.yaml |
Locks @tauri-apps/cli to 2.11.0 and updates related lock entries. |
package.json |
Updates the root devDependency @tauri-apps/cli to ^2.11.0. |
crates/gitbutler-tauri/Cargo.toml |
Bumps Rust-side Tauri (tauri, tauri-build) versions. |
Cargo.lock |
Updates resolved Rust dependencies for the new Tauri versions. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Comment on lines
+125
to
+126
| specifier: ^2.11.0 | ||
| version: 2.11.0 |
mtsgrd
force-pushed
the
bump-tauri-patch-versions
branch
from
de3013b to
a2ac8e6
Compare
mtsgrd
requested review from
Byron,
Caleb-T-Owens,
estib-vega,
krlvi,
schacon and
slarse
as code owners
estib-vega
approved these changes
May 6, 2026
mtsgrd
force-pushed
the
bump-tauri-patch-versions
branch
from
367c953 to
7612a94
Compare
mtsgrd
force-pushed
the
bump-tauri-patch-versions
branch
from
7612a94 to
e5fa2a7
Compare
Rust crates: - `tauri` 2.10.3 → 2.11.0 - `tauri-build` 2.5.5 → 2.6.0 - `tauri-plugin-single-instance` 2.4.0 → 2.4.2 - `tauri-plugin-dialog` 2.7.0 → 2.7.1 - `tauri-plugin-fs` 2.4.5 → 2.5.1 - `tauri-plugin-store` 2.4.2 → 2.4.3 JS packages: - `@tauri-apps/cli` 2.10.1 → 2.11.0 - `@tauri-apps/api` 2.10.1 → 2.11.0 - `@tauri-apps/plugin-dialog` 2.6.0 → 2.7.1 - `@tauri-apps/plugin-fs` 2.4.5 → 2.5.1 - `@tauri-apps/plugin-os` 2.3.0 → 2.3.2 - `@tauri-apps/plugin-process` 2.3.0 → 2.3.1 - `@tauri-apps/plugin-store` 2.4.2 → 2.4.3 - `@tauri-apps/plugin-updater` 2.10.0 → 2.10.1 - `@tauri-apps/plugin-clipboard-manager` 2.3.0 → 2.3.2 - `@tauri-apps/plugin-deep-link` 2.4.7 → 2.4.9 This includes a security fix that enforces ACL checks for IPC requests from remote origins even when no `AppManifest` is configured (#13076, #13384, #13653), which will let us remove the error-prone `permissions/default.toml` file in a follow-up. Tauri 2.11.0 also changes how `generate_handler!` resolves command names: it now calls a `__tauri_command_name_<ident>!()` macro per command instead of using `stringify!`. The `#[but_api]` proc macro generates wrapper functions with a `_json` suffix (e.g. `add_project_json`), so the tauri-generated name macro was returning `"add_project_json"` while the frontend sends `"add_project"` — silently dropping all `#[but_api]` IPC calls. Fixed by adding `rename = "<original_name>"` to the generated `#[tauri::command]` attribute and re-exporting the new `__tauri_command_name_*` macro in the tauri module shim.
mtsgrd
force-pushed
the
bump-tauri-patch-versions
branch
from
e5fa2a7 to
6e0e0e9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps all Tauri packages (Rust crates, JS API, and plugins) to their latest patch versions.
Rust crates
tauri2.10.3 → 2.11.0tauri-build2.5.5 → 2.6.0tauri-plugin-single-instance2.4.0 → 2.4.2tauri-plugin-dialog2.7.0 → 2.7.1tauri-plugin-fs2.4.5 → 2.5.1tauri-plugin-store2.4.2 → 2.4.3JS packages
@tauri-apps/cli2.10.1 → 2.11.0@tauri-apps/api2.10.1 → 2.11.0@tauri-apps/plugin-dialog2.6.0 → 2.7.1@tauri-apps/plugin-fs2.4.5 → 2.5.1@tauri-apps/plugin-os2.3.0 → 2.3.2@tauri-apps/plugin-process2.3.0 → 2.3.1@tauri-apps/plugin-store2.4.2 → 2.4.3@tauri-apps/plugin-updater2.10.0 → 2.10.1@tauri-apps/plugin-clipboard-manager2.3.0 → 2.3.2@tauri-apps/plugin-deep-link2.4.7 → 2.4.9Why
Tauri 2.11.0 includes a security fix that enforces ACL checks for IPC requests from remote origins even when no
AppManifestis configured. This lets us remove the error-pronepermissions/default.tomlfile in a follow-up (#13655), which has been a recurring source of bugs:#[but_api]macro fixTauri 2.11.0 changes how
generate_handler!resolves command names — it now calls a__tauri_command_name_<ident>!()macro instead of usingstringify!. Since#[but_api]generates wrapper functions with a_jsonsuffix (e.g.add_project_json), the tauri-generated macro returned"add_project_json"while the frontend sends"add_project"— silently dropping all#[but_api]IPC calls.Fixed by:
rename = "<original_name>"to the generated#[tauri::command]attribute__tauri_command_name_*macro in the tauri module shim