build(deps): bump the tauri-rust-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the tauri-rust-dependencies group with 7 updates in the /apps/desktop/src-tauri directory:

Package	From	To
serde_json	1.0.149	1.0.150
tauri	2.10.2	2.10.3
tauri-plugin-fs	2.4.5	2.5.1
tauri-plugin-dialog	2.6.0	2.7.1
window-vibrancy	0.6.0	0.7.1
alloy	1.7.3	2.0.4
typenum	1.19.0	1.20.0

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates tauri from 2.10.2 to 2.10.3

Release notes

Sourced from tauri's releases.

tauri v2.10.3

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 941 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1052 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.54.0
    │   └── tauri-runtime-wry 2.10.1
    │       └── tauri 2.10.3
    │           ├── tauri-utils 2.8.3
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.10.1
    │           │   ├── tauri-runtime 2.10.1
    │           │   │   ├── tauri-runtime-wry 2.10.1
    │           │   │   └── tauri 2.10.3
    │           │   ├── tauri-plugin 2.5.4
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.5.5
    │           │   │   └── tauri 2.10.3
    │           │   ├── tauri-codegen 2.5.5
    │           │   │   ├── tauri-macros 2.5.5
    │           │   │   └── tauri-build 2.5.6
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.10.3
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.10.1
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.8.1
    │           │   │   └── tauri-cli 2.10.1
    │           │   ├── tauri-build 2.5.6
</tr></table> 

... (truncated)

Commits

• 9b17a7a fix(ci): bump rustsec/audit-check to v2 and ignore time audit (#15030)
• d868279 apply version updates (#14897)
• 3a65cc6 fix(test): disable resolve_resource_dir on Android (#15026)
• 52cf195 refactor(cli): reduce some nesting code (#14844)
• c3cbff3 fix: resource path handles ./ path differently (#14662)
• 33754ae fix(cli): unusable empty password private keys (#15022)
• 3935dee Add AI tool policy to contributing guide (#15002)
• 33932a7 chore(deps-dev): bump svelte from 5.51.5 to 5.53.5 (#15015)
• 7d3c759 chore(deps): update dependency rollup to v4.59.0 (#15001)
• f20256b chore: fix clippy warnings (#14999)
• Additional commits viewable in compare view

Updates tauri-plugin-fs from 2.4.5 to 2.5.1

Release notes

Sourced from tauri-plugin-fs's releases.

fs-js v2.5.1

[2.5.1]

• ec054013 (#3323 by @​renovate) Updated dependency toml from 0.9 to 1

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-fs@2.5.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 2.4kB README.md
npm notice 32.8kB dist-js/index.cjs
npm notice 32.6kB dist-js/index.d.ts
npm notice 32.0kB dist-js/index.js
npm notice 697B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-fs
npm notice version: 2.5.1
npm notice filename: tauri-apps-plugin-fs-2.5.1.tgz
npm notice package size: 21.5 kB
npm notice unpacked size: 101.5 kB
npm notice shasum: e1b8643d41c74251699fcdecc800877d18a4a6fc
npm notice integrity: sha512-9Lz+Jopp6QyeE[...]tqPB/XEMS3NhQ==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011689
+ @tauri-apps/plugin-fs@2.5.1

fs v2.5.1

[2.5.1]

• ec054013 (#3323 by @​renovate) Updated dependency toml from 0.9 to 1

</tr></table> 

... (truncated)

Commits

• 5c7668b publish new versions (#3397)
• ec05401 chore(deps): update rust crate toml to v1 (#3323)
• b86e999 chore(deps): update tauri packages to 2.11 (#3407)
• c463d8a chore(deps): update rustls-webpki in lockfile, ignore core2 in audit (#3405)
• 1bb7beb chore(deps): bump openssl (#3402)
• 3412fa2 docs(readme): fix platform support matrix (opener supports mobile)
• af81fda docs(readme): fix platform support matrix (mobile is supported)
• c1fd33b fix(opener): allow open network share locations (#3343)
• 250857b chore(deps): update dependency typescript to v6 (#3363)
• 964e13f fix(store): dead lock trying to set while exiting (#3395)
• Additional commits viewable in compare view

Updates tauri-plugin-dialog from 2.6.0 to 2.7.1

Release notes

Sourced from tauri-plugin-dialog's releases.

dialog-js v2.7.1

[2.7.1]

Dependencies

• Upgraded to fs-js@2.5.1

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-dialog@2.7.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.5kB README.md
npm notice 6.9kB dist-js/index.cjs
npm notice 14.6kB dist-js/index.d.ts
npm notice 6.8kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 657B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-dialog
npm notice version: 2.7.1
npm notice filename: tauri-apps-plugin-dialog-2.7.1.tgz
npm notice package size: 6.7 kB
npm notice unpacked size: 33.3 kB
npm notice shasum: fc83387de807c8d064d2b64b1b813b84e8286a12
npm notice integrity: sha512-OK1UBXYt+ojcm[...]FmEOjIY9IhzOQ==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011725
+ @tauri-apps/plugin-dialog@2.7.1

dialog v2.7.1

[2.7.1]

Dependencies

• Upgraded to fs-js@2.5.1

... (truncated)

Commits

• e7a68fa publish new versions (#3068)
• b5550a3 chore: temp delete updater changefile
• 93426f8 fix: fix docsrs builds
• 4ee61e0 Revert "chore: temp delete updater changefile"
• 06124af publish new versions (#2972)
• 060219e chore(deps): update dependency @​rollup/plugin-typescript to v12.3.0 (#3067)
• c7e9766 chore(deps): update tauri monorepo (v2) (#3058)
• d4a8ce9 chore(deps): update rust crate tokio-tungstenite to 0.28 (#3016)
• cdc7eec chore(deps): update dependency @​rollup/plugin-typescript to v12.2.0 (#3066)
• 6314b00 chore: temp delete updater changefile
• Additional commits viewable in compare view

Updates window-vibrancy from 0.6.0 to 0.7.1

Release notes

Sourced from window-vibrancy's releases.

window-vibrancy v0.7.1

[0.7.1]

bug

• 65f5d28 (#196 by @​FabianLars) Increased objc2-app-kit version to 0.3.2. No user facing changes because cargo already resolves to that version because of the enabled features.

Cargo Publish

\` Updating crates.io index Packaging window-vibrancy v0.7.1 (/home/runner/work/window-vibrancy/window-vibrancy) Updating crates.io index warning: package crossbeam-channel v0.5.14 in Cargo.lock is yanked in registry crates-io, consider updating to a version that is not yanked Packaged 34 files, 1.5MiB (1.3MiB compressed) Uploading window-vibrancy v0.7.1 (/home/runner/work/window-vibrancy/window-vibrancy) Uploaded window-vibrancy v0.7.1 to registry crates-io note: waiting for window-vibrancy v0.7.1 to be available at registry crates-io. You may press ctrl-c to skip waiting; the crate should be available shortly. Published window-vibrancy v0.7.1 at registry crates-io \`

window-vibrancy v0.7.0

[0.7.0]

enhance

• 5178609 (#191 by @​ahonn) Introduce macOS liquid glass support with apply_liquid_glass / clear_liquid_glass.

misc

• 5178609 (#191 by @​ahonn) Increased the MSRV to 1.77.

Cargo Publish

\` Updating crates.io index Packaging window-vibrancy v0.7.0 (/home/runner/work/window-vibrancy/window-vibrancy) Updating crates.io index warning: package crossbeam-channel v0.5.14 in Cargo.lock is yanked in registry crates-io, consider updating to a version that is not yanked Packaged 34 files, 1.5MiB (1.3MiB compressed) Uploading window-vibrancy v0.7.0 (/home/runner/work/window-vibrancy/window-vibrancy) Uploaded window-vibrancy v0.7.0 to registry crates-io note: waiting for window-vibrancy v0.7.0 to be available at registry crates-io. You may press ctrl-c to skip waiting; the crate should be available shortly. Published window-vibrancy v0.7.0 at registry crates-io \`

Changelog

Sourced from window-vibrancy's changelog.

[0.7.1]

bug

• 65f5d28 (#196 by @​FabianLars) Increased objc2-app-kit version to 0.3.2. No user facing changes because cargo already resolves to that version because of the enabled features.

[0.7.0]

enhance

• 5178609 (#191 by @​ahonn) Introduce macOS liquid glass support with apply_liquid_glass / clear_liquid_glass.

misc

• 5178609 (#191 by @​ahonn) Increased the MSRV to 1.77.

Commits

• 5e7ddd7 apply version updates (#197)
• 65f5d28 chore(deps): explicitly set objc2-app-kit to 0.3.2 (#196)
• a1c9b80 ci: refresh lockfile in postversion
• d21c932 apply version updates (#195)
• ad1dd4b ci: fix workflow syntax
• 41d8930 ci: use upstream create-pull-request action (#194)
• a1e7e75 chore(deps): update rust crate winit to 0.30 (#134)
• 3a5a51b chore(deps): update rust crate windows-version to v0.1.7 (#186)
• 4aa3c0c chore(deps): update rust crate tao to 0.34 (#154)
• 9fd17b5 chore(deps): update windows-sys to 0.60 (#193)
• Additional commits viewable in compare view

Updates alloy from 1.7.3 to 2.0.4

Release notes

Sourced from alloy's releases.

v2.0.4

What's Changed

• fix(rpc-types-engine): remove non_exhaustive from testing build request by @​mattsse in alloy-rs/alloy#3940

Full Changelog: alloy-rs/alloy@v2.0.3...v2.0.4

v2.0.3

What's Changed

• feat(rpc-types-engine): derive Default for testing build request by @​mattsse in alloy-rs/alloy#3939

Full Changelog: alloy-rs/alloy@v2.0.2...v2.0.3

v2.0.2

What's Changed

• chore(rpc-types-engine): mark TestingBuildBlockRequestV1 non_exhaustive by @​mattsse in alloy-rs/alloy#3913
• refactor(transport-ws): make TLS opts selectable through features by @​lean-apple in alloy-rs/alloy#3915
• feat(eips): add sidecar shrink_to_fit helpers by @​mattsse in alloy-rs/alloy#3918
• fix(pubsub): back off reconnect retries by @​mattsse in alloy-rs/alloy#3919
• refactor(rpc-types-engine): move v4 payload deserialize impl by @​mattsse in alloy-rs/alloy#3922
• fix(node-bindings): use create_dir_all for datadir creation by @​DivooOliver in alloy-rs/alloy#3920
• perf(serde): avoid heap allocation in JsonStorageKey Display by @​DivooOliver in alloy-rs/alloy#3925
• feat(eips): add SSZ support for blob proof types by @​mattsse in alloy-rs/alloy#3923
• feat(eips): add blob cells response type by @​mattsse in alloy-rs/alloy#3932
• feat(eips): add EIP-7594 sidecar cell helper by @​mattsse in alloy-rs/alloy#3933
• feat(eips): add EIP-7594 cell matching helpers by @​mattsse in alloy-rs/alloy#3934
• fix(provider): return network blocks from anvil_mine_detailed by @​Elena343-ai in alloy-rs/alloy#3928
• perf(eips): compute EIP-7594 cells only for matches by @​mattsse in alloy-rs/alloy#3937

New Contributors

• @​DivooOliver made their first contribution in alloy-rs/alloy#3920
• @​Elena343-ai made their first contribution in alloy-rs/alloy#3928

Full Changelog: alloy-rs/alloy@v2.0.1...v2.0.2

v2.0.1

What's Changed

• fix(provider): update test_anvil_set_time for corrected evm_setTime by @​stevencartavia in alloy-rs/alloy#3889
• fix(rpc-types-trace): add 0x prefix to storage keys and values in StructLog by @​figtracer in alloy-rs/alloy#3891
• fix: clear stderr buffer and break on EOF in geth reader thread by @​mattsse in alloy-rs/alloy#3888
• chore: added raw bal rpc by @​Rimeeeeee in alloy-rs/alloy#3892
• ci: pin actions to SHA and add dependabot cooldown by @​decofe in alloy-rs/alloy#3895
• chore(BAL): added from_block_slow_optional_bal by @​Rimeeeeee in alloy-rs/alloy#3898
• perf(consensus): avoid clones in ReceiptWithBloom::into_logs by @​Shresth79 in alloy-rs/alloy#3894
• feat(provider): add ProviderBuilder apply helpers by @​mattsse in alloy-rs/alloy#3901
• chore: update reth rpc endpoints by @​mattsse in alloy-rs/alloy#3902
• chore(deps): bump taiki-e/install-action from 2.74.0 to 2.75.3 by @​dependabot[bot] in alloy-rs/alloy#3897
• chore(deps): bump github/codeql-action from 7fc6561ed893d15cec696e062df840b21db27eb0 to 95e58e9a2cdfd71adc6e0353d5c52f41a045d225 by @​dependabot[bot] in alloy-rs/alloy#3896
• test(provider): re-enable anvil tests by @​mattsse in alloy-rs/alloy#3903

... (truncated)

Changelog

Sourced from alloy's changelog.

2.0.4 - 2026-04-29

Bug Fixes

• [rpc-types-engine] Remove non_exhaustive from testing build request (#3940)

Miscellaneous Tasks

• Release 2.0.4

2.0.3 - 2026-04-29

Features

• [rpc-types-engine] Derive Default for testing build request (#3939)

Miscellaneous Tasks

• Release 2.0.3

2.0.2 - 2026-04-29

Bug Fixes

• [provider] Return network blocks from anvil_mine_detailed (#3928)
• [node-bindings] Use create_dir_all for datadir creation (#3920)
• [pubsub] Back off reconnect retries (#3919)

Features

• [eips] Add EIP-7594 cell matching helpers (#3934)
• [eips] Add EIP-7594 sidecar cell helper (#3933)
• [eips] Add blob cells response type (#3932)
• [eips] Add SSZ support for blob proof types (#3923)
• [eips] Add sidecar shrink_to_fit helpers (#3918)

Miscellaneous Tasks

• Release 2.0.2
• Release 2.0.2
• [rpc-types-engine] Mark TestingBuildBlockRequestV1 non_exhaustive (#3913)

Performance

• [eips] Compute EIP-7594 cells only for matches (#3937)
• [serde] Avoid heap allocation in JsonStorageKey Display (#3925)

Refactor

• [rpc-types-engine] Move v4 payload deserialize impl (#3922)

... (truncated)

Commits

• f3fe4cf chore: release 2.0.4
• 69eb3d7 fix(rpc-types-engine): remove non_exhaustive from testing build request (#3940)
• c915624 chore: release 2.0.3
• e0fa41e feat(rpc-types-engine): derive Default for testing build request (#3939)
• 3204bb4 chore: release 2.0.2
• 9708257 chore: release 2.0.2
• e24e43d perf(eips): compute EIP-7594 cells only for matches (#3937)
• f119d71 fix(provider): return network blocks from anvil_mine_detailed (#3928)
• ece836a feat(eips): add EIP-7594 cell matching helpers (#3934)
• 0ff23ae feat(eips): add EIP-7594 sidecar cell helper (#3933)
• Additional commits viewable in compare view

Updates typenum from 1.19.0 to 1.20.0

Release notes

Sourced from typenum's releases.

v1.20.0

Commits

• 77b877d: remove deprecated features, replace build script with pre-generated tests (#237) (Cathal) #237
• 4d5f26b: Add tuple operations (#242) (grenewode) #242
• c755e2f: Version 1.20.0 (Paho Lurie-Gregg)

Changelog

Sourced from typenum's changelog.

1.20.0 (2026-04-18)

• [removed] Removed no_std feature flag (deprecated since 1.3.0)
• [removed] Removed force_unix_path_separator feature flag (deprecated since 1.17.0)
• [changed] Replaced build.rs script with pre-generated test files
• [added] Indexing into tuples
• [changed] MSRV now 1.41.0

Commits

• c755e2f Version 1.20.0
• 4d5f26b Add tuple operations (#242)
• 77b877d remove deprecated features, replace build script with pre-generated tests (#237)
• See full diff in compare view

Updates tauri-build from 2.5.5 to 2.6.2

Release notes

Sourced from tauri-build's releases.

tauri-build v2.6.2

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1090 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1088 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.55.0
    │   └── tauri-runtime-wry 2.11.2
    │       └── tauri 2.11.2
    │           ├── tauri-utils 2.9.2
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.11.2
    │           │   ├── tauri-runtime 2.11.2
    │           │   │   ├── tauri-runtime-wry 2.11.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-plugin 2.6.2
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-codegen 2.6.2
    │           │   │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri-build 2.6.2
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.11.2
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.11.2
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.9.2
    │           │   │   └── tauri-cli 2.11.2
    │           │   ├── tauri-build 2.6.2
</tr></table> 

... (truncated)

Commits

• 499df79 apply version updates (#15378)
• 20bb033 Revert "feat: add Windows VC runtime linking and bundling options (#15372)" (...
• b5b72ce fix(tauri-utils): preserve resource source file name when dest is empty (#15383)
• 3fd8ba2 fix: resources after empty directory not copied (#15388)
• 47e1b75 fix: set_as_windows_menu_for_nsapp command wrongly called `set_as_help_menu...
• eadd8f5 chore(deps-dev): bump svelte from 5.53.11 to 5.55.7 (#15382)
• 32d8166 feat: add Windows VC runtime linking and bundling options (#15372)
• b15b859 refactor: make error dialog take &'static str (#15369)
• 0e8e25f chore(deps): update dependency rollup to v4.60.3 (#15355)
• e5ae5b9 chore: fix changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
safe-lens-generator	Ready	Preview, Comment	May 25, 2026 7:30am