mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
4e880c7510a75b29d556bea33dbf57ed75409cae
5311
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
2c15044dfa | Snag/disable logo drag (#6393) | ||
|
|
31f6ea4b25 |
perf(frontend): stabilize hot-path context subscriptions to fix excessive rerenders (#6373)
## Summary
The frontend was rerendering excessively across many interactions —
typing, clicking tools, opening modals, toggling the sidebar — because
**multiple compounding ref-instability cascades defeated `memo()` checks
in hot paths**. This PR fixes the cascades structurally.
Seven focused commits, low-to-high blast radius:
1. `perf(contexts): memoize BannerContext provider value`
2. `perf(contexts): memoize CommentAuthor and ActiveDocument provider
values`
3. `perf(contexts): memoize AppConfigContext provider value`
4. `perf(useToolManagement): stop spreading tool entries to keep refs
stable` — **root-cause fix**
5. `refactor(ToolPicker): hoist module-scope styles and helpers`
6. `feat(ToolWorkflowContext): add ref-stable Actions and Data subset
contexts` — additive
7. `perf(tools): migrate hot consumers to slim contexts and wrap in
memo()`
(Plus `style: apply prettier formatting` for CI.)
## What was wrong
Whenever something high-up in the tree caused a render, a chain of
unstable references propagated downward and forced every `ToolButton` to
re-execute its full body (hooks, derived computations, hook
subscriptions to other contexts). The chain:
- **4 unstable Context providers** (`Banner`, `CommentAuthor`,
`ActiveDocument`, `AppConfig`) were passing fresh `value={{ … }}`
objects on every render. Every consumer rerendered on every ancestor
render.
- **`useToolManagement.toolRegistry`** spread `{...baseTool, name,
description}` — a no-op spread that manufactured a new tool object
identity on every memo recompute.
- **The big `ToolWorkflowContext`** (25+ fields including
`state.searchQuery`) rebuilt its entire value on every
keystroke/click/toggle, forcing every `useToolWorkflow()` consumer (~36
files) to rerender.
- **`useToolNavigation`** transitively subscribed every `ToolButton` to
the full workflow context.
- **`ToolButton` & `ToolPicker`** weren't `memo()`-wrapped, so nothing
checked.
- **`ToolPanel`** passed inline `onSelect={(id) =>
handleToolSelect(...)}` — fresh ref every render, defeats child
memoization.
- **`ToolPicker`** allocated inline styles / `[]` / `toTitleCase` inside
the function body — churned `useToolSections`'s internal memo.
## Interaction matrix — what improves
The PR fixes the underlying ref-stability problem; the same fix benefits
*every* interaction that previously triggered the cascade:
| Interaction | Before | After |
|---|---|---|
| **Typing in tool search** | All visible buttons rerender per keystroke
| Only buttons whose matched-text changes rerender |
| **Clicking a tool** | All 36 `useToolWorkflow()` consumers rerender |
Only previously-selected and newly-selected buttons rerender (via
`isSelected` prop) |
| **Toggling sidebar / panel mode / reader mode** | Every tool button
rerenders | Tool components stay still (slim context doesn't see UI
state) |
| **Switching workbench / navigation** | `handleToolSelect` identity
changes → cascades through `onSelect` props | Ref-stabilized in Actions
context. Identity stable. Children's memo bails |
| **Modal/dialog open/close** | AppConfig churns → every `useAppConfig`
consumer rerenders (ToolButton reads `premiumEnabled`) | AppConfig
memoized; consumers rerender only when config changes |
| **Banner show/hide** | BannerProvider value churns → every consumer
rerenders on any ancestor render | Memoized; AppLayout rerenders only
when banner content changes |
| **Any state update high in the tree** | Compounding cascade defeats
memo everywhere | Stable subscriptions; memo bails out |
## Evidence
Per-keystroke prop instability on `ToolButton` (cleanest measurable
signal, captured via custom memo comparators logging which prop refs
differ):
| | `tool` ref diffs | `onSelect` ref diffs | `matchedSynonym` value
diffs | Total |
|---|---|---|---|---|
| Before | 18 | 18 | 6 | **42** |
| After | 0 | 0 | 6 | **6 (all legitimate)** |
→ **86% reduction** in spurious per-keystroke prop instability. The 6
remaining matched-synonym diffs are correct (different substring
highlighted per keystroke).
Context value rebuild counts during a keystroke (verified with
instrumented `useMemo` factories): `useToolWorkflowData=0`,
`useToolWorkflowActions=0`, `AppConfigContext=0`.
The same stabilization applies to click/toggle/modal interactions — they
were all driven by the same cascading invalidations.
## Honest caveat on render-count metrics
`React.Profiler` counts and function-body execution counts in **dev
mode** came back identical before vs after (StrictMode + concurrent
rendering + Mantine internal commits dominate the numbers). The PR's
value is measured against the **prop-stability signal** above, not
Profiler counts. Production builds — where StrictMode doesn't
double-render and Mantine internals aren't constantly committing — will
show memo bail out properly.
## Risk × benefit
| # | Commit | Risk | Benefit |
|---|--------|------|---------|
| 1 | BannerContext memo | ⬛ Trivial | 🟦 Small |
| 2 | CommentAuthor + ActiveDocument memo | ⬛ Trivial | 🟦 Small |
| 3 | AppConfig memo | ⬛ Trivial | 🟦 Moderate (wide consumer base) |
| 4 | useToolManagement spread removal | ⬛ Trivial | 🟥 **High (root
cause)** |
| 5 | ToolPicker hoist | ⬛ Trivial | 🟦 Small |
| 6 | ToolWorkflowContext split | 🟧 Low-Med | 🟥 **High (foundation)** |
| 7 | Hot consumer migration + memo | 🟧 Low-Med | 🟥 **High
(actualization)** |
Commit 6 introduces an invariant: ref-stabilized callbacks in the
Actions context must only be invoked from event handlers (post-commit),
never during render. All current call sites comply.
## Test plan
- [x] `npx playwright test --project=stubbed` — 145 / 6 skipped / 0
failed before and after.
- [x] Targeted regression: `main-dashboard`, `tool-search`, `navigation`
— 11/11 passing.
- [x] CI passing on commits (one infrastructure flake on
`docker-compose-tests` — "No space left on device" — unrelated;
rerunning).
- [ ] Manual sanity check in a dev build after merge.
## What this enables
The same Actions + Data subset-context pattern can be applied to
`FileContext`, `NavigationContext`, and other big contexts. The
foundation is in place.
|
||
|
|
f9fbc37800 | add translations (#6390) | ||
|
|
6b9567cf38 |
Split and delete forms (#6277)
Delete orphaned forms when removing pages and maintain forms correctly when splitting --------- Co-authored-by: ConnorYoh <[email protected]> |
||
|
|
c731d5fd5d |
UI redesign staging (#6149)
Co-authored-by: Reece Browne <[email protected]> Co-authored-by: James Brunton <[email protected]> |
||
|
|
beb99e273b |
Improve edit agent's knowledge of tools (#6356)
# Description of Changes Give Edit Agent access to descriptions of the request from the Java API. This opens the door to us better documenting our Java APIs to give the stirling engine better knowledge of what the various tools are and how to use them. Also improves the tool selection sub-agent to get the tool parameters and descriptions so it can more intelligently decide which operations should be used to fulfil the user's request. Also provides it more encouragement to string together multiple operations if necessary. |
||
|
|
ece1bb6865 |
Feature/pdf to markdown agent (#6271)
Co-authored-by: James Brunton <[email protected]> |
||
|
|
5b9ef852ab |
ci: remove frontend validation PR comment after successful check (#6360)
# Description of Changes - Added a GitHub Actions step to remove the frontend validation check comment when the frontend check succeeds on pull requests. - The step searches for an existing PR comment containing the `<!-- frontend-check -->` marker and deletes it if found. - The change was made to keep pull request discussions clean by removing stale frontend check comments once the validation passes. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have run `task check` to verify linters, typechecks, and tests pass - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing) for more details. |
||
|
|
672e81d286 |
Add ability for Stirling engine to reason across large documents (#6314)
# Description of Changes Adds storage in the database for full document content alongside the RAG content (and changes the service to `DocumentService` instead of `RagService`). Then adds a generic capability that should be usable by any agent (currently just used by the Question Agent) which allows the agent to pull out the full contents of the doc, chunks it into various sections that will fit in the context window, and then processes them in parallel to create an intermediate result, and then processes the intermediate result into a final answer. It will re-chunk as many times as necessary to get the content small enough for the actual answer to be analysed (I've tested on PDFs ~3500 pages long, which is well above the context limit and requires maybe 3 rounds of compression to get an answer). The new full doc analysis stuff is heavier than the RAG lookup so both remain. The agents should use RAG for targeted info and the chunked reasoner for info that requires reading the full doc. |
||
|
|
8abe734f0b |
Fix main frontend validation (#6361)
# Description of Changes #6312 reformatted `tauri.conf.json` via the Gradle script, which reformats the entire file to not match the Prettier style. This PR reformats the file back to Prettier format and changes the script to update the version number without reformatting the entire file. To be honest I'm not a huge fan of updating the version number with regexes but it'd be a fool's errand to try and get Gradle to output JSON in Prettier format, and this seems simpler than shelling out to run Prettier over the file after the version string has been updated. Any better ideas, let me know. |
||
|
|
8a59c10f42 |
Update Backend 3rd Party Licenses (#6312)
Auto-generated by stirlingbot[bot] This PR updates the backend license report based on dependency changes. --------- Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
d62f2ad3ed |
unoserver docker (#6328)
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have run `task check` to verify linters, typechecks, and tests pass - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing) for more details. |
||
|
|
f60a075443 |
Add Playwright/bootRun/test.sh tasks (#6244)
## Description Consolidates Playwright running under cohesive Task namespaces, isolates Playwright state from the developer's local working tree, and swaps CI's frontend webserver from `vite` dev to `vite preview` against a pre-built `dist/`. ### `e2e:*` namespace Renames `.taskfiles/testing.yml` to `.taskfiles/e2e.yml` and consolidates everything Playwright-related under one `e2e:` namespace: - `e2e:stubbed` / `e2e:live` / `e2e:enterprise` / `e2e:cross-browser`: project-specific runners - `e2e:check` (no-Docker subset) and `e2e:check:all` (full) - `e2e:oauth:up` / `:down`, `e2e:saml:up` / `:down`: symmetric lifecycle for the keycloak compose stacks - `e2e:install`: Playwright browser install - `docker:test`: full Docker integration suite The redundant `frontend:test:e2e:*` project shortcuts are removed. CI workflows (`e2e-stubbed.yml`, `e2e-live.yml`, `build-enterprise.yml`, `nightly.yml`) are updated to call the new task names. ### Isolated Playwright state New `STIRLING_BASE_PATH` (and `-Dstirling.base-path=`) override in `InstallationPathConfig` redirects the entire state tree (configs, backups, customFiles, pipeline, logs) at startup. `task e2e:live` points it at `.test-state/playwright/` (purged on every invocation) so the suite never touches the developer's local DB, settings.yml or backups. `task e2e:live` auto-spawns gradle, waits for `/api/v1/info/status` to come up, runs Playwright, then tears down the whole backend process tree. ### CI runs Playwright against `vite preview` Builds the frontend up-front with `VITE_BUILD_FOR_PREVIEW=1` (forces absolute base so deep SPA routes resolve `/assets/...`) and the playwright `webServer` now uses `vite preview --port 5173 --strictPort` in CI. Avoids the per-page on-demand transform cost that was blowing the 30s navigation timeout under `--workers=3` on `all-tool-pages-load.spec.ts`. Local dev keeps `vite` dev for HMR. ### OAuth/SAML compose helpers `start-oauth-test.sh` and `start-saml-test.sh` gain a `--license-key <KEY>` (`-k`) flag so CI and scripted runs can skip the interactive license prompt. `start-oauth-test.sh` also moves from `for arg in "$@"` to a `while`-with-`shift` arg loop to support multi-arg flags consistently with the SAML script. ### Backend gradlew unification Drops the per-platform `cmd /c gradlew.bat` branches from `backend.yml` and routes every gradle invocation through `bash gradlew`. Works uniformly on Linux/macOS and Windows-with-Git-Bash. ### Compare.tsx flake fix (re-land of [#6316](https://github.com/Stirling-Tools/Stirling-PDF/pull/6316)) Piggybacks Anthony's never-merged fix from #6316. Without it, `e2e:stubbed` continues to flake under `--workers=3` on `compare.spec.ts`'s second-upload case via a React "Maximum update depth exceeded" infinite loop in the Compare auto-fill effect. CI traces from recent failed runs match exactly; 10 local runs of `compare.spec.ts` with `CI=1 --workers=3` pass cleanly with the fix applied. --------- Co-authored-by: James Brunton <[email protected]> |
||
|
|
c059e13423 |
Fix desktop app overscrolling inappropriately (#6350)
# Description of Changes Fix #6348 |
||
|
|
575684ee4b |
Add edit text support to stirling engine (#6245)
# Description of Changes Hooks up the (alpha) PDF Editor backend to the AI engine Edit Agent via an intermediary API which is easier for the agent to call. It suffers from all the same issues that the PDF Editor does in actually editing the text, but should also benefit from any fixes to that. It also adds protection against the underlying tools misbehaving by hanging, and fixes a hanging bug in the PDF Editor. --------- Co-authored-by: EthanHealy01 <[email protected]> |
||
|
|
294b616a63 |
build(deps): bump org.springframework.boot:spring-boot-dependencies from 4.0.5 to 4.0.6 (#6337)
Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 4.0.5 to 4.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v4.0.6</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50188">#50188</a></li> <li>Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50187">#50187</a></li> <li>ApplicationPidFileWriter does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50185">#50185</a></li> <li>RandomValuePropertySource is not suitable for secrets <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50183">#50183</a></li> <li>Cassandra auto-configuration misconfigures CqlSessionBuilder <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50180">#50180</a></li> <li>ApplicationTemp does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50178">#50178</a></li> <li>Remote DevTools performs comparison incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50176">#50176</a></li> <li>spring.rabbitmq.ssl.verify-hostname is applied inconsistently <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50174">#50174</a></li> <li>Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50077">#50077</a></li> <li>Classic starters are missing several modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50071">#50071</a></li> <li>Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic <a href="https://redirect.github.com/spring-projects/spring-boot/pull/50069">#50069</a></li> <li>Annotations like <code>@Ssl</code> don't work on <code>@Bean</code> methods when using <code>@ServiceConnection</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50064">#50064</a></li> <li>EnversRevisionRepositoriesRegistrar should reuse <code>@EnableEnversRepositories</code> rather than configuring the JPA counterpart <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50039">#50039</a></li> <li>WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50017">#50017</a></li> <li>Imports on a containing test class are ignored when a nested class has imports <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50012">#50012</a></li> <li>With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49951">#49951</a></li> <li>500 response from env endpoint when supplied pattern is invalid <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49946">#49946</a></li> <li>Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49945">#49945</a></li> <li>HTTP method is lost when configuring excludes in EndpointRequest <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49943">#49943</a></li> <li>Honor HttpMethod for reactive additional endpoint paths <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49880">#49880</a></li> <li>Docker Compose support doesn't work with apache/artemis image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49869">#49869</a></li> <li>Docker Compose support doesn't work with apache/activemq image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49866">#49866</a></li> <li>Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49854">#49854</a></li> <li>API versioning path strategy should be applied path last as it is not meant to yield <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49800">#49800</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Update docs to encourage Java fundamentals for beginners that prefer to learn that way <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50146">#50146</a></li> <li>HTTP Service Interface Clients still document that API versioning can be configured via properties <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50126">#50126</a></li> <li>Link to the observability section of the Lettuce documentation is broken <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50097">#50097</a></li> <li>Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50085">#50085</a></li> <li>MySamlRelyingPartyConfiguration is missing a Kotlin sample <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50024">#50024</a></li> <li>Incorrect default value for management.httpexchanges.recording.include in configuration metadata <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50019">#50019</a></li> <li>Link to the Kubernetes documentation when discussing startup probes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50015">#50015</a></li> <li>Typo in JdbcSessionAutoConfiguration Javadoc <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49873">#49873</a></li> <li>Clarify that configuration property default values are not available through the Environment <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49851">#49851</a></li> <li>Document the need for Liquibase and Flyway starters <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49839">#49839</a></li> <li>Kafka documentation refers to deprecated JSON serializer and deserializer classes <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49826">#49826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Elasticsearch Client 9.2.8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50027">#50027</a></li> <li>Upgrade to Groovy 5.0.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49911">#49911</a></li> <li>Upgrade to Hibernate 7.2.12.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50134">#50134</a></li> <li>Upgrade to Jackson Bom 3.1.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50051">#50051</a></li> <li>Upgrade to <a href="https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1">Jaxen 2.0.1</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50104">#50104</a></li> <li>Upgrade to <a href="https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5">Jaybird 6.0.5</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49914">#49914</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8821ad2cd381bb4b9615a61479e1de7305a8ba39"><code>8821ad2</code></a> Release v4.0.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9e4048a03f17adfe78057a3c4d5b4693305c0ae0"><code>9e4048a</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/20bb11c3984802990572ddbeae8b66885a8f2462"><code>20bb11c</code></a> Next development version (v3.5.15-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/98daa8ea30f39a5b0ca6768b5cbc2dc8698ef4e1"><code>98daa8e</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7"><code>9dc5aa2</code></a> Polish</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/874f6294b91da18367b8b5ab7b2fad3fa23cfba6"><code>874f629</code></a> Fix default security with actuator but without health</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e41b3bf731d1134bc18ec1f68ac01e0fe1c54923"><code>e41b3bf</code></a> Enable hostname verification for SSL connections to Elasticsearch</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ef8527bb0ef8f564f4f9c57a7be99a7aa96c6ab0"><code>ef8527b</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d"><code>f533a45</code></a> Do not follow symlinks when writing PID file</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4a7bd332b6d19fef1aa4cf28434985f2b03a2e0f"><code>4a7bd33</code></a> Merge branch '3.5.x' into 4.0.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v4.0.5...v4.0.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f61121953e |
fix: replace deprecated payload too large status (#6336)
# Description of Changes - Replaced the deprecated `HttpStatus.PAYLOAD_TOO_LARGE` usage with `HttpStatus.CONTENT_TOO_LARGE` in `GlobalExceptionHandler` - Updated the upload-size exception response creation and response status to use the newer HTTP 413 enum - Updated related unit tests to assert `HttpStatus.CONTENT_TOO_LARGE` - The change was made to avoid using the deprecated Spring HTTP status enum while keeping the returned status code behavior unchanged --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have run `task check` to verify linters, typechecks, and tests pass - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing) for more details. |
||
|
|
8645280ee5 |
build(deps): bump reportlab from 4.4.10 to 4.5.0 in /testing/cucumber (#6338)
Bumps [reportlab](https://www.reportlab.com/) from 4.4.10 to 4.5.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bd50e2e59d |
build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 in /app/core (#6344)
Bumps commons-io:commons-io from 2.21.0 to 2.22.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
77abaf5de5 |
build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#6349)
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.5</h2> <h2>What's Changed</h2> <ul> <li>Update ts-http-runtime dependency by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1747">actions/cache#1747</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.5">https://github.com/actions/cache/compare/v5...v5.0.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.4</h3> <ul> <li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li> <li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li> <li>Bump <code>fast-xml-parser</code> to v5.5.6</li> </ul> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/[email protected]</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae"><code>27d5ce7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1747">#1747</a> from actions/yacaovsnc/update-dependency</li> <li><a href="https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd"><code>f280785</code></a> licensed changes</li> <li><a href="https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7"><code>619aeb1</code></a> npm run build generated dist files</li> <li><a href="https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6"><code>bcf16c2</code></a> Update ts-http-runtime to 0.3.5</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
503a81be50 |
build(deps): bump KSXGitHub/github-actions-deploy-aur from 4.1.2 to 4.1.3 (#6347)
Bumps [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) from 4.1.2 to 4.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ksxgithub/github-actions-deploy-aur/releases">KSXGitHub/github-actions-deploy-aur's releases</a>.</em></p> <blockquote> <h2>v4.1.3</h2> <p>There is a bug in <code>runuser</code> that converts all <code>-c</code> (even after <code>--</code>) into <code>--command</code> which <code>bash</code> doesn't recognize. This release removes the <code>-c</code> flag entirely, bash would execute <code>/build.sh</code> as if it's a file. Hopefully, the behavior preserves. If not, maybe just switch to <code>su</code> or <code>sudo</code>.</p> <p>Relevant PR: <a href="https://redirect.github.com/KSXGitHub/github-actions-deploy-aur/pull/51">KSXGitHub/github-actions-deploy-aur#51</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/da03e160361ce01bf087e790b6ffd196d7dccff7"><code>da03e16</code></a> fix: <code>bash: --command: invalid option</code> (<a href="https://redirect.github.com/ksxgithub/github-actions-deploy-aur/issues/51">#51</a>)</li> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/3b403c740ae5e446b747b45451ec68665428dab1"><code>3b403c7</code></a> docs(readme): use the GitHub's note syntax</li> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/e17cd797381bddd766236d808302398b090398d2"><code>e17cd79</code></a> docs(readme): remove patreon</li> <li>See full diff in <a href="https://github.com/ksxgithub/github-actions-deploy-aur/compare/v4.1.2...v4.1.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
67fc5c70b9 |
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#6343)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.35.3</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>4.35.2 - 15 Apr 2026</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul> <h2>4.35.1 - 27 Mar 2026</h2> <ul> <li>Fix incorrect minimum required Git version for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li> </ul> <h2>4.35.0 - 27 Mar 2026</h2> <ul> <li>Reduced the minimum Git version required for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> from 2.38.0 to 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li> </ul> <h2>4.34.1 - 20 Mar 2026</h2> <ul> <li>Downgrade default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a> due to issues with a small percentage of Actions and JavaScript analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li> </ul> <h2>4.34.0 - 20 Mar 2026</h2> <ul> <li>Added an experimental change which disables TRAP caching when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li> <li>We are rolling out improved incremental analysis to C/C++ analyses that use build mode <code>none</code>. We expect this rollout to be complete by the end of April 2026. <a href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li> </ul> <h2>4.33.0 - 16 Mar 2026</h2> <ul> <li>Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. <a href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7"><code>e46ed2c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3867">#3867</a> from github/update-v4.35.3-8c6e48dbe</li> <li><a href="https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a"><code>b73d1d1</code></a> Add changelog entry for <a href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a></li> <li><a href="https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b"><code>24e0bb0</code></a> Reorder changelog entries</li> <li><a href="https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62"><code>ec298da</code></a> Update changelog for v4.35.3</li> <li><a href="https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46"><code>8c6e48d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3865">#3865</a> from github/update-bundle/codeql-bundle-v2.25.3</li> <li><a href="https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2"><code>7190983</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445"><code>2bb2095</code></a> Update default bundle to codeql-bundle-v2.25.3</li> <li><a href="https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698"><code>7851e55</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3850">#3850</a> from github/mbg/private-registry/cloudsmith-gcp</li> <li><a href="https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751"><code>262a15f</code></a> Add generic non-printable chars test for OIDC configs</li> <li><a href="https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd"><code>a6109b1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a> from github/mbg/start-proxy/improved-checks</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...e46ed2cbd01164d986452f91f178727624ae40d7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1e6514a471 |
build(deps): bump org.projectlombok:lombok from 1.18.44 to 1.18.46 (#6342)
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.44 to 1.18.46. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown">org.projectlombok:lombok's changelog</a>.</em></p> <blockquote> <h3>v1.18.46 (April 22nd, 2026)</h3> <ul> <li>PLATFORM: JDK26 support added <a href="https://redirect.github.com/projectlombok/lombok/issues/4019">#4019</a>.</li> <li>PLATFORM: Spring Tools Suite 5 supported <a href="https://redirect.github.com/projectlombok/lombok/issues/3985">#3985</a>.</li> <li>BUGFIX: <code>@Jacksonized</code> no longer stops generating <code>@JsonProperty</code> once an explicit <code>@JsonIgnore</code> annotations is encountered <a href="https://redirect.github.com/projectlombok/lombok/issues/4022">#4022</a>.</li> <li>BUGFIX: In eclipse, mixing <code>@Jacksonized</code> and <code>fluent = true</code> no longer causes the error <code>com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface</code>. <a href="https://redirect.github.com/projectlombok/lombok/issues/3934">#3934</a>.</li> <li>BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 <a href="https://redirect.github.com/projectlombok/lombok/issues/4004">#4004</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/projectlombok/lombok/commit/936ca59baf844fd6c0ad641974295498785d8091"><code>936ca59</code></a> [build] lombok's launcher is still intended to be 1.4 compatible, or at least...</li> <li><a href="https://github.com/projectlombok/lombok/commit/fcdab3f29e1b48c8f4b33ef9231ec2587a43d122"><code>fcdab3f</code></a> [version] pre-release version bump</li> <li><a href="https://github.com/projectlombok/lombok/commit/1cb7d49c5d2dc98af7a66413d8119dec285d0666"><code>1cb7d49</code></a> [changelog]<a href="https://redirect.github.com/projectlombok/lombok/issues/4004">#4004</a> Mention Jackson3 final touches in changelog.</li> <li><a href="https://github.com/projectlombok/lombok/commit/12a15b00555ec8097eca2bf7d77c2c2124e13e0e"><code>12a15b0</code></a> Fix: Bump EA_JDK to 27 (25 and 26 have been released)</li> <li><a href="https://github.com/projectlombok/lombok/commit/2be766cfc2ef56f2d986f28f734c98535d611aee"><code>2be766c</code></a> Merge branch 'jackson3-final-touches'</li> <li><a href="https://github.com/projectlombok/lombok/commit/290fa4c8539c7e97b47f7e80033e078127050eb5"><code>290fa4c</code></a> [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...</li> <li><a href="https://github.com/projectlombok/lombok/commit/e6567b6621f86b43033ab4a75e0273780e18e998"><code>e6567b6</code></a> test: Add Jackson 3 test cases and version ambiguity warnings</li> <li><a href="https://github.com/projectlombok/lombok/commit/45e72e241abe98dcfb66408402da825dd2b8e925"><code>45e72e2</code></a> feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists</li> <li><a href="https://github.com/projectlombok/lombok/commit/184d42363d86446a63b6270ac1eb352dc43ae76c"><code>184d423</code></a> feat: Add Jackson 3 support to <a href="https://github.com/Jacksonized"><code>@Jacksonized</code></a> handlers</li> <li><a href="https://github.com/projectlombok/lombok/commit/e027ad0f1515bd33d4d329d90e59dccbaf44651e"><code>e027ad0</code></a> refactored to ShadowClassLoader use Collections::enumeration instead of Vector</li> <li>Additional commits viewable in <a href="https://github.com/projectlombok/lombok/compare/v1.18.44...v1.18.46">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c4874deb5d |
build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#6341)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.19.1</h2> <h2>What's Changed</h2> <ul> <li>fix: detect ubuntu-slim runners early and bail out by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/657">step-security/harden-runner#657</a></li> </ul> <p>What the fix changes</p> <ul> <li>Harden-Runner will detect <code>ubuntu-slim</code> runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.</li> </ul> <p>What the fix does not do</p> <ul> <li>Jobs running on <code>ubuntu-slim</code> will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).</li> <li>Per GitHub's docs on <a href="https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners">single-CPU runners</a>: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.</li> </ul> <p>For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of <code>ubuntu-slim</code> via workflow run policies see the <a href="https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy">Runner Label Policy</a> docs. This lets you enforce that jobs only run on monitored runner types.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/devantler"><code>@devantler</code></a> made their first contribution in <a href="https://redirect.github.com/step-security/harden-runner/pull/657">step-security/harden-runner#657</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1">https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450"><code>a5ad31d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/657">#657</a> from devantler/fix/ubuntu-slim-user-env</li> <li><a href="https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c"><code>6e92856</code></a> build dist and trim ubuntu-slim message</li> <li><a href="https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209"><code>4e0504e</code></a> Merge branch 'main' into fix/ubuntu-slim-user-env</li> <li><a href="https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3"><code>376d25a</code></a> fix: detect ubuntu-slim runners early and bail out</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4ee47fdddd | Fix Task commands in Powershell (#6330) | ||
|
|
270af912d4 | Fix frontend download links pointing to split Mac binaries (#6325) | ||
|
|
efd2ed754c | Enhance automate to have import and export buttons (#6326) | ||
|
|
6730ad7cbb |
Desktop: persist auth token to disk when Credential Manager is restricted (#6303)
Co-authored-by: James Brunton <[email protected]> |
||
|
|
8fb9fced35 | Convert to building a universal Mac app (#6302) | ||
|
|
ed56490f93 |
Fix move button on multitool (#6291)
Hitting move button twice on multitool didn't work --------- Co-authored-by: EthanHealy01 <[email protected]> |
||
|
|
c892b985e2 |
build(deps): bump springSecuritySamlVersion from 7.0.4 to 7.0.5 (#6255)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
95c39b4648 |
Fix missing desktop save indicator on files (#6310)
# Description of Changes Save indicator stopped showing up after #6050, which fixed the missing truncation on filenames, but accidentally bypassed the save indicator component at the same time. This PR puts the component back in and makes it support truncation so we can have both. <img width="586" height="166" alt="image" src="https://github.com/user-attachments/assets/529c3dcb-ee00-4a6d-ae53-ef8657204369" /> |
||
|
|
44f2d0d679 |
build(deps): bump the embedpdf group across 1 directory with 23 updates (#6299)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1a63aa045e |
build(deps): bump the tauri group across 1 directory with 7 updates (#6305)
Bumps the tauri group with 5 updates in the /frontend/src-tauri directory: | Package | From | To | | --- | --- | --- | | [tauri](https://github.com/tauri-apps/tauri) | `2.10.2` | `2.10.3` | | [tauri-plugin-fs](https://github.com/tauri-apps/plugins-workspace) | `2.4.5` | `2.5.0` | | [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace) | `2.6.0` | `2.7.0` | | [tauri-plugin-http](https://github.com/tauri-apps/plugins-workspace) | `2.5.7` | `2.5.8` | | [tauri-plugin-single-instance](https://github.com/tauri-apps/plugins-workspace) | `2.4.0` | `2.4.1` | Updates `tauri` from 2.10.2 to 2.10.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri v2.10.3</h2> <!-- raw HTML omitted --> <pre><code>Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 941 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1052 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.54.0 │ └── tauri-runtime-wry 2.10.1 │ └── tauri 2.10.3 │ ├── tauri-utils 2.8.3 │ │ ├── tauri-schema-generator 0.0.0 │ │ ├── tauri-runtime-wry 2.10.1 │ │ ├── tauri-runtime 2.10.1 │ │ │ ├── tauri-runtime-wry 2.10.1 │ │ │ └── tauri 2.10.3 │ │ ├── tauri-plugin 2.5.4 │ │ │ ├── tauri-plugin-sample 0.1.0 │ │ │ │ └── api 0.1.0 │ │ │ └── tauri-plugin-log 2.6.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-macros 2.5.5 │ │ │ └── tauri 2.10.3 │ │ ├── tauri-codegen 2.5.5 │ │ │ ├── tauri-macros 2.5.5 │ │ │ └── tauri-build 2.5.6 │ │ │ ├── tauri-file-associations-demo 0.1.0 │ │ │ ├── tauri 2.10.3 │ │ │ ├── resources 0.1.0 │ │ │ ├── bench_helloworld 0.1.0 │ │ │ ├── bench_files_transfer 0.1.0 │ │ │ ├── bench_cpu_intensive 0.1.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-cli 2.10.1 │ │ │ └── tauri-cli-node 0.0.0 │ │ ├── tauri-bundler 2.8.1 │ │ │ └── tauri-cli 2.10.1 │ │ ├── tauri-build 2.5.6 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/9b17a7aeae9a83222ffe829aa4e2d8a5ba6bed8c"><code>9b17a7a</code></a> fix(ci): bump rustsec/audit-check to v2 and ignore time audit (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15030">#15030</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/d86827980d45826bb30749a3dbc11c9326ed8bd9"><code>d868279</code></a> apply version updates (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14897">#14897</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/3a65cc6885ea61e35dc5be23b229043ab6e92372"><code>3a65cc6</code></a> fix(test): disable <code>resolve_resource_dir</code> on Android (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15026">#15026</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/52cf195b78e0b78f02d8aae997116c620355b095"><code>52cf195</code></a> refactor(cli): reduce some nesting code (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14844">#14844</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/c3cbff3f7430161715f80f82128b345a6f7140c9"><code>c3cbff3</code></a> fix: resource path handles <code>./</code> path differently (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14662">#14662</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/33754ae5e3740d022483b6164511c5c001a3c24b"><code>33754ae</code></a> fix(cli): unusable empty password private keys (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15022">#15022</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/3935dee121e1dcb4f377c9933233c0ace186b0bb"><code>3935dee</code></a> Add AI tool policy to contributing guide (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15002">#15002</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/33932a72b27c970dde242da5241f7a340277507d"><code>33932a7</code></a> chore(deps-dev): bump svelte from 5.51.5 to 5.53.5 (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15015">#15015</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/7d3c7593a9d41ac1cc7f72e959263f22d32bc61d"><code>7d3c759</code></a> chore(deps): update dependency rollup to v4.59.0 (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15001">#15001</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/f20256bca542dfd6ba4b5e2741a6a9439cc57be8"><code>f20256b</code></a> chore: fix clippy warnings (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14999">#14999</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/tauri-v2.10.2...tauri-v2.10.3">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-fs` from 2.4.5 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-fs's releases</a>.</em></p> <blockquote> <h2>dialog-js v2.5.0</h2> <h2>[2.5.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/dff6fa986a9a05ba98b6ca660fea78ae97251fc2"><code>dff6fa98</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3034">#3034</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../onehumandev"><code>@onehumandev</code></a>) Add <code>pickerMode</code> option to file picker (currently only used on iOS)</li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <h3>feat</h3> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c23fa03f07d5c1c220bcf0bca482364513e3f754"><code>c23fa03f</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3098">#3098</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Lepidopteran"><code>@Lepidopteran</code></a>) Add <code>xdg-portal</code> as an optional feature for <code>rfd</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 3.5kB README.md npm notice 6.4kB dist-js/index.cjs npm notice 12.2kB dist-js/index.d.ts npm notice 6.3kB dist-js/index.js npm notice 11B dist-js/init.d.ts npm notice 656B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-dialog npm notice version: 2.5.0 npm notice filename: tauri-apps-plugin-dialog-2.5.0.tgz npm notice package size: 5.8 kB npm notice unpacked size: 30.0 kB npm notice shasum: 52057077b52cc51643ac9829d48c2c590e5e1a54 npm notice integrity: sha512-I0R0ygwRd9AN8[...]lxPHD5vDcFjiA== npm notice total files: 7 npm notice npm notice Security Notice: Classic tokens have been revoked. Granular tokens are now limited to 90 days and require 2FA by default. Update your CI/CD workflows to avoid disruption. Learn more https://gh.io/all-npm-classic-tokens-revoked npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=804721691 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d6a3898001a4bcc659e045f9501498751b77dbe6"><code>d6a3898</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3268">#3268</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2e5bcdf202f98ec0fb0481725dd32f0626c766c8"><code>2e5bcdf</code></a> chore(deps): fix audits (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3373">#3373</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4374b4fc1a9a7c0506034d86707fd3288d347f9b"><code>4374b4f</code></a> chore(notification): remove unused dev-deps (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3372">#3372</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/f75d21db3351d6f12adf585c2c797c20ece94f7f"><code>f75d21d</code></a> chore(deps): remove used of tauri-utils build feature (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3360">#3360</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4b95f5e079593d5b2b98220c332f420dc70d18d1"><code>4b95f5e</code></a> chore(deps): update dependency eslint to v10.1.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3357">#3357</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/99c3e37b54c115e8712f67c2b53ed1f2f0b4aae6"><code>99c3e37</code></a> chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3352">#3352</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/eaac19a5b7e325a06d4c1c6d740e38d86c55cd89"><code>eaac19a</code></a> chore(deps): update rust crate tar to v0.4.45 [security] (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3353">#3353</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5183e314cbabc179228e232992ad67025f30272d"><code>5183e31</code></a> chore(deps): update dependency typescript-eslint to v8.57.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3344">#3344</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2c0883e64e9a53ea18102ed350cd5e65ba7c8f4b"><code>2c0883e</code></a> chore(deps): update dependency vite to v8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3346">#3346</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/024ec0c29c20cf94579dab9b79d6be0da61a8daa"><code>024ec0c</code></a> fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/fs-v2.4.5...fs-v2.5.0">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-dialog` from 2.6.0 to 2.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-dialog's releases</a>.</em></p> <blockquote> <h2>dialog-js v2.7.0</h2> <h2>[2.7.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/24154472a6710a690173df0a121125d1f1b871e8"><code>24154472</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3287">#3287</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Re-use <code>message</code> command in Rust side for <code>ask</code> and <code>confirm</code> commands, <code>allow-ask</code> and <code>allow-confirm</code> permissions are now aliases to <code>allow-message</code></li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 3.5kB README.md npm notice 6.9kB dist-js/index.cjs npm notice 14.6kB dist-js/index.d.ts npm notice 6.8kB dist-js/index.js npm notice 11B dist-js/init.d.ts npm notice 657B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-dialog npm notice version: 2.7.0 npm notice filename: tauri-apps-plugin-dialog-2.7.0.tgz npm notice package size: 6.7 kB npm notice unpacked size: 33.3 kB npm notice shasum: b510ecd42d9900725eaf51f42ec98523c40d29b4 npm notice integrity: sha512-4nS/hfGMGCXiA[...]RtrKXkANKDHvw== npm notice total files: 7 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993203 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>dialog v2.7.0</h2> <h2>[2.7.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/24154472a6710a690173df0a121125d1f1b871e8"><code>24154472</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3287">#3287</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Re-use <code>message</code> command in Rust side for <code>ask</code> and <code>confirm</code> commands, <code>allow-ask</code> and <code>allow-confirm</code> permissions are now aliases to <code>allow-message</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/51b430be986ed98635c02ba504f6f30a35771c01"><code>51b430b</code></a> ci: delete .changes/updater-new-bundle-support.md</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/fd439b143e265fc3ab4de435d6d4b641cffc66f1"><code>fd439b1</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2964">#2964</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2522b71f6bcae65c03b24415eb9295c9e7c84ffc"><code>2522b71</code></a> fix(deep-link): revert the breaking change introduced by <a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2928">#2928</a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2970">#2970</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/9021a732474322073769c1b21f6eee2e4b0dd15e"><code>9021a73</code></a> chore(deps): update dependency rollup to v4.50.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2966">#2966</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/625bb1c0965394b88522643731f78ccbcca84add"><code>625bb1c</code></a> feat(log): re-export the log crate (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2965">#2965</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6215afe0239f815740a2c28150614ca4fef0b486"><code>6215afe</code></a> chore(deps): update dependency rollup to v4.49.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2962">#2962</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/8cf8eeab02efddd4e44e3bba92b33902a8c00956"><code>8cf8eea</code></a> feat(updater): inject bundle_type into endpoint url (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2960">#2960</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/509eba8d441c4f6ecf0af77b572cb2afd69a752d"><code>509eba8</code></a> feat: support message dialogs with 3 buttons (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2641">#2641</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/9ac5fe84e704ef20c437456cb1017b54b101b333"><code>9ac5fe8</code></a> feat(updater): support bundle-specific targets (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2624">#2624</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c24741031993894929a9ed00972ff9f6cd9540be"><code>c247410</code></a> chore(deps): update dependency typescript-eslint to v8.41.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2956">#2956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/log-v2.6.0...log-v2.7.0">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-http` from 2.5.7 to 2.5.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-http's releases</a>.</em></p> <blockquote> <h2>http-js v2.5.8</h2> <h2>[2.5.8]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/29712892526cfc2d35c9002e0a56925084ae1b73"><code>29712892</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3252">#3252</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../NVolcz"><code>@NVolcz</code></a>) Correct Response header initialization to support cloning and ensure Set-Cookie visibility.</li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 2.6kB README.md npm notice 7.1kB dist-js/index.cjs npm notice 2.4kB dist-js/index.d.ts npm notice 7.0kB dist-js/index.js npm notice 655B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-http npm notice version: 2.5.8 npm notice filename: tauri-apps-plugin-http-2.5.8.tgz npm notice package size: 5.1 kB npm notice unpacked size: 20.5 kB npm notice shasum: a6e638fd0d1b17563ef0c53745373c0b1eb50260 npm notice integrity: sha512-oxd7oypzQeu8k[...]hKUbhuKWcunRw== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993387 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>http v2.5.8</h2> <h2>[2.5.8]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/29712892526cfc2d35c9002e0a56925084ae1b73"><code>29712892</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3252">#3252</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../NVolcz"><code>@NVolcz</code></a>) Correct Response header initialization to support cloning and ensure Set-Cookie visibility.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d6a3898001a4bcc659e045f9501498751b77dbe6"><code>d6a3898</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3268">#3268</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2e5bcdf202f98ec0fb0481725dd32f0626c766c8"><code>2e5bcdf</code></a> chore(deps): fix audits (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3373">#3373</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4374b4fc1a9a7c0506034d86707fd3288d347f9b"><code>4374b4f</code></a> chore(notification): remove unused dev-deps (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3372">#3372</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/f75d21db3351d6f12adf585c2c797c20ece94f7f"><code>f75d21d</code></a> chore(deps): remove used of tauri-utils build feature (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3360">#3360</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4b95f5e079593d5b2b98220c332f420dc70d18d1"><code>4b95f5e</code></a> chore(deps): update dependency eslint to v10.1.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3357">#3357</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/99c3e37b54c115e8712f67c2b53ed1f2f0b4aae6"><code>99c3e37</code></a> chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3352">#3352</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/eaac19a5b7e325a06d4c1c6d740e38d86c55cd89"><code>eaac19a</code></a> chore(deps): update rust crate tar to v0.4.45 [security] (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3353">#3353</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5183e314cbabc179228e232992ad67025f30272d"><code>5183e31</code></a> chore(deps): update dependency typescript-eslint to v8.57.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3344">#3344</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2c0883e64e9a53ea18102ed350cd5e65ba7c8f4b"><code>2c0883e</code></a> chore(deps): update dependency vite to v8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3346">#3346</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/024ec0c29c20cf94579dab9b79d6be0da61a8daa"><code>024ec0c</code></a> fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/http-v2.5.7...http-v2.5.8">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-single-instance` from 2.4.0 to 2.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-single-instance's releases</a>.</em></p> <blockquote> <h2>store-js v2.4.1</h2> <h2>[2.4.1]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/93426f85120f49beb9f40222bff45185a32d54a9"><code>93426f85</code></a> Fixed an issue that caused docs.rs builds to fail. No user facing changes.</li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 4.4kB README.md npm notice 6.6kB dist-js/index.cjs npm notice 8.5kB dist-js/index.d.ts npm notice 6.4kB dist-js/index.js npm notice 711B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-store npm notice version: 2.4.1 npm notice filename: tauri-apps-plugin-store-2.4.1.tgz npm notice package size: 5.5 kB npm notice unpacked size: 27.5 kB npm notice shasum: 5e2d3362e41861d2fa79a3f1a78c091e12963236 npm notice integrity: sha512-ckGSEzZ5Ii4Hf[...]ugpGRDOFOunkA== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=644610830 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>store v2.4.1</h2> <h2>[2.4.1]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/93426f85120f49beb9f40222bff45185a32d54a9"><code>93426f85</code></a> Fixed an issue that caused docs.rs builds to fail. No user facing changes.</li> </ul> <!-- raw HTML omitted --> <pre><code>Updating crates.io index </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d66aa6ff78cbbeaef1542a1fa930c33399578a25"><code>d66aa6f</code></a> publish new versions (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2822">#2822</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6f345870df4e7b187deb869df03b79858e03b4fe"><code>6f34587</code></a> fix(single-instance): disable dbus name replacement (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2860">#2860</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/708fa4e2b77e847ce554115e80f7eb685f4a322e"><code>708fa4e</code></a> chore(deps): update dependency eslint-config-prettier to v10.1.8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2858">#2858</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/b7292030594daa04e78979214478031241b6e38e"><code>b729203</code></a> fix(upload): fix download() locks main thread on Android (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2838">#2838</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2f9c71aae77cddd4ca2ffe9d13e9e1f23ee4f478"><code>2f9c71a</code></a> chore(deps): update dependency rollup to v4.45.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2850">#2850</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/80d4d8e128922b022e76049189a657b71ce95a97"><code>80d4d8e</code></a> chore(deps): update eslint monorepo to v9.31.0 (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2839">#2839</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e7a98b0d2e60463ff86a0f031ce3c84c83a21274"><code>e7a98b0</code></a> chore(deps): update dependency typescript-eslint to v8.37.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2848">#2848</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/44a1f659125a341191420e650608b0b6ff316a0e"><code>44a1f65</code></a> fix(fs): <code>writeFile</code> create file by default (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2846">#2846</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6210cd31df00bb3c55642013c74dc1da81fa00f9"><code>6210cd3</code></a> chore(deps): update dependency rollup to v4.45.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2841">#2841</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/467f07b7de4103a653e40fec8badb6f24abcef39"><code>467f07b</code></a> chore(deps): update dependency vite to v7 (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2800">#2800</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/fs-v2.4.0...fs-v2.4.1">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-deep-link` from 2.4.7 to 2.4.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-deep-link's releases</a>.</em></p> <blockquote> <h2>deep-link-js v2.4.9</h2> <h2>[2.4.9]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e6cdc9f52e2cd975b11b8e4c12879d597f1f76c3"><code>e6cdc9f5</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3396">#3396</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Fix broken iOS custom URL schemes</li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 6.2kB README.md npm notice 3.5kB dist-js/index.cjs npm notice 2.9kB dist-js/index.d.ts npm notice 3.4kB dist-js/index.js npm notice 801B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-deep-link npm notice version: 2.4.9 npm notice filename: tauri-apps-plugin-deep-link-2.4.9.tgz npm notice package size: 4.4 kB npm notice unpacked size: 17.7 kB npm notice shasum: ae56d59130380f806b533b3107c3f16654e66a8d npm notice integrity: sha512-u0SKOUHnJ1wqe[...]hIvqLBRpgHJlA== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011657 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>deep-link v2.4.9</h2> <h2>[2.4.9]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e6cdc9f52e2cd975b11b8e4c12879d597f1f76c3"><code>e6cdc9f5</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3396">#3396</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Fix broken iOS custom URL schemes</li> </ul> <!-- raw HTML omitted --> <pre><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5c7668b6bb7c9a509f394d584568b3a922161e50"><code>5c7668b</code></a> publish new versions (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3397">#3397</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/ec0540138bece081e9a87982091947360e61987a"><code>ec05401</code></a> chore(deps): update rust crate toml to v1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3323">#3323</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/b86e999beb9fb48ef54adf3d0af631f94c06a5d0"><code>b86e999</code></a> chore(deps): update tauri packages to 2.11 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3407">#3407</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c463d8ab1422a4cf44f627a7b4e6ba9d3553f334"><code>c463d8a</code></a> chore(deps): update rustls-webpki in lockfile, ignore core2 in audit (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3405">#3405</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/1bb7beb3076a8bf76b084223d0e4225bb2e53bc9"><code>1bb7beb</code></a> chore(deps): bump openssl (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3402">#3402</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/3412fa2741b3b6e7a251e3548a43b21f2c26c635"><code>3412fa2</code></a> docs(readme): fix platform support matrix (opener supports mobile)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/af81fdac9881d4ed52fbc18b9511bf10f7540ebb"><code>af81fda</code></a> docs(readme): fix platform support matrix (mobile is supported)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c1fd33b3a2735f2e25c1d026dc524af932db3315"><code>c1fd33b</code></a> fix(opener): allow open network share locations (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3343">#3343</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/250857b7b72cd59825a14caa046160dc2ba1bb12"><code>250857b</code></a> chore(deps): update dependency typescript to v6 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3363">#3363</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/964e13f124ad1feeb93c10168b265dc4936f738c"><code>964e13f</code></a> fix(store): dead lock trying to set while exiting (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3395">#3395</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/deep-link-v2.4.7...deep-link-v2.4.9">compare view</a></li> </ul> </details> <br /> Updates `tauri-build` from 2.5.5 to 2.6.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri-build's releases</a>.</em></p> <blockquote> <h2>tauri-build v2.6.0</h2> <!-- raw HTML omitted --> <pre><code>Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 1060 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1086 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.55.0 │ └── tauri-runtime-wry 2.11.0 │ └── tauri 2.11.0 │ ├── tauri-utils 2.9.0 │ │ ├── tauri-schema-generator 0.0.0 │ │ ├── tauri-runtime-wry 2.11.0 │ │ ├── tauri-runtime 2.11.0 │ │ │ ├── tauri-runtime-wry 2.11.0 │ │ │ └── tauri 2.11.0 │ │ ├── tauri-plugin 2.6.0 │ │ │ ├── tauri-plugin-sample 0.1.0 │ │ │ │ └── api 0.1.0 │ │ │ └── tauri-plugin-log 2.6.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-macros 2.6.0 │ │ │ └── tauri 2.11.0 │ │ ├── tauri-codegen 2.6.0 │ │ │ ├── tauri-macros 2.6.0 │ │ │ └── tauri-build 2.6.0 │ │ │ ├── tauri-file-associations-demo 0.1.0 │ │ │ ├── tauri 2.11.0 │ │ │ ├── resources 0.1.0 │ │ │ ├── bench_helloworld 0.1.0 │ │ │ ├── bench_files_transfer 0.1.0 │ │ │ ├── bench_cpu_intensive 0.1.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-cli 2.11.0 │ │ │ └── tauri-cli-node 0.0.0 │ │ ├── tauri-bundler 2.9.0 │ │ │ └── tauri-cli 2.11.0 │ │ ├── tauri-build 2.6.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/e60834fc67d87c10e2f44b2568052295cb61c325"><code>e60834f</code></a> Apply Version Updates From Current Changes (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15041">#15041</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/df05c00563a91fc936bd15c6b10dd2825472f96b"><code>df05c00</code></a> chore: minor bump for codegen crate</li> <li><a href="https://github.com/tauri-apps/tauri/commit/13bea1777fed60c75e37fe67d7ded5dde0b2997d"><code>13bea17</code></a> chore: fmt</li> <li><a href="https://github.com/tauri-apps/tauri/commit/9808236ebf7755d498d674b614f3fc75eeac1ec4"><code>9808236</code></a> fix(macOS): correct value for work_area.position.y (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14655">#14655</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/eb0312ea9e493954298ac0b3fdaae7eafb52750e"><code>eb0312e</code></a> feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...</li> <li><a href="https://github.com/tauri-apps/tauri/commit/4ef5797f0fb27fa2df3f39f4a54e48ef319560ec"><code>4ef5797</code></a> feat(ios): add --no-sign and --archive-only flags to ios build (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15061">#15061</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/110336c88a8c0a04476619db0a5c8f7694d969a5"><code>110336c</code></a> fix(macOS): fix incorrect window position on multi-monitor setups (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15250">#15250</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/c00a3dbffccd6e051d3b7332f706b6c63759865d"><code>c00a3db</code></a> feat(macros): add support for rename command macro in tauri-macros <a href="https://redirect.github.com/tauri-apps/tauri/issues/14173">#14173</a> (<a href="https://redirect.github.com/tauri-apps/tauri/issues/1">#1</a>...</li> <li><a href="https://github.com/tauri-apps/tauri/commit/764b9139a32de149d8a914a6b5ec6cd1937c64eb"><code>764b913</code></a> feat(cli): restart Android emulator if it is disconnected from adb (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14313">#14313</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/1035f12eeb8b23d9780881606d442d11c786e39e"><code>1035f12</code></a> fix(windows): tauri-bundler detect arm system (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14923">#14923</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.5.5...tauri-build-v2.6.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
1ae24e18b5 |
build(deps): bump eclipse-temurin from a051234 to b27ca47 in /docker/base (#6292)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4764f1931b |
build(deps): bump sha2 from 0.10.9 to 0.11.0 in /frontend/src-tauri (#6180)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
7f00441aab |
build(deps): bump windows from 0.58.0 to 0.61.3 in /frontend/src-tauri (#6185)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
561d07b8b1 |
build(deps): bump globals from 17.4.0 to 17.5.0 in /frontend (#6285)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
f39db01919 |
build(deps): bump step-security/harden-runner from 2.15.1 to 2.19.0 (#6228)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
4ab7d3b3ae |
build(deps): bump the mui group across 1 directory with 2 updates (#6301)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
d8519a6517 |
build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#6283)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
34c9e9bdc5 |
build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#6258)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
4663a9a194 |
build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.2 to 3.0.3 in /app/common (#6286)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
f89f7d99ba |
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#6297)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
84e30cd008 |
build(deps): bump actions/github-script from 7.1.0 to 9.0.0 (#6298)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
69236a89c8 |
build(deps): bump gradle/actions from 5.0.1 to 6.1.0 (#6294)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b66e12d15d |
build(deps): bump eclipse-temurin from a051234 to b27ca47 in /docker/embedded (#6293)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3fe8adc5cb |
Switch key areas to lazily import to improve Vite chunk size (#6278)
# Description of Changes Vite currently warns that when it's bundling our code that the chunk size is way too high because most of the imports are static so it can't split them into smaller chunks. This PR changes a few key areas to use lazy imports to try and make the chunks as small as possible with minimal code changes. Vite's warnings kick in at minified chunks being >500kB, and we've got a little way to go still to reach that, but we can keep chipping away at this and I'd rather get the biggest wins done now. I've also included Lighthouse scores because there's been discussion about improving ours recently. It's not the aim of this PR to improve it, but it's nice that it makes it a little better. ## Current main chunks Build split into 12 chunks. Largest chunk in build is: ``` [frontend:build] dist/assets/index-B6JiWDxZ.js 5,175.51 kB │ gzip: 1,495.85 kB ``` <img width="1442" height="775" alt="image" src="https://github.com/user-attachments/assets/b0e8a3fa-4ef3-4ccd-8c1d-bfed2d99bd27" /> Lighthouse score: <img width="423" height="146" alt="before" src="https://github.com/user-attachments/assets/c62056e8-2e77-49a6-a1ae-f08ec8021fb3" /> ## This PR's chunks Build split into 176 chunks. Largest chunk in build is: ``` [frontend:build] dist/assets/index-qCgeCY4B.js 2,878.54 kB │ gzip: 861.03 kB ``` <img width="1447" height="776" alt="image" src="https://github.com/user-attachments/assets/8d0c3cf0-cc25-41c3-b114-4940d3e99349" /> Lighthouse score: <img width="402" height="145" alt="after" src="https://github.com/user-attachments/assets/99a26eb3-bd15-4b92-bf22-82b58b458f52" /> --------- Co-authored-by: EthanHealy01 <[email protected]> |
||
|
|
51f5345151 |
Inform AI engine which endpoints are disabled on the backend (#6251)
# Description of Changes Have the Java send a list of enabled endpoints to the AI engine so it can intelligently respond to the user that the tool does exist but is disabled on the server so it can't acutally run the operation, instead of the current behaviour where it sends the API call back and then 503 errors because the execution fails when the URL is disabled. <img width="380" height="208" alt="image" src="https://github.com/user-attachments/assets/5842fb2e-2e55-45a5-8205-25515636daae" /> --------- Co-authored-by: EthanHealy01 <[email protected]> |
||
|
|
5541dd666c |
Flesh out RAG system (#6197)
# Description of Changes
Flesh out the RAG system and connect it to the PDF Question Agent so it
can respond to questions about PDFs of an extremely large size.
I'd expect lots more work will need to be done to finish off the RAG
system to really be what we need, but this should be a reasonable start
which will let us connect it to tools and have the ingestion mostly
handled automatically. I'm leaving file deletion and proper file ID
management to be done in a future PR. We also need to consider whether
all tools should retrieve content exclusively via RAG, or whether it's
beneficial to have tools sometimes fetch the direct content and other
times fetch it from RAG.
A diagram of the expected interaction is as follows:
```mermaid
sequenceDiagram
autonumber
actor U as User
participant FE as Frontend<br/>(ChatPanel)
participant J as Java<br/>(AiWorkflowService)
participant O as Engine:<br/>OrchestratorAgent
participant QA as Engine:<br/>PdfQuestionAgent
participant RAG as Engine:<br/>RagService + SqliteVecStore
participant V as VoyageAI<br/>(embeddings)
participant L as LLM<br/>(Claude / etc.)
U->>FE: types "Summarise this PDF"<br/>(PDF already uploaded)
FE->>J: POST /api/v1/ai/orchestrate/stream<br/>multipart: fileInputs[], userMessage
Note over J: ByteHashFileIdStrategy<br/>id = sha256(bytes)[:16]
J->>O: POST /api/v1/orchestrator<br/>{ files:[{id,name}], userMessage }
O->>L: route via fast model
L-->>O: delegate_pdf_question
O->>QA: PdfQuestionRequest
loop for each file
QA->>RAG: has_collection(file.id)
RAG-->>QA: false
end
QA-->>O: NeedIngestResponse(files_to_ingest)
O-->>J: { outcome:"need_ingest", filesToIngest:[...] }
Note over J: onNeedIngest
loop per file
J->>J: PDFBox: extract page text
J->>O: POST /api/v1/rag/documents<br/>(long-running timeout)
O->>RAG: chunk + stage documents
O->>V: embed_documents (batches of 256)
V-->>O: embeddings
O->>RAG: add_documents
O-->>J: { chunks_indexed: N }
end
Note over J: retry with resumeWith=pdf_question
J->>O: POST /api/v1/orchestrator
Note over O: fast-path to PdfQuestionAgent
O->>QA: PdfQuestionRequest
Note over QA: build RagCapability<br/>pinned to file IDs
QA->>L: run(prompt) with search_knowledge tool
loop up to max_searches
L->>QA: search_knowledge(query)
QA->>V: embed_query
V-->>QA: query vector
QA->>RAG: search(vector, collections=[file.id])
RAG-->>QA: top-k chunks
QA-->>L: formatted chunks
end
Note over QA: once budget spent,<br/>prepare() hides the tool
L-->>QA: PdfQuestionAnswerResponse
QA-->>O: answer
O-->>J: { outcome:"answer", answer, evidence }
J-->>FE: SSE "result"
FE->>U: assistant bubble
```
|