chore(deps-dev): bump @tauri-apps/cli from 1.5.11 to 2.2.7#184
chore(deps-dev): bump @tauri-apps/cli from 1.5.11 to 2.2.7#184dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.5.11 to 2.2.7. - [Release notes](https://github.com/tauri-apps/tauri/releases) - [Commits](https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.11...@tauri-apps/cli-v2.2.7) --- updated-dependencies: - dependency-name: "@tauri-apps/cli" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
the
dependencies
JiwaniZakir
left a comment
JiwaniZakir
left a comment
There was a problem hiding this comment.
The yarn.lock entries for the new packages resolve from registry.npmmirror.com (a Chinese third-party mirror) rather than the official registry.yarnpkg.com used by the old 1.5.11 entries. This is a supply chain risk worth scrutinizing — ideally all packages should resolve from the official registry, and a lockfile silently pointing at a different source warrants verification that these binaries match the official Tauri releases.
Beyond the registry concern, this is a major version jump (v1 → v2), and Tauri 2.x introduced breaking changes including a restructured tauri.conf.json, updated plugin APIs, and a new permissions/capabilities system. The diff only touches package.json and yarn.lock, but a real v1→v2 migration would require changes to src-tauri/tauri.conf.json, capability files, and potentially Rust-side code. If those files weren't updated, the build will likely fail or produce a misconfigured app. It's worth confirming whether the src-tauri/ directory was migrated using tauri migrate or equivalent steps before merging.
1 participant
Bumps @tauri-apps/cli from 1.5.11 to 2.2.7.
Release notes
Sourced from
@tauri-apps/cli's releases.... (truncated)
Commits
82d634fApply Version Updates From Current Changes (#12512)8e9134cfix(cli): Apply --bins flag on build instead of dev (#12511)dc1997bapply version updates (#12439)1a86974fix(cli): let xcode handle building forios build --open(#12406)fb294affix(tauri-driver): Parse ms:edgeOptions separately (#12383)46c7b16ci(renovate): Disable oxc_ PRs9dac286fix(bundler): Don't self-sign dmg (#12323)9a9d120chore(deps): update dependency rollup to v4.32.0 (dev) (#12502)27096cdfix(cli): don't force native-tls feature on desktop (#12445)6cbfc48refactor: documentEmitter/Listnertraits panics, refactor check into int...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)