Skip to content

chore(deps): bundle dependency and security updates#117

Merged
jafreck merged 1 commit into
mainfrom
chore/bundled-dependency-updates
Jun 21, 2026
Merged

chore(deps): bundle dependency and security updates#117
jafreck merged 1 commit into
mainfrom
chore/bundled-dependency-updates

Conversation

@jafreck

@jafreck jafreck commented Jun 21, 2026

Copy link
Copy Markdown
Owner

Bundles the open Dependabot dependency/security updates into a single PR.

Included

Update From → To Replaces
tokio 1.50.0 → 1.52.1 #115
clap 4.6.0 → 4.6.1 #114
rustls-webpki 0.103.10 → 0.103.13 #113
tray-icon 0.21 → 0.22 (locked 0.22.2) #110
softprops/action-gh-release v2 → v3 #112
vite 6.4.2 → 8.0.16 (drops the flagged esbuild tree) #116

Plus a small necessary fix: the vite 6 → 8 bump means npm run build (tsc && vite build) now runs the type-check, which surfaced a pre-existing duplicate window.__TAURI__ global declaration. src/history.ts is aligned with the fuller declaration already present in src/App.ts so tsc passes. No runtime behavior change.

Excluded

  • chore(deps): bump ndarray from 0.16.1 to 0.17.2 #109 ndarray 0.16 → 0.17 — left open. ort 2.0.0-rc.10 pins ndarray = "0.16", and the engines pass ndarray arrays into ort::value::Tensor::from_array(...). Bumping the direct dependency to 0.17 would create two incompatible ndarray versions and fail to compile. This update needs an ort release that supports ndarray 0.17 (or a code change), so it can't be bundled here.

Verification

Run locally on macOS:

  • cargo build --workspace --exclude murmur-copilot --all-targets
  • cargo test --workspace --exclude murmur-copilot -- --test-threads=1 ✅ (344 passed)
  • cargo clippy --workspace --exclude murmur-copilot --all-targets -- -D warnings
  • npm run build in crates/murmur-copilot (tsc + vite 8) ✅

After this merges, Dependabot will auto-close #110, #112, #113, #114, #115, and #116. #109 remains open.

Bundles the following Dependabot updates into a single change:

- tokio 1.50.0 -> 1.52.1 (#115)
- clap 4.6.0 -> 4.6.1 (#114)
- rustls-webpki 0.103.10 -> 0.103.13 (#113)
- tray-icon 0.21 -> 0.22 (#110)
- softprops/action-gh-release v2 -> v3 (#112)
- vite 6 -> 8, dropping the flagged esbuild tree (#116)

Also align the duplicate `__TAURI__` global declaration in history.ts
with App.ts so `tsc` passes under the vite 8 frontend build.

Excludes ndarray 0.16 -> 0.17 (#109): ort 2.0.0-rc.10 pins ndarray
0.16, so bumping the direct dependency breaks ort::Tensor::from_array.
@jafreck jafreck merged commit 578c62b into main Jun 21, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant