Skip to content

Bump the rust group in /src-tauri with 3 updates#90

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/src-tauri/rust-e1f68a6dcb
Open

Bump the rust group in /src-tauri with 3 updates#90
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/src-tauri/rust-e1f68a6dcb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the rust group in /src-tauri with 3 updates: tauri, posthog-rs and rand.

Updates tauri from 2.11.3 to 2.11.5

Release notes

Sourced from tauri's releases.

tauri v2.11.5

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1146 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413

Crate: atk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0416
URL: https://rustsec.org/advisories/RUSTSEC-2024-0416

Crate: fxhash
Version: 0.2.1
Warning: unmaintained
Title: fxhash - no longer maintained
Date: 2025-09-05
ID: RUSTSEC-2025-0057
URL: https://rustsec.org/advisories/RUSTSEC-2025-0057

Crate: gdk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0412
URL: https://rustsec.org/advisories/RUSTSEC-2024-0412

Crate: gdk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0418
URL: https://rustsec.org/advisories/RUSTSEC-2024-0418

Crate: gdkwayland-sys
</tr></table>

... (truncated)

Commits

Updates posthog-rs from 0.15.0 to 0.17.3

Release notes

Sourced from posthog-rs's releases.

0.17.3

Patch changes

  • 9d94264 Clamp a server Retry-After to retry_max_backoff_ms (default 30s) instead of an internal 1-day cap, so a single retry wait never exceeds the configured max backoff. Retry-After still acts as a minimum and the configured backoff itself is never truncated. This unifies the default retry-wait ceiling (30s) with posthog-go and posthog-python. — Thanks @​eli-r-ph!

0.17.2

Patch changes

0.17.1

Patch changes

  • c7e2533 Retry remote feature flag requests after transient 502 and 504 responses. — Thanks @​marandaneto!

0.17.0

Minor changes

  • f00e91b General on_error observability hook. Register one or more hooks with ClientOptionsBuilder::on_error to observe terminal failures across every SDK network surface without giving up the non-blocking API: a capture batch the SDK gave up delivering (permanent reject, exhausted retries, serialization failure, or — on the capture-v1 pipeline — a 2xx whose per-event verdicts left events unpersisted), a failed remote /flags request, and a failed local-evaluation definitions poll. Hooks fire in registration order and may be invoked from whichever thread reaches the failure (the background transport worker, a flags request, or the poller).

    Each hook receives a &PostHogError<'_>, a #[non_exhaustive] enum with one variant per surface (Capture, FeatureFlags, LocalEvaluation), each carrying an enriched, #[non_exhaustive] failure struct read through accessors: CaptureFailure (cause, HTTP status, attempt, lost-event count, historical-migration flag, and — under capture-v1 — request id, per-event event_results, and the parsed V1ErrorResponse), FlagsFailure (cause, endpoint, distinct id, status, body), and LocalEvaluationFailure (cause, status; the personal API key is never surfaced). The failure is passed by reference and borrows from the caller, so the common (hookless) path stays allocation-free. New public exports: PostHogError, CaptureFailure, FlagsFailure, LocalEvaluationFailure, and (under capture-v1) V1ErrorResponse.

    The hook is observability-only and MUST NOT call back into the SDK (no capture/capture_batch/capture_exception, flush, or shutdown): emitting an event while handling a capture failure forms an amplification loop. The hook is Fn + Send + Sync and invoked without holding any SDK lock, so it may run concurrently on multiple threads and must be internally thread-safe. Hook panics are caught and ignored. Registering at least one hook silences the default WARN logged for terminal capture batch rejects/exhaustion, since the caller now owns that signal; other drop warnings and the existing /flags and poller logs are unaffected.

    Also makes the blocking local-evaluation poller's background thread shut down promptly: it now wakes to check the stop signal in short steps instead of sleeping the full poll interval, so stop/Drop no longer blocks for up to a whole interval (previously up to the configured poll_interval_seconds). — Thanks @​eli-r-ph!

0.16.0

Minor changes

  • c2766cd Native symbolication for error tracking: captured exceptions and panics now attach each frame's instruction_addr and an event-level $debug_images list, so PostHog can symbolicate native (Rust/C/C++) stack frames server-side against symbols uploaded with posthog-cli. Debug ids match the server/CLI convention (GNU build id on ELF, LC_UUID on Mach-O, GUID+age on Windows PDB). Behind the default-on error-tracking feature. — Thanks @​cat-ph!

0.15.1

Patch changes

  • 91dfe67 Include canonical feature flag request fields for remote evaluation, including person/group properties, GeoIP disable, and flag key filtering. — Thanks @​marandaneto!
Changelog

Sourced from posthog-rs's changelog.

0.17.3 — 2026-07-05

Patch changes

  • 9d94264 Clamp a server Retry-After to retry_max_backoff_ms (default 30s) instead of an internal 1-day cap, so a single retry wait never exceeds the configured max backoff. Retry-After still acts as a minimum and the configured backoff itself is never truncated. This unifies the default retry-wait ceiling (30s) with posthog-go and posthog-python. — Thanks @​eli-r-ph!

0.17.2 — 2026-07-02

Patch changes

0.17.1 — 2026-07-02

Patch changes

  • c7e2533 Retry remote feature flag requests after transient 502 and 504 responses. — Thanks @​marandaneto!

0.17.0 — 2026-07-02

Minor changes

  • f00e91b General on_error observability hook. Register one or more hooks with ClientOptionsBuilder::on_error to observe terminal failures across every SDK network surface without giving up the non-blocking API: a capture batch the SDK gave up delivering (permanent reject, exhausted retries, serialization failure, or — on the capture-v1 pipeline — a 2xx whose per-event verdicts left events unpersisted), a failed remote /flags request, and a failed local-evaluation definitions poll. Hooks fire in registration order and may be invoked from whichever thread reaches the failure (the background transport worker, a flags request, or the poller).

    Each hook receives a &PostHogError<'_>, a #[non_exhaustive] enum with one variant per surface (Capture, FeatureFlags, LocalEvaluation), each carrying an enriched, #[non_exhaustive] failure struct read through accessors: CaptureFailure (cause, HTTP status, attempt, lost-event count, historical-migration flag, and — under capture-v1 — request id, per-event event_results, and the parsed V1ErrorResponse), FlagsFailure (cause, endpoint, distinct id, status, body), and LocalEvaluationFailure (cause, status; the personal API key is never surfaced). The failure is passed by reference and borrows from the caller, so the common (hookless) path stays allocation-free. New public exports: PostHogError, CaptureFailure, FlagsFailure, LocalEvaluationFailure, and (under capture-v1) V1ErrorResponse.

    The hook is observability-only and MUST NOT call back into the SDK (no capture/capture_batch/capture_exception, flush, or shutdown): emitting an event while handling a capture failure forms an amplification loop. The hook is Fn + Send + Sync and invoked without holding any SDK lock, so it may run concurrently on multiple threads and must be internally thread-safe. Hook panics are caught and ignored. Registering at least one hook silences the default WARN logged for terminal capture batch rejects/exhaustion, since the caller now owns that signal; other drop warnings and the existing /flags and poller logs are unaffected.

    Also makes the blocking local-evaluation poller's background thread shut down promptly: it now wakes to check the stop signal in short steps instead of sleeping the full poll interval, so stop/Drop no longer blocks for up to a whole interval (previously up to the configured poll_interval_seconds). — Thanks @​eli-r-ph!

0.16.0 — 2026-07-01

Minor changes

  • c2766cd Native symbolication for error tracking: captured exceptions and panics now attach each frame's instruction_addr and an event-level $debug_images list, so PostHog can symbolicate native (Rust/C/C++) stack frames server-side against symbols uploaded with posthog-cli. Debug ids match the server/CLI convention (GNU build id on ELF, LC_UUID on Mach-O, GUID+age on Windows PDB). Behind the default-on error-tracking feature. — Thanks @​cat-ph!

0.15.1 — 2026-06-30

Patch changes

  • 91dfe67 Include canonical feature flag request fields for remote evaluation, including person/group properties, GeoIP disable, and flag key filtering. — Thanks @​marandaneto!
Commits
  • 8bdf84a chore: Release v0.17.3 [skip ci]
  • 9d94264 fix(capture): clamp Retry-After to retry_max_backoff_ms (#177)
  • 1987240 ci: Standardize SDK release failure telemetry (#173)
  • bf13d89 chore: Release v0.17.2 [skip ci]
  • 7ee049c fix: stop duplicating distinct_id in flags person properties (#170)
  • 065199d chore: Release v0.17.1 [skip ci]
  • c7e2533 fix: Retry flags requests on 502 and 504 (#172)
  • d99286b chore: Release v0.17.0 [skip ci]
  • f00e91b feat: general on_error observability hook (#167)
  • 2b76e52 chore: Release v0.16.0 [skip ci]
  • Additional commits viewable in compare view

Updates rand from 0.10.1 to 0.10.2

Changelog

Sourced from rand's changelog.

[0.10.2] — 2026-07-02

Fixes

  • Fix possible memory safety violation due to deserialization of UniformChar from bad source (#1790)

Changes

  • Document required output order of fn partial_shuffle and apply #[must_use] (#1769)
  • Avoid usage of unsafe in contexts where non-local memory corruption could invalidate contract (#1791)

#1769: rust-random/rand#1769 #1790: rust-random/rand#1790 #1791: rust-random/rand#1791

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

Bumps the rust group in /src-tauri with 3 updates: [tauri](https://github.com/tauri-apps/tauri), [posthog-rs](https://github.com/posthog/posthog-rs) and [rand](https://github.com/rust-random/rand).


Updates `tauri` from 2.11.3 to 2.11.5
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](tauri-apps/tauri@tauri-v2.11.3...tauri-v2.11.5)

Updates `posthog-rs` from 0.15.0 to 0.17.3
- [Release notes](https://github.com/posthog/posthog-rs/releases)
- [Changelog](https://github.com/PostHog/posthog-rs/blob/main/CHANGELOG.md)
- [Commits](PostHog/posthog-rs@0.15.0...0.17.3)

Updates `rand` from 0.10.1 to 0.10.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.10.1...0.10.2)

---
updated-dependencies:
- dependency-name: tauri
  dependency-version: 2.11.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust
- dependency-name: posthog-rs
  dependency-version: 0.17.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust
- dependency-name: rand
  dependency-version: 0.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 6, 2026
@greptile-apps

greptile-apps Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR is a Dependabot-generated group bump of three Rust dependencies in src-tauri: tauri (2.11.3 → 2.11.5), posthog-rs (0.15.0 → 0.17.3), and rand (0.10.1 → 0.10.2). Notably, rand 0.10.2 includes a memory-safety fix for deserialization of UniformChar.

  • rand 0.10.2 patches a possible memory safety violation when deserializing UniformChar from a bad source — a meaningful safety fix.
  • tauri 2.11.5 includes bug fixes (Windows HDC handle leak, Linux bundler symlinks); Cargo.toml keeps the 2.11.3 lower-bound pin while Cargo.lock resolves to the new patch.
  • posthog-rs 0.17.3 adds two minor-version features (native error-tracking symbolication, on_error observability hook) and a new transitive dependency on findshlibs for reading shared-library metadata.

Confidence Score: 5/5

Safe to merge — all three dependency bumps are patch/minor upgrades from Dependabot with no breaking changes and at least one meaningful safety fix.

The rand 0.10.2 bump closes a memory-safety bug in UniformChar deserialization, tauri 2.11.5 is a pair of bug-fix patches, and posthog-rs 0.17.3 extends the SDK with backwards-compatible observability features. The only structural change is the new findshlibs transitive dependency, which is a small, well-known crate used by posthog-rs for native stack-frame symbolication and carries no known vulnerabilities.

No files require special attention.

Important Files Changed

Filename Overview
src-tauri/Cargo.toml Updates posthog-rs version constraint from "0.15" to "0.17"; tauri and rand remain at their existing caret bounds and are resolved to newer patch versions only in Cargo.lock.
src-tauri/Cargo.lock Lock file updated for tauri (2.11.3→2.11.5), tauri-runtime-wry (2.11.3→2.11.4), posthog-rs (0.15.0→0.17.3), rand (0.10.1→0.10.2), and adds findshlibs 0.10.2 as a new transitive dependency of posthog-rs.

Reviews (1): Last reviewed commit: "Bump the rust group in /src-tauri with 3..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants