chore(deps): Bump windows from 0.58.0 to 0.61.3 in /apps/helper/src-tauri#1081
Merged
ToddHebebrand merged 1 commit intoJun 10, 2026
Merged
Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Deploying breeze with
|
| Latest commit: |
b986749
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://45029ade.breeze-9te.pages.dev |
| Branch Preview URL: | https://dependabot-cargo-apps-helper-pr22.breeze-9te.pages.dev |
Collaborator
|
Status: intentionally held. The Path to clear it: after #1146 lands, verify this bump via a Windows build of |
ToddHebebrand
added a commit
that referenced
this pull request
Jun 9, 2026
…fix; add rust-check CI job (#1146) ## Why Supersedes the coupled dependabot pair **#1082** (sha2 0.10→0.11) and **#1083** (hmac 0.12→0.13). Both pull in digest 0.11, and merging either alone breaks the helper build: digest 0.11 moved `new_from_slice` to the `KeyInit` trait. Neither could merge safely because **PR CI never compiles the helper's Rust** — only cargo-audit (an advisory-DB scan) runs; the real build happens only in the release workflow. ## What - **Bump** `sha2 = "0.11"`, `hmac = "0.13"` in `apps/helper/src-tauri/Cargo.toml` + lockfile. - **Fix** `apps/helper/src-tauri/src/ipc/envelope.rs:18` — import `KeyInit` alongside `Mac` so `Hmac::new_from_slice` compiles under digest 0.11. - **New CI job `rust-check`** — `cargo check --locked --all-targets` for `apps/helper/src-tauri` **and** `apps/viewer/src-tauri` on every PR, using the same apt deps, pinned toolchain action, and rust-cache setup as the release workflow. Closes the merge-green-break-release blind spot this pair demonstrated. Non-blocking (not in the `ci-success` needs list) until its runtime/caching is proven. ## Verification - `cargo check --locked --all-targets` clean for **both** apps locally (macOS). - `cargo test` in the helper: **33 passed**, including the Go-compatible HMAC envelope parity tests that exercise the `KeyInit` code path. - The `rust-check` job runs on this very PR, so the bump is compile-verified in CI before merge. ## Notes - **#1081** (windows 0.58→0.61) is intentionally NOT included: it's `[target.'cfg(windows)']`-gated, so neither macOS nor the ubuntu rust-check job compiles it — only the Windows release build can verify it. It stays held. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Bumps [windows](https://github.com/microsoft/windows-rs) from 0.58.0 to 0.61.3. - [Release notes](https://github.com/microsoft/windows-rs/releases) - [Commits](https://github.com/microsoft/windows-rs/commits) --- updated-dependencies: - dependency-name: windows dependency-version: 0.61.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/apps/helper/src-tauri/windows-0.61.3
branch
from
9043d7b to
b986749
Compare
ToddHebebrand
added a commit
that referenced
this pull request
Jun 9, 2026
…dows cargo check, dependabot staggering (#1165) ## Why Follow-up to the June red-main postmortem (#1144/#1146), with one organizing principle: **nothing is red by default — red means act now.** Main was red for 8 days partly because chronic background red trained everyone to ignore it. ## What **Blocking integration tests** — the API integration suite moves out of the non-blocking smoke-test job into its own `integration-test` job, required on PRs *and* main via `ci-success`. This is the gate that would have stopped #1042 and #1092 from merging. It boots only `docker-compose.test.yml` (no image builds) — ~2-3 min. The smoke job keeps the Docker build + endpoint smoke, still non-blocking on PRs. `rust-check` is promoted to required as well. **`bail: 1` removed** from the integration config — it surfaced only the first failure per run, which hid #1092's lockout behind #1042's 403 for a day. **Main-red alerting** — a `main-red-alert` job keeps exactly one open `ci-red` issue while main is red and auto-closes it on the next green main push. Cancelled runs (dependabot storms) are ignored. One loud, self-resolving signal instead of a wall of silently-cancelled runs. **`rust-check-windows`** — compiles both Tauri apps on a windows runner, path-filtered to `src-tauri/**` changes, closing the `cfg(windows)` gap the ubuntu rust-check can't cover (the #1081 problem). Skipped (fast, green) on non-Cargo PRs. **Workflow Lint job** (security workflow) — actionlint core checks + zizmor at medium severity, both verified green against this tree before gating. shellcheck integration is deliberately off (release.yml's 13 style nits would make it perma-red). `.github/zizmor.yml` encodes the pin policy (first-party actions float on tags, everything else hash-pinned) and the one accepted finding class (release build caches). zizmor's first sweep also scoped `security-events: write` per-job and added missing least-privilege `permissions:` blocks to three workflows. **Dependabot staggering + coupling groups** — npm Monday, Go Tuesday, Actions Wednesday, Cargo Thursday (no more Monday merge storm), plus groups for deps that break when bumped solo: `mobile` (expo/react-native/metro), `aws-sdk` (gomod), `rustcrypto` (the sha2/hmac pair from #1082/#1083). **Local-flake kill** — `audit-logs-rls.integration.test.ts` used hardcoded resourceIds against the append-only `audit_logs` table, so every second local run failed on accumulated rows (the "clear audit_logs between runs" papercut). Per-run UUIDs fix it; verified by running the suite twice against a dirty DB — 91/91 green both times. ## Deliberately deferred A nightly Playwright e2e job is viable but the suite currently has a broken import (`test-helpers.ts` doesn't exist) and unverified seed data for the catalog specs — shipping it now would create a red-by-default job. Tracked as a follow-up. ## Verification - `actionlint -shellcheck=` and `zizmor --min-severity medium` exit 0 across all workflows locally. - Integration suite (no-bail config): 22 files / 91 tests green, twice, against a dirty DB. - The new `integration-test`, `rust-check-windows` (skip path), and `workflow-lint` jobs all run on this very PR. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
ToddHebebrand
deleted the
dependabot/cargo/apps/helper/src-tauri/windows-0.61.3
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps windows from 0.58.0 to 0.61.3.
Commits