[Snyk] Upgrade @tauri-apps/api from 2.9.0 to 2.9.1#4
[Snyk] Upgrade @tauri-apps/api from 2.9.0 to 2.9.1#4danielbodnar wants to merge 1 commit intomainfrom
Conversation
Snyk has created this PR to upgrade @tauri-apps/api from 2.9.0 to 2.9.1. See this package in pnpm: @tauri-apps/api See this project in Snyk: https://app.snyk.io/org/danielbodnar/project/fb1fae36-5dba-4f23-a29b-04b364e68a4f?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
This PR is intended to upgrade the @tauri-apps/api dependency for the keyless-desktop app, as part of routine dependency maintenance (Snyk upgrade PR).
Changes:
- Updates
@tauri-apps/apiversion range inpackage.json. - Updates
pnpm-lock.yamlto a newer resolved@tauri-apps/apiversion and updates dependent plugin snapshot resolutions accordingly.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| keyless-desktop/package.json | Updates the declared @tauri-apps/api dependency range. |
| keyless-desktop/pnpm-lock.yaml | Updates lockfile records for @tauri-apps/api and dependent plugins, but currently to a different version than described by the PR. |
Files not reviewed (1)
- keyless-desktop/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| "dependencies": { | ||
| "@tauri-apps/api": "^2", | ||
| "@tauri-apps/api": "^2.9.1", |
There was a problem hiding this comment.
The PR metadata/title says this is an upgrade to @tauri-apps/api 2.9.1, but the lockfile resolves and records @tauri-apps/api@2.10.1 (and updates plugin snapshots to 2.10.1). Please either update the dependency to 2.9.1 as intended, or update the PR title/description and package.json to reflect the 2.10.1 upgrade so the change is accurately reviewed.
| '@tauri-apps/api': | ||
| specifier: ^2 | ||
| version: 2.9.0 | ||
| specifier: ^2.10.1 |
There was a problem hiding this comment.
pnpm-lock.yaml importer entry has specifier '^2.10.1' for @tauri-apps/api, but package.json declares '^2.9.1'. This mismatch can cause confusing diffs and non-reproducible installs across environments. Regenerate the lockfile after aligning the package.json version range (or adjust package.json to match the intended range).
| specifier: ^2.10.1 | |
| specifier: ^2.9.1 |
| '@tauri-apps/api@2.10.1': | ||
| resolution: {integrity: sha512-hKL/jWf293UDSUN09rR69hrToyIXBb8CjGaWC7gfinvnQrBVvnLr08FeFi38gxtugAVyVcTa5/FD/Xnkb1siBw==} |
There was a problem hiding this comment.
The lockfile pins @tauri-apps/api to 2.10.1, which is a minor version jump from 2.9.x. If the intent is a patch upgrade only, this should be 2.9.1; otherwise, expect potentially new APIs/behavior and consider validating via a targeted smoke test (e.g., build + basic app startup) before merging.
Snyk has created this PR to upgrade @tauri-apps/api from 2.9.0 to 2.9.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 2 months ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: