chore(deps): bump tar from 0.4.45 to 0.4.46 in /src-tauri#50
Merged
Conversation
Bumps [tar](https://github.com/composefs/tar-rs) from 0.4.45 to 0.4.46. - [Release notes](https://github.com/composefs/tar-rs/releases) - [Commits](composefs/tar-rs@0.4.45...0.4.46) --- updated-dependencies: - dependency-name: tar dependency-version: 0.4.46 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
mattenarle10
approved these changes
May 31, 2026
Owner
mattenarle10
left a comment
mattenarle10
left a comment
There was a problem hiding this comment.
Approved. This is a narrow Cargo.lock-only security bump for the indirect tar dependency, 0.4.45 -> 0.4.46, addressing GHSA-3cv2-h65g-fgmm. I updated the branch with current main and verified cargo check --release, bun test, and git diff --check locally.
hoiyada7-maker
added a commit
to hoiyada7-maker/markamd
that referenced
this pull request
Jun 2, 2026
* fix: show dot-prefixed tool folders in sidebar * feat(ui): add copy path, toolbar toggle, and breadcrumb view controls - Right-click on sidebar items now shows Copy Path and Copy Relative Path - Added hide/show titlebar toggle button in breadcrumb bar - Moved reading mode and theme buttons from titlebar to breadcrumb - Extracted ThemeButton as a standalone reusable component - Added visual separator (border-left) between view controls and file actions - Fixed MSVC build environment via .cargo/config.toml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(release): allow unsigned builds, add workflow_dispatch trigger - Remove TAURI_SIGNING_PRIVATE_KEY requirement - Disable createUpdaterArtifacts at build time via node one-liner - Add workflow_dispatch input so release can be triggered manually - Bump actions/checkout and actions/cache to v4 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): remove machine-specific .cargo/config.toml from git The file had hardcoded Windows CC/CXX/AR/LIB paths that broke Linux and macOS CI builds. Added to .gitignore so it stays locally for dev but never reaches CI runners (which auto-detect MSVC or use system toolchain). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ui): add Reveal in File Explorer to right-click context menu - New Tauri command `reveal_in_file_manager`: Windows: opens parent folder for files, folder itself for dirs macOS: `open -R` to reveal in Finder Linux: xdg-open on parent dir - Context menu shows Reveal in Explorer for both files and folders Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.6 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ts): remove unused dirname import Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ui): add copy path, toolbar toggle, and breadcrumb view controls (mattenarle10#52) * feat(ui): add copy path, toolbar toggle, and breadcrumb view controls - Right-click on sidebar items now shows Copy Path and Copy Relative Path - Added hide/show titlebar toggle button in breadcrumb bar - Moved reading mode and theme buttons from titlebar to breadcrumb - Extracted ThemeButton as a standalone reusable component - Added visual separator (border-left) between view controls and file actions - Fixed MSVC build environment via .cargo/config.toml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(release): allow unsigned builds, add workflow_dispatch trigger - Remove TAURI_SIGNING_PRIVATE_KEY requirement - Disable createUpdaterArtifacts at build time via node one-liner - Add workflow_dispatch input so release can be triggered manually - Bump actions/checkout and actions/cache to v4 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): remove machine-specific .cargo/config.toml from git The file had hardcoded Windows CC/CXX/AR/LIB paths that broke Linux and macOS CI builds. Added to .gitignore so it stays locally for dev but never reaches CI runners (which auto-detect MSVC or use system toolchain). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ui): add Reveal in File Explorer to right-click context menu - New Tauri command `reveal_in_file_manager`: Windows: opens parent folder for files, folder itself for dirs macOS: `open -R` to reveal in Finder Linux: xdg-open on parent dir - Context menu shows Reveal in Explorer for both files and folders Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.6 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ts): remove unused dirname import Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): restore macos private api feature * fix(ci): keep signed updater release flow * fix(ui): keep reading controls reachable * fix(ci): leave release workflow unchanged --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: mattenarle10 <enarlem10@gmail.com> * docs: add contributor guidance to readme (mattenarle10#53) * chore(deps): bump tar from 0.4.45 to 0.4.46 in /src-tauri (mattenarle10#50) Bumps [tar](https://github.com/composefs/tar-rs) from 0.4.45 to 0.4.46. - [Release notes](https://github.com/composefs/tar-rs/releases) - [Commits](composefs/tar-rs@0.4.45...0.4.46) --- updated-dependencies: - dependency-name: tar dependency-version: 0.4.46 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mattenarle10 <enarlem10@gmail.com> * chore(release): prepare v1.5.5 (mattenarle10#54) * docs: refresh v1.5.5 workflow copy * docs: tighten readme structure * docs: simplify readme contributor strip * docs: polish readme presentation * docs: remove readme preview image * feat(ui): multi-folder explorer with favorites and star 1. Explorer panel — sidebar header renamed to EXPLORER, single rootPath replaced with a persisted multi-folder list. Existing single-folder session is auto-migrated on first load. 2. Add/close folders — FolderPlus button in header opens a folder picker and appends to the list. Each root-folder section has an X button (hover-revealed) that removes it from the panel. 3. Star icon on files — each .md file row gets a star button to the right of the stage button. Click toggles favorites, filled star when active. State persisted to localStorage. 4. Favorites section — starred files appear at the top of the panel in a collapsible Favorites section with drag-to-reorder support. New files: root-folder.tsx, favorites.tsx Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ui): open non-md files as plain text in editor When a sidebar file fails extension validation but is plain text (not binary, not oversized), the error toast now shows two actions: - "open in default app" — existing behaviour - "open as text" — loads content into editor, activates editor-only mode (preview hidden) so the file is shown like Notepad Implementation: - files.ts: extract checkBinaryAndSize helper, add validatePlainTextFile that skips extension check - LoadError: add canOpenAsText? flag set when plain-text fallback is safe - use-file-session: add loadPlainTextFile that bypasses extension guard - toast.tsx: add secondAction? prop for a second action button - app.tsx: wire "open as text" → loadPlainTextFile + setEditorOnly(true) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(rust): restore macos-private-api feature dropped during version bump Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ui): remember per-extension open preference and sync editor-only mode Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.7 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ui): resolve local image paths in markdown preview Read relative img src paths via tauri-plugin-fs and convert to base64 data URIs so images stored alongside the markdown file are visible in the preview pane. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(release): bump version to 1.5.8 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(rust): restore macos-private-api feature dropped during version bump Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(release): make updater signing conditional * fix: clear closed sidebar roots * style: refine translucent explorer chrome * ci: checkout requested release tag --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: gzg1023 <guodev@outlook.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Matthew Enarle <89822774+mattenarle10@users.noreply.github.com> Co-authored-by: mattenarle10 <enarlem10@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps tar from 0.4.45 to 0.4.46.
Release notes
Sourced from tar's releases.
Commits
fc459c1Release 0.4.4643e05a8ci: Add crates.io trusted publishing workflowbba5666Update repo linkscd94c46docs: Document TOCTOU / concurrent-mutation threat model1b4997cbuilder: Expand docs for follow_symlinks and append_dir_allbab14ddarchive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)2349b49Add support of absolute paths39d0311Update some links59d803eUpdate astral-tokio-tar requirement from 0.5 to 0.68296b9aci: Fix and re-enable reverse dependency testing (#444)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.