chore(deps): bump openssl/rand/uuid/postcss for 8 dependabot alerts

[ValwareIRC]

Summary

Lockfile-only bumps that close 8 of the 10 open Dependabot alerts on this repo. No source changes.

Severity	Package	From → To	GHSA
🔴 high	openssl	0.10.77 → 0.10.79	xp3w-r5p5-63rr
🔴 high	openssl	(same bump)	8c75-8mhr-p7r9
🔴 high	openssl	(same bump)	hppc-g8h3-xhp3
🔴 high	openssl	(same bump)	ghm9-cr32-g9qj
🔴 high	openssl	(same bump)	pqf5-4pqq-29f5
🟡 low	openssl	(same bump)	xmgf-hq76-4vx2
🟠 medium	uuid	11.0.x → 11.1.1	w5hq-g745-h8pq
🟠 medium	postcss	8.5.x → 8.5.14	qx2v-qp2m-jg93
🟡 low	rand (0.8)	0.8.5 → 0.8.6	cq8v-f236-94qc

Why one PR for everything

All bumps are SemVer-patch updates with no API breakage. Verified locally:

• npm run build — clean
• cd src-tauri && cargo check — clean

Intentionally not in this PR

Two alerts can't be fixed with a lockfile bump:

• glib 0.18.5 (medium, GHSA-wrw7-89jp-8q8g) — pinned by Tauri 2.10's GTK 0.18 bindings (atk → gtk → muda → tauri). Needs Tauri to ship a release with GTK 0.20 before we can move; tracked upstream.
• rand 0.7.3 (low, GHSA-cq8v-f236-94qc) — build-time only, pulled in via selectors → phf_codegen → phf_generator. Not in any runtime code path; the runtime rand is the 0.8.6 covered above.

Both leftover alerts will be revisited when their upstreams move.

Test plan

• CI green
• Manual: desktop Tauri build still launches and connects
• Manual: npm run android:release produces a working APK
• Confirm Dependabot closes the 8 covered alerts after merge

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• src-tauri/Cargo.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1aa38b5a-2a7d-40ae-86a1-490187be31e2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/security-bumps

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Preview URL: https://chore-security-bumps.obsidianirc.pages.dev

Automated deployment preview for the PR in the Cloudflare Pages.