Skip to content

v0.1.81

Choose a tag to compare

@github-actions github-actions released this 14 May 20:05

Notepatra v0.1.81

Polish + housekeeping release. One Linux updater dialog fix, plus a
deep dependency refresh: GitHub Actions matrix bumped past the Node 20
deprecation cliff, RustCrypto family upgraded to 0.11, sqlformat to 0.5,
plus a long-overdue cargo fmt + clippy sweep of rust-core/.

No new features, no UX changes — every user-visible behaviour is identical
to v0.1.80 except where called out below. Safe drop-in upgrade.

Fix 1 — Linux updater confirm dialog now matches the downloaded file type

The bug

When the in-app updater prompted you to install a new release on Linux,
the confirmation dialog said:

"We'll open the folder so you can move the new AppImage into place."

…regardless of what was actually downloaded. The picker
(pickAssetForPlatform() in src/updater.cpp) prefers AppImage at
priority 10, but we only ship the .AppImage artifact for Linux
x86_64
. On Linux ARM64 the picker falls back to the
.tar.gz at priority 30, and the dialog still told ARM64 users to
"move the new AppImage into place" — but they had a tarball, not an
AppImage. The dialog also misled the rare x86_64 edge case where the
AppImage upload was missing for a release and the picker fell through
to tar.gz (this was the original symptom in issue #12, reported
against v0.1.17 which shipped no AppImage at all).

Root cause

installReleaseInteractive() in src/updater.cpp hard-coded the Linux
confirmation message, ignoring the actual picked.name extension.

The fix

The Linux branch now inspects the downloaded file's suffix and tailors
the instructions:

  • .appimage → original AppImage instructions + chmod +x reminder for
    file managers that strip the executable bit on the moved file
  • .tar.gz / .tgz / .tar.xz → "extract the tarball and replace the
    existing notepatra binary at ~/.local/bin/notepatra" with a copy-
    paste-ready tar xzf … && mv notepatra ~/.local/bin/ example
  • Anything else → generic fallback

Closes the second finding of issue #12.

Subtle note: the dialog is rendered by the currently-running
binary (the one being upgraded from). On Linux x86_64 you get the
AppImage path (correct text both before and after this fix). On
Linux ARM64 you get the tarball path — v0.1.80 → v0.1.81 still
shows the old "AppImage" text on ARM64; the fix kicks in from
v0.1.81 → v0.1.82.

Housekeeping — dependency refresh

Coordinated upgrade of five dependabot PRs that had been sitting since
mid-April. Three groups:

GitHub Actions matrix bumped past the Node 20 cliff

Action Old New Why
actions/checkout v4 v6 Node 20 deprecated for runner-side actions in June 2026
actions/download-artifact v4 v8 Same — Node 20 cliff
github/codeql-action v3 v4 Required for the new GitHub Advanced Security ingest format

(actions/upload-artifact v4 → v7 is in PR #2, queued for the next release once dependabot rebases.)

No behaviour change in the release pipeline — same 51 signed artifacts,
same cosign keyless OIDC + SLSA build provenance, same SHA-256 sums.

Rust dependency refresh

Crate Old New Why
md-5, sha1, sha2 0.10.x 0.11.0 RustCrypto family-wide breaking change; digest output type moved from GenericArray to hybrid-array::Array. Closes dependabot #6 / #7 / #11.
sqlformat 0.3.5 0.5.0 FormatOptions grew six new fields; switched to ..FormatOptions::default() so future bumps don't keep breaking this site. Closes dependabot #9.
libc 0.2.183 0.2.184 Routine patch bump. Closes dependabot #10.

Hash function consumers (compute_hash() in rust-core/src/hash.rs)
were updated to call .as_slice() on the new Array digest output type
and pass it through a small hex_encode() helper — the format!("{:x}", …) idiom stopped working because Array doesn't implement LowerHex.

MD5 / SHA-1 / SHA-256 / SHA-512 output is byte-identical to v0.1.80
the wire format hasn't changed, only how we hex-encode it. All 130
cargo test assertions pass.

Code-quality sweep

cargo fmt ran across all of rust-core/ (5 files had pre-existing
drift — 191 LoC reformatted, zero behaviour changes). cargo clippy -- -D warnings cleared four pre-existing lints:

  • explicit_auto_deref in file_io.rs
  • if_same_then_else in sql_fmt.rs (merged three whitespace classes
    with the literal space into a single condition)
  • redundant_closure in sql_fmt.rs (|e| fmt_expr(e)fmt_expr)
  • collapsible_match twice in json_fmt.rs ('}' if stack.last() == Some(&'{') → guarded match arm)

The rust-quality CI gate is now green on the latest clippy.

Files touched

CMakeLists.txt           version 0.1.80 → 0.1.81

src/updater.cpp          installReleaseInteractive() Linux branch is now
                         file-suffix aware (closes #12)

.github/workflows/       actions/checkout v4→v6, download-artifact v4→v8,
                         codeql-action v3→v4

rust-core/Cargo.toml     md-5 0.10→0.11, sha1 0.10→0.11, sha2 0.10→0.11,
                         sqlformat 0.3→0.5, libc 0.2.183→0.2.184

rust-core/src/hash.rs    compute_hash() uses hex_encode() helper on the
                         new Array digest output type

rust-core/src/sql_fmt.rs FormatOptions uses ..Default for future-proofing,
                         plus clippy fixes

rust-core/src/file_io.rs clippy explicit_auto_deref fix

rust-core/src/json_fmt.rs clippy collapsible_match fixes

rust-core/src/{bracket_fix,lib,json_fmt,sql_fmt}.rs
                         cargo fmt sweep — pure whitespace

Verification

  • cargo build --release clean, no warnings
  • cargo test --release — 130/130 rust-core tests pass
  • ctest -j4 — 31/31 C++ regression suites pass
  • cargo clippy --all-targets --all-features -- -D warnings — clean
  • scripts/stale-text-check.sh — 21/21 surfaces match (versions, counts,
    feature parity across App About / README / docs / GitHub description)

Out of scope

  • upload-artifact v4 → v7. PR #2 is still queued for dependabot
    rebase. Rolls in with v0.1.82.
  • Linux Full flavor binary size delta. Both notepatra-linux-x64.tar.gz
    and notepatra-linux-x64-full.tar.gz are ~3.6 MB on Linux because Qt
    is dynamically linked from the system in both cases — the WebEngine
    linkage adds only a few KB. The ~95 MB Full-flavor delta only applies
    on macOS and Windows where Qt + QtWebEngine are bundled. Docs were
    clarified in the v0.1.80 docs-audit pass.
  • v0.1.80 → v0.1.81 upgrade dialog wording. The fixed text in this
    release will appear on v0.1.81 → v0.1.82 upgrades; v0.1.80 users
    see the old AppImage wording one more time when upgrading to v0.1.81.