chore: bump version to 1.0.8 in Cargo.toml and tauri.conf.json #67

sarman · 2026-06-05T16:06:49Z

sarman commented

2026-06-05 16:06:49 +00:00

Update version in all project files to 1.0.8:

src-tauri/Cargo.toml: 0.3.0 → 1.0.8
src-tauri/tauri.conf.json: 0.3.0 → 1.0.8
package.json: already updated to 1.0.8
Update Cargo.lock

This ensures auto-tag workflow creates correct v1.0.8 release tag.

Update version in all project files to 1.0.8: - src-tauri/Cargo.toml: 0.3.0 → 1.0.8 - src-tauri/tauri.conf.json: 0.3.0 → 1.0.8 - package.json: already updated to 1.0.8 - Update Cargo.lock This ensures auto-tag workflow creates correct v1.0.8 release tag.

sarman added 1 commit 2026-06-05 16:06:50 +00:00

chore: bump version to 1.0.8 in Cargo.toml and tauri.conf.json

Test / rust-fmt-check (pull_request) Successful in 1m26s

Details

Test / frontend-tests (pull_request) Successful in 1m33s

Details

Test / frontend-typecheck (pull_request) Successful in 1m34s

Details

Test / rust-clippy (pull_request) Successful in 3m26s

Details

Test / rust-tests (pull_request) Successful in 5m17s

Details

PR Review Automation / review (pull_request) Successful in 4m38s

Details

2a0d1f42e6

Update version in all project files to 1.0.8:
- src-tauri/Cargo.toml: 0.3.0 → 1.0.8
- src-tauri/tauri.conf.json: 0.3.0 → 1.0.8
- package.json: already updated to 1.0.8
- Update Cargo.lock

This ensures auto-tag workflow creates correct v1.0.8 release tag.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

sarman reviewed 2026-06-05 16:12:02 +00:00

sarman left a comment

Automated PR Review (qwen3-coder-next via liteLLM):\n\nSummary
The PR bumps the application version to 1.0.8 in both Cargo.toml and tauri.conf.json, as expected. However, the version bump is automatically coupled with changes to schema files (acl-manifests.json, desktop-schema.json, macOS-schema.json) that introduce new permission entries for previously unexposed commands such as supports_multiple_windows, activity_name, scene_identifier, set_icon_with_as_template, start_accessing_security_scoped_resource, and stop_accessing_security_scoped_resource. These commands are not registered in the Tauri command list, which indicates the schema files were likely auto-generated from a newer or mismatched Tauri version — but not from the current codebase, making them inconsistent and potentially unsafe for deployment.

Findings

[BLOCKER] src-tauri/gen/schemas/acl-manifests.json:0 - The schema file introduces new permissions for commands (supports_multiple_windows, activity_name, scene_identifier, set_icon_with_as_template, start_accessing_security_scoped_resource, stop_accessing_security_scoped_resource) that are not registered in the generate_handler! list.
Evidence: acl-manifests.json contains entries like "allow-supports-multiple-windows" (in core:app), "allow-activity-name" (in core:window), etc., but no corresponding command handlers exist in the list of registered commands.
Fix: Regenerate the schema files using the current Tauri CLI version matching the project’s build setup (ideally @tauri-apps/cli@^2.x) to ensure only actual command permissions are present, and verify that no unintended permissions are exposed.
[BLOCKER] src-tauri/gen/schemas/desktop-schema.json:0 - Same issue as above but for desktop-specific schema; contains permission definitions for unimplemented commands.
Evidence: desktop-schema.json includes "allow-activity-name" and "allow-scene-identifier" under core:window identifiers (lines ~3587 and ~3591), but no such commands exist in commands::window or any public Rust function handler.
[BLOCKER] src-tauri/gen/schemas/macOS-schema.json:0 - Same issue as above for macOS schema; contains permission definitions for unimplemented commands.
Evidence: macOS-schema.json duplicates the same unregistered command permissions in identical locations (e.g., "allow-activity-name" at ~3587), confirming schema drift.
[BLOCKER] src-tauri/Cargo.toml:2 - Version bump to 1.0.8 without corresponding dependency version updates or changelog, but since schema changes expose unimplemented APIs, versioning could be misleading.
Evidence: Cargo.toml version field updated to "1.0.8" but schema files expose permissions for commands that do not exist.
Fix: Ensure all schema-generating CLI and build tools are in sync with current codebase. If this version bump is for unrelated bug fixes, consider lowering the version or waiting until schema integrity is restored.

Verdict: REQUEST CHANGES

Automated PR Review (qwen3-coder-next via liteLLM):\n\n**Summary** The PR bumps the application version to 1.0.8 in both `Cargo.toml` and `tauri.conf.json`, as expected. However, the version bump is automatically coupled with changes to schema files (`acl-manifests.json`, `desktop-schema.json`, `macOS-schema.json`) that introduce new permission entries for previously unexposed commands such as `supports_multiple_windows`, `activity_name`, `scene_identifier`, `set_icon_with_as_template`, `start_accessing_security_scoped_resource`, and `stop_accessing_security_scoped_resource`. These commands are not registered in the Tauri command list, which indicates the schema files were likely auto-generated from a newer or mismatched Tauri version — but not from the current codebase, making them inconsistent and potentially unsafe for deployment. **Findings** - [BLOCKER] src-tauri/gen/schemas/acl-manifests.json:0 - The schema file introduces new permissions for commands (`supports_multiple_windows`, `activity_name`, `scene_identifier`, `set_icon_with_as_template`, `start_accessing_security_scoped_resource`, `stop_accessing_security_scoped_resource`) that are not registered in the `generate_handler!` list. Evidence: acl-manifests.json contains entries like `"allow-supports-multiple-windows"` (in `core:app`), `"allow-activity-name"` (in `core:window`), etc., but no corresponding command handlers exist in the list of registered commands. Fix: Regenerate the schema files using the current Tauri CLI version matching the project’s build setup (ideally `@tauri-apps/cli@^2.x`) to ensure only actual command permissions are present, and verify that no unintended permissions are exposed. - [BLOCKER] src-tauri/gen/schemas/desktop-schema.json:0 - Same issue as above but for desktop-specific schema; contains permission definitions for unimplemented commands. Evidence: desktop-schema.json includes `"allow-activity-name"` and `"allow-scene-identifier"` under `core:window` identifiers (lines ~3587 and ~3591), but no such commands exist in `commands::window` or any public Rust function handler. - [BLOCKER] src-tauri/gen/schemas/macOS-schema.json:0 - Same issue as above for macOS schema; contains permission definitions for unimplemented commands. Evidence: macOS-schema.json duplicates the same unregistered command permissions in identical locations (e.g., `"allow-activity-name"` at ~3587), confirming schema drift. - [BLOCKER] src-tauri/Cargo.toml:2 - Version bump to 1.0.8 without corresponding dependency version updates or changelog, but since schema changes expose unimplemented APIs, versioning could be misleading. Evidence: `Cargo.toml` version field updated to `"1.0.8"` but schema files expose permissions for commands that do not exist. Fix: Ensure all schema-generating CLI and build tools are in sync with current codebase. If this version bump is for unrelated bug fixes, consider lowering the version or waiting until schema integrity is restored. **Verdict**: REQUEST CHANGES

sarman reviewed 2026-06-05 16:12:59 +00:00

sarman left a comment

Automated PR Review (qwen3-coder-next via liteLLM):\n\nSummary

This version bump PR (1.0.7 → 1.0.8) modifies Cargo.toml and tauri.conf.json as intended, but also regenerate schema files (acl-manifests.json, desktop-schema.json, macOS-schema.json) with non-trivial changes. The changes to the schema files introduce new permissions (fs:allow-start-accessing-security-scoped-resource, fs:allow-stop-accessing-security-scoped-resource, core:app:allow-supports-multiple-windows, core:tray:allow-set-icon-with-as-template, core:window:allow-activity-name, core:window:allow-scene-identifier, and their deny counterparts), as well as deprecation notices for ask and confirm dialog commands. While these changes appear to reflect updates in the Tauri 2 framework and are likely safe, they introduce new permissions without corresponding review in the current PR.

Findings

[WARNING] src-tauri/gen/schemas/acl-manifests.json:0 - Schema files contain many new permissions not previously in use; these must be reviewed for over-permissiveness or unexpected side effects.
Evidence: Added "fs:allow-start-accessing-security-scoped-resource" and "fs:allow-stop-accessing-security-scoped-resource" in multiple files.
Fix: Confirm these permissions are required and intentionally granted.
[WARNING] src-tauri/gen/schemas/desktop-schema.json:1126-1138 (and similar in macOS-schema.json) - New FS permissions for macOS security-scoped resources are introduced; not used in codebase index, may expose unnecessary file system access.
Evidence: "const": "fs:allow-start-accessing-security-scoped-resource" and "fs:allow-stop-accessing-security-scoped-resource" added.
Fix: Ensure these are required by the new version (e.g., sandboxedmacOS compatibility) and document their usage.
[WARNING] src-tauri/gen/schemas/desktop-schema.json:2317 (and macOS-schema.json) - Core app permission set now includes allow-supports-multiple-windows, while no corresponding Tauri command or API usage is registered.
Evidence: "const": "core:app:allow-supports-multiple-windows" added to Identifier oneOf list.
Fix: Verify that supports_multiple_windows is intended to be exposed in this release and document its purpose.
[WARNING] src-tauri/gen/schemas/desktop-schema.json:3027 (and macOS-schema.json) - Window plugin now includes activity_name and scene_identifier commands in default and individual permissions; not present in registered commands list.
Evidence: "const": "core:window:allow-activity-name" and "const": "core:window:allow-scene-identifier" are now permitted.
Fix: Confirm if these commands are implemented or if they are no-ops; otherwise, remove until needed.
[WARNING] src-tauri/gen/schemas/desktop-schema.json:3085 (and macOS-schema.json) - Dialog plugin deprecation notices added for allow-ask and allow-confirm, but no migration path is enforced or documented.
Evidence: "description": "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to allow-message and will be removed in v3)".
Fix: Add migration guidance to changelog or update usage of dialog commands accordingly.

Verdict: REQUEST CHANGES

Automated PR Review (qwen3-coder-next via liteLLM):\n\n**Summary** This version bump PR (1.0.7 → 1.0.8) modifies `Cargo.toml` and `tauri.conf.json` as intended, but also regenerate schema files (`acl-manifests.json`, `desktop-schema.json`, `macOS-schema.json`) with non-trivial changes. The changes to the schema files introduce new permissions (`fs:allow-start-accessing-security-scoped-resource`, `fs:allow-stop-accessing-security-scoped-resource`, `core:app:allow-supports-multiple-windows`, `core:tray:allow-set-icon-with-as-template`, `core:window:allow-activity-name`, `core:window:allow-scene-identifier`, and their deny counterparts), as well as deprecation notices for `ask` and `confirm` dialog commands. While these changes appear to reflect updates in the Tauri 2 framework and are likely safe, they introduce new permissions without corresponding review in the current PR. **Findings** - [WARNING] src-tauri/gen/schemas/acl-manifests.json:0 - Schema files contain many new permissions not previously in use; these must be reviewed for over-permissiveness or unexpected side effects. Evidence: Added `"fs:allow-start-accessing-security-scoped-resource"` and `"fs:allow-stop-accessing-security-scoped-resource"` in multiple files. Fix: Confirm these permissions are required and intentionally granted. - [WARNING] src-tauri/gen/schemas/desktop-schema.json:1126-1138 (and similar in macOS-schema.json) - New FS permissions for macOS security-scoped resources are introduced; not used in codebase index, may expose unnecessary file system access. Evidence: `"const": "fs:allow-start-accessing-security-scoped-resource"` and `"fs:allow-stop-accessing-security-scoped-resource"` added. Fix: Ensure these are required by the new version (e.g., sandboxedmacOS compatibility) and document their usage. - [WARNING] src-tauri/gen/schemas/desktop-schema.json:2317 (and macOS-schema.json) - Core app permission set now includes `allow-supports-multiple-windows`, while no corresponding Tauri command or API usage is registered. Evidence: `"const": "core:app:allow-supports-multiple-windows"` added to `Identifier` oneOf list. Fix: Verify that `supports_multiple_windows` is intended to be exposed in this release and document its purpose. - [WARNING] src-tauri/gen/schemas/desktop-schema.json:3027 (and macOS-schema.json) - Window plugin now includes `activity_name` and `scene_identifier` commands in default and individual permissions; not present in registered commands list. Evidence: `"const": "core:window:allow-activity-name"` and `"const": "core:window:allow-scene-identifier"` are now permitted. Fix: Confirm if these commands are implemented or if they are no-ops; otherwise, remove until needed. - [WARNING] src-tauri/gen/schemas/desktop-schema.json:3085 (and macOS-schema.json) - Dialog plugin deprecation notices added for `allow-ask` and `allow-confirm`, but no migration path is enforced or documented. Evidence: `"description": "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"`. Fix: Add migration guidance to changelog or update usage of dialog commands accordingly. **Verdict**: REQUEST CHANGES

sarman merged commit 17de277e77 into master

2026-06-05 16:18:08 +00:00

sarman deleted branch fix/version-1.0.8

2026-06-05 16:18:08 +00:00

sarman referenced this issue from a commit

2026-06-05 16:18:08 +00:00

Merge pull request 'chore: bump version to 1.0.8 in Cargo.toml and tauri.conf.json' (#67) from fix/version-1.0.8 into master

Sign in to join this conversation.

No reviewers