chore(deps): bump tar from 0.4.44 to 0.4.46 in /src-tauri in the cargo group across 1 directory by dependabot[bot] · Pull Request #11 · DEVtheOPS/kore

dependabot · 2026-05-29T21:28:47Z

Bumps the cargo group with 1 update in the /src-tauri directory: tar.

Updates tar from 0.4.44 to 0.4.46

Release notes

0.4.46

Security

archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

ci: Fix and re-enable reverse dependency testing by @cgwalters in composefs/tar-rs#444

Update astral-tokio-tar requirement from 0.5 to 0.6 by @dependabot[bot] in composefs/tar-rs#446

Update some links by @atouchet in composefs/tar-rs#445

Add support of absolute paths by @zxvfc in composefs/tar-rs#426

docs: Expand notes on concurrent mutations and following symlinks by @cgwalters in composefs/tar-rs#453

Update repo links by @cgwalters in composefs/tar-rs#451

ci: Add crates.io trusted publishing workflow by @cgwalters in composefs/tar-rs#456

Release 0.4.46 by @cgwalters in composefs/tar-rs#455

New Contributors

@dependabot[bot] made their first contribution in composefs/tar-rs#446

@atouchet made their first contribution in composefs/tar-rs#445

@zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

fc459c1 Release 0.4.46
43e05a8 ci: Add crates.io trusted publishing workflow
bba5666 Update repo links
cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
1b4997c builder: Expand docs for follow_symlinks and append_dir_all
bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
2349b49 Add support of absolute paths
39d0311 Update some links
59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
8296b9a ci: Fix and re-enable reverse dependency testing (#444)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the cargo group with 1 update in the /src-tauri directory: [tar](https://github.com/composefs/tar-rs). Updates `tar` from 0.4.44 to 0.4.46 - [Release notes](https://github.com/composefs/tar-rs/releases) - [Commits](composefs/tar-rs@0.4.44...0.4.46) --- updated-dependencies: - dependency-name: tar dependency-version: 0.4.46 dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-29T21:36:15Z

Rust Security Scan

cargo audit: FAIL (exit 1)
cargo deny (advisories): FAIL (exit 1)
cargo clippy security lints: FAIL (exit 101)

cargo audit (tail)

time 2.9.2
│   │           │   │   ├── tauri-runtime-wry 2.9.3
│   │           │   │   └── tauri 2.9.5
│   │           │   ├── tauri-plugin-fs 2.4.5
│   │           │   ├── tauri-plugin 2.5.2
│   │           │   │   ├── tauri-plugin-websocket 2.4.2
│   │           │   │   ├── tauri-plugin-updater 2.9.0
│   │           │   │   ├── tauri-plugin-opener 2.5.3
│   │           │   │   ├── tauri-plugin-notification 2.3.3
│   │           │   │   ├── tauri-plugin-fs 2.4.5
│   │           │   │   └── tauri-plugin-dialog 2.6.0
│   │           │   ├── tauri-macros 2.5.2
│   │           │   │   └── tauri 2.9.5
│   │           │   ├── tauri-codegen 2.5.2
│   │           │   │   └── tauri-macros 2.5.2
│   │           │   ├── tauri-build 2.5.3
│   │           │   │   ├── tauri 2.9.5
│   │           │   │   └── kore 0.1.1
│   │           │   └── tauri 2.9.5
│   │           └── kuchikiki 0.8.8-speedreader
│   │               ├── wry 0.53.5
│   │               └── tauri-utils 2.8.1
│   ├── phf_macros 0.11.3
│   │   └── phf 0.11.3
│   │       ├── tauri-utils 2.8.1
│   │       └── markup5ever 0.14.1
│   └── phf_codegen 0.11.3
│       └── markup5ever 0.14.1
└── phf_generator 0.10.0
    └── phf_macros 0.10.0
        └── phf 0.10.1
            └── cssparser 0.29.6
                ├── selectors 0.24.0
                │   └── kuchikiki 0.8.8-speedreader
                └── kuchikiki 0.8.8-speedreader

�[0m�[0m�[1m�[33mCrate:    �[0m rand
�[0m�[0m�[1m�[33mVersion:  �[0m 0.9.2
�[0m�[0m�[1m�[33mWarning:  �[0m unsound
�[0m�[0m�[1m�[33mTitle:    �[0m Rand is unsound with a custom logger using `rand::rng()`
�[0m�[0m�[1m�[33mDate:     �[0m 2026-04-09
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2026-0097
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2026-0097
�[0m�[0m�[1m�[33mDependency tree:
�[0mrand 0.9.2
├── tungstenite 0.28.0
│   └── tokio-tungstenite 0.28.0
│       └── tauri-plugin-websocket 2.4.2
│           └── kore 0.1.1
├── tauri-plugin-websocket 2.4.2
├── tauri-plugin-notification 2.3.3
│   └── kore 0.1.1
├── rav1e 0.8.1
│   └── ravif 0.12.0
│       └── image 0.25.9
│           └── kore 0.1.1
└── quinn-proto 0.11.13
    └── quinn 0.11.9
        └── reqwest 0.12.28
            ├── tauri-plugin-updater 2.9.0
            │   └── kore 0.1.1
            └── tauri 2.9.5
                ├── tauri-plugin-websocket 2.4.2
                ├── tauri-plugin-updater 2.9.0
                ├── tauri-plugin-opener 2.5.3
                │   └── kore 0.1.1
                ├── tauri-plugin-notification 2.3.3
                ├── tauri-plugin-fs 2.4.5
                │   ├── tauri-plugin-dialog 2.6.0
                │   │   └── kore 0.1.1
                │   └── kore 0.1.1
                ├── tauri-plugin-dialog 2.6.0
                └── kore 0.1.1

�[0m�[0m�[1m�[33mCrate:    �[0m core2
�[0m�[0m�[1m�[33mVersion:  �[0m 0.4.0
�[0m�[0m�[1m�[33mWarning:  �[0m yanked

�[0m�[0m�[1m�[31merror:�[0m 5 vulnerabilities found!
�[0m�[0m�[1m�[33mwarning:�[0m 21 allowed warnings found

cargo deny (tail)

the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    �[0m�[36m├�[0m Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    �[0m�[36m├�[0m rustls-webpki v0.103.9
      └── rustls v0.23.36
          ├── hyper-rustls v0.27.7
          │   ├── kube-client v3.0.1
          │   │   ├── kube v3.0.1
          │   │   │   └── kore v0.1.1
          │   │   └── kube-runtime v3.0.1
          │   │       └── kube v3.0.1 (*)
          │   └── reqwest v0.12.28
          │       ├── tauri v2.9.5
          │       │   ├── kore v0.1.1 (*)
          │       │   ├── tauri-plugin-dialog v2.6.0
          │       │   │   └── kore v0.1.1 (*)
          │       │   ├── tauri-plugin-fs v2.4.5
          │       │   │   ├── kore v0.1.1 (*)
          │       │   │   └── tauri-plugin-dialog v2.6.0 (*)
          │       │   ├── tauri-plugin-notification v2.3.3
          │       │   │   └── kore v0.1.1 (*)
          │       │   ├── tauri-plugin-opener v2.5.3
          │       │   │   └── kore v0.1.1 (*)
          │       │   ├── tauri-plugin-updater v2.9.0
          │       │   │   └── kore v0.1.1 (*)
          │       │   └── tauri-plugin-websocket v2.4.2
          │       │       └── kore v0.1.1 (*)
          │       └── tauri-plugin-updater v2.9.0 (*)
          ├── kube-client v3.0.1 (*)
          ├── reqwest v0.12.28 (*)
          ├── tauri-plugin-websocket v2.4.2 (*)
          ├── tokio-rustls v0.26.4
          │   ├── hyper-rustls v0.27.7 (*)
          │   ├── reqwest v0.12.28 (*)
          │   └── tokio-tungstenite v0.28.0
          │       └── tauri-plugin-websocket v2.4.2 (*)
          ├── tokio-tungstenite v0.28.0 (*)
          └── tungstenite v0.28.0
              └── tokio-tungstenite v0.28.0 (*)

�[0m�[1m�[38;5;11mwarning[yanked]�[0m�[1m: detected yanked crate (try `cargo update -p core2`)�[0m
   �[0m�[36m┌─�[0m /home/runner/work/kore/kore/src-tauri/Cargo.lock:73:1
   �[0m�[36m│�[0m
�[0m�[36m73�[0m �[0m�[36m│�[0m �[0m�[33mcore2 0.4.0 registry+https://github.com/rust-lang/crates.io-index�[0m
   �[0m�[36m│�[0m �[0m�[33m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━�[0m �[0m�[33myanked version�[0m
   �[0m�[36m│�[0m
   �[0m�[36m├�[0m core2 v0.4.0
     └── bitstream-io v4.9.0
         └── rav1e v0.8.1
             └── ravif v0.12.0
                 └── image v0.25.9
                     └── kore v0.1.1

�[0m�[1m�[38;5;11mwarning[advisory-not-detected]�[0m�[1m: advisory was not encountered�[0m
   �[0m�[36m┌─�[0m /home/runner/work/kore/kore/src-tauri/deny.toml:23:6
   �[0m�[36m│�[0m
�[0m�[36m23�[0m �[0m�[36m│�[0m     "�[0m�[33mRUSTSEC-2024-0429�[0m",
   �[0m�[36m│�[0m      �[0m�[33m━━━━━━━━━━━━━━━━━�[0m �[0m�[33mno crate matched advisory criteria�[0m

advisories �[31mFAILED�[0m

cargo clippy (tail)

le-streaming-iterator v0.1.9
�[1m�[92m    Checking�[0m minisign-verify v0.2.4
�[1m�[92m    Checking�[0m fallible-iterator v0.3.0
�[1m�[92m    Checking�[0m iana-time-zone v0.1.65
�[1m�[92m    Checking�[0m chrono v0.4.43
�[1m�[92m    Checking�[0m notify v8.2.0
�[1m�[92m    Checking�[0m image v0.25.9
�[1m�[92m    Checking�[0m kube v3.0.1
�[1m�[92m    Checking�[0m rusqlite v0.38.0
�[1m�[91merror�[0m�[1m: consider using `sort_by_key`�[0m
   �[1m�[94m--> �[0msrc/k8s/client.rs:261:5
    �[1m�[94m|�[0m
�[1m�[94m261�[0m �[1m�[94m|�[0m     namespaces.sort_by(|a, b| b.created_at.cmp(&a.created_at));
    �[1m�[94m|�[0m     �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mhelp�[0m: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.96.0/index.html#unnecessary_sort_by
    �[1m�[94m= �[0m�[1mnote�[0m: `-D clippy::unnecessary-sort-by` implied by `-D warnings`
    �[1m�[94m= �[0m�[1mhelp�[0m: to override `-D warnings` add `#[allow(clippy::unnecessary_sort_by)]`
�[1m�[96mhelp�[0m: try
    �[1m�[94m|�[0m
�[1m�[94m261�[0m �[91m- �[0m    namespaces.�[91msort_by(|a, b| b.created_at.cmp(&a.created_at))�[0m;
�[1m�[94m261�[0m �[92m+ �[0m    namespaces.�[92msort_by_key(|b| std::cmp::Reverse(b.created_at))�[0m;
    �[1m�[94m|�[0m

�[1m�[91merror�[0m�[1m: consider using `sort_by_key`�[0m
   �[1m�[94m--> �[0msrc/k8s/metrics.rs:418:5
    �[1m�[94m|�[0m
�[1m�[94m418�[0m �[1m�[94m|�[0m     summaries.sort_by(|a, b| b.created_at.cmp(&a.created_at));
    �[1m�[94m|�[0m     �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mhelp�[0m: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.96.0/index.html#unnecessary_sort_by
�[1m�[96mhelp�[0m: try
    �[1m�[94m|�[0m
�[1m�[94m418�[0m �[91m- �[0m    summaries.�[91msort_by(|a, b| b.created_at.cmp(&a.created_at))�[0m;
�[1m�[94m418�[0m �[92m+ �[0m    summaries.�[92msort_by_key(|b| std::cmp::Reverse(b.created_at))�[0m;
    �[1m�[94m|�[0m

�[1m�[91merror�[0m�[1m: consider using `sort_by_key`�[0m
   �[1m�[94m--> �[0msrc/k8s/metrics.rs:437:5
    �[1m�[94m|�[0m
�[1m�[94m437�[0m �[1m�[94m|�[0m     list.sort_by(|a, b| b.created_at.cmp(&a.created_at));
    �[1m�[94m|�[0m     �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mhelp�[0m: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.96.0/index.html#unnecessary_sort_by
�[1m�[96mhelp�[0m: try
    �[1m�[94m|�[0m
�[1m�[94m437�[0m �[91m- �[0m    list.�[91msort_by(|a, b| b.created_at.cmp(&a.created_at))�[0m;
�[1m�[94m437�[0m �[92m+ �[0m    list.�[92msort_by_key(|b| std::cmp::Reverse(b.created_at))�[0m;
    �[1m�[94m|�[0m

�[1m�[91merror�[0m: could not compile `kore` (lib) due to 3 previous errors
�[1m�[33mwarning�[0m: build failed, waiting for other jobs to finish...
�[1m�[91merror�[0m: could not compile `kore` (lib test) due to 3 previous errors

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 29, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump tar from 0.4.44 to 0.4.46 in /src-tauri in the cargo group across 1 directory#11

chore(deps): bump tar from 0.4.44 to 0.4.46 in /src-tauri in the cargo group across 1 directory#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/src-tauri/cargo-8529595794

dependabot Bot commented on behalf of github May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 29, 2026

0.4.46

Security

Other changes

New Contributors

Uh oh!

github-actions Bot commented May 29, 2026

Rust Security Scan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants