build(deps): bump the rust group across 1 directory with 4 updates

[dependabot]

Bumps the rust group with 3 updates in the /src-tauri directory: tauri, reqwest and zip.

Updates tauri from 2.11.2 to 2.11.3

Release notes

Sourced from tauri's releases.

tauri-cli v2.11.3

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1133 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Crate:     atk-sys

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0416

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0416
Crate:     fxhash

Version:   0.2.1

Warning:   unmaintained

Title:     fxhash - no longer maintained

Date:      2025-09-05

ID:        RUSTSEC-2025-0057

URL:       https://rustsec.org/advisories/RUSTSEC-2025-0057
Crate:     gdk

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0412

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0412
Crate:     gdk-sys

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0418

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0418
Crate:     gdkwayland-sys

</tr></table>

... (truncated)

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Updates reqwest from 0.12.28 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

v0.13.2

• Fix HTTP/2 and native-tls ALPN feature combinations.
• Fix HTTP/3 to send h3 ALPN.
• (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates zip from 2.4.2 to 8.6.0

Release notes

Sourced from zip's releases.

v8.6.0

🚀 Features

• add compression not supported as enum error (#774)

🐛 Bug Fixes

• allow for [u8] as filename (#775)

🚜 Refactor

• mark ZipFlags as non-exhaustive and add test for HasZipMetadata (#777)
• use and simplify is_dir (#776)

v8.5.1

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

v8.5.0

🐛 Bug Fixes

• remove zip64 comment and add zip64 extensible data sector (#747)

🚜 Refactor

• remove useless magic in struct (#730)
• change extra_field from Arc<Vec> to Arc<[u8]> (#741)

⚙️ Miscellaneous Tasks

• cleanup README (#758)

v8.4.0

🚀 Features

• add a check for building benches (#748)

🚜 Refactor

• split part of read.rs for code readability (#744)
• remove unused allow (#745)

⚡ Performance

• skip BufReader for Stored files in make_reader (#739)

⚙️ Miscellaneous Tasks

... (truncated)

Changelog

Sourced from zip's changelog.

8.6.0 - 2026-04-25

🚀 Features

• add compression not supported as enum error (#774)

🐛 Bug Fixes

• allow for [u8] as filename (#775)

🚜 Refactor

• mark ZipFlags as non-exhaustive and add test for HasZipMetadata (#777)
• use and simplify is_dir (#776)

8.5.1 - 2026-04-06

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

8.5.0 - 2026-04-01

🐛 Bug Fixes

• remove zip64 comment and add zip64 extensible data sector (#747)

🚜 Refactor

• remove useless magic in struct (#730)
• change extra_field from Arc<Vec> to Arc<[u8]> (#741)

⚙️ Miscellaneous Tasks

• cleanup README (#758)

8.4.0 - 2026-03-23

🚀 Features

• add a check for building benches (#748)

🚜 Refactor

• split part of read.rs for code readability (#744)
• remove unused allow (#745)

⚡ Performance

... (truncated)

Commits

• 771dfc5 chore: release v8.6.0 (#781)
• 8e480cc chore(deps): update sha1 requirement from 0.10 to 0.11 (#767)
• 2513bbe chore(deps): update aes requirement from 0.8 to 0.9 (#787)
• 957e240 ci(deps): bump actions/cache from 5.0.4 to 5.0.5 (#786)
• 0329d9d fix: allow for [u8] as filename (#775)
• ddcf854 ci(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#788)
• 42323a8 ci(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#785)
• 901014a ci(deps): bump crate-ci/typos from 1.45.0 to 1.45.1 (#784)
• 07702d4 feat: add compression not supported as enum error (#774)
• 2d0c46b ci(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#783)
• Additional commits viewable in compare view

Updates tauri-build from 2.6.2 to 2.6.3

Release notes

Sourced from tauri-build's releases.

tauri-build v2.6.3

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1133 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Crate:     atk-sys

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0416

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0416
Crate:     fxhash

Version:   0.2.1

Warning:   unmaintained

Title:     fxhash - no longer maintained

Date:      2025-09-05

ID:        RUSTSEC-2025-0057

URL:       https://rustsec.org/advisories/RUSTSEC-2025-0057
Crate:     gdk

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0412

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0412
Crate:     gdk-sys

Version:   0.18.2

Warning:   unmaintained

Title:     gtk-rs GTK3 bindings - no longer maintained

Date:      2024-03-04

ID:        RUSTSEC-2024-0418

URL:       https://rustsec.org/advisories/RUSTSEC-2024-0418
Crate:     gdkwayland-sys

</tr></table>

... (truncated)

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions