Security fixes for allowed tauri features and packages update

[kurdin]

Edit Clip input focus fix
Removed unused packages

[changeset-bot]

🦋 Changeset detected

Latest commit: a6922be

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
pastebar-app-ui	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[Copilot]

Pull Request Overview

Updates Tauri permissions for improved security, removes obsolete dependencies in favor of local paths, and fixes input focus propagation in the UI.

• Refine tauri.conf.json allowlist from all to granular permissions
• Switch unused remote crates to local path dependencies in Cargo.toml
• Add onMouseDown stop-propagation handlers to textareas to prevent input blur

Reviewed Changes

Copilot reviewed 49 out of 68 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src-tauri/tauri.conf.json	Replace broad all allowlist with explicit feature flags
src-tauri/Cargo.toml	Remove remote plugin deps, point to local paths, trim crates
packages/.../ClipEdit.tsx	Add onMouseDown to stop click propagation
packages/.../BoardEdit.tsx	Add onMouseDown to stop click propagation
packages/.../textarea/index.tsx	Expose and forward onMouseDown/onClick props to textarea

Files not reviewed (2)

• src-tauri/libs/tauri-plugin-single-instance/examples/emit-event/pnpm-lock.yaml: Language not supported
• src-tauri/libs/tauri-plugin-single-instance/examples/vanilla/pnpm-lock.yaml: Language not supported

Comments suppressed due to low confidence (2)

src-tauri/Cargo.toml:106

• [nitpick] The umbrella "clipboard" feature overlaps with the granular clipboard-read-text and clipboard-write-text flags; remove the redundant umbrella feature to align with the tightened allowlist.

  "clipboard",

src-tauri/libs/tauri-plugin-single-instance/src/platform_impl/windows.rs:39

• [nitpick] The new mutex and IPC logic for single-instance behavior is critical and complex; consider adding unit or integration tests covering both first-instance and subsequent-instance flows to ensure reliable behavior across edge cases.

                unsafe { CreateMutexW(std::ptr::null(), true.into(), mutex_name.as_ptr()) };

[Copilot]

Using a wildcard "http://**" allows calls to any HTTP endpoint, which can be a security risk; tighten this scope to trusted origins to minimize attack surface.

Suggested change

	"https://**",
	"http://**"
	"https://**"