f883781c1f
From the deep-audit wave (reviewer-verified: capability identifiers valid, no removed-crate references, GDI free ordering correct): - Removed 8 never-registered plugins (clipboard-manager, fs, shell, http, process, os, dialog, global-shortcut) from Cargo.toml AND their capability grants (shell:allow-execute, unscoped fs writes, http:default, …) — verified the web never invokes any of them. A latent RCE-class surface is gone. - on_new_window: only http/https/mailto reach the OS opener (file:///custom schemes previously bypassed the opener capability scope entirely). - set_badge_count: freed hdc + hdc_screen on all three GDI error paths (leaked per badge update in a long-running tray app). - 8s reveal failsafe gated by an AtomicBool: no longer re-shows a window the user closed to tray; page-load reveal now fires once only (logout reloads don't re-surface a tray-hidden window); recovery for a missed page-load event preserved. - toast.rs: store pruned on Activated too + capped at 20 (was unbounded). - Startup no longer panics when the bundled icon is missing (tray skipped gracefully); msSmartScreenProtection no longer disabled (throttling disables kept); rust-version corrected to 1.77.2. - release.yml update-manifest: fails on empty signatures (was: could publish a manifest that traps Windows users in a failed-update loop); partial- failure window documented. Deleted the stale upstream tauri.yml workflow. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
66 lines
2.3 KiB
TOML
66 lines
2.3 KiB
TOML
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
|
|
|
[package]
|
|
name = "cinny"
|
|
version = "4.12.2" # CI patches src-tauri/tauri.conf.json at build time; that file is the source of truth for the shipped version.
|
|
description = "Yet another matrix client"
|
|
authors = ["Ajay Bura"]
|
|
license = "AGPL-3.0-only"
|
|
repository = "https://github.com/cinnyapp/cinny-desktop"
|
|
default-run = "cinny"
|
|
edition = "2021"
|
|
rust-version = "1.77.2"
|
|
|
|
[build-dependencies]
|
|
tauri-build = { version = "2", features = [] }
|
|
|
|
[dependencies]
|
|
serde_json = "1.0.109"
|
|
serde = { version = "1.0.193", features = ["derive"] }
|
|
tauri = { version = "2", features = ["devtools", "wry", "tray-icon", "image-png"] }
|
|
tauri-plugin-localhost = "2"
|
|
tauri-plugin-window-state = "2"
|
|
tauri-plugin-notification = "2"
|
|
tauri-plugin-opener = "2"
|
|
tauri-plugin-deep-link = "2"
|
|
|
|
[features]
|
|
# by default Tauri runs in production mode
|
|
# when `tauri dev` runs it is executed with `cargo run --no-default-features` if `devPath` is an URL
|
|
default = [ "custom-protocol" ]
|
|
# this feature is used used for production builds where `devPath` points to the filesystem
|
|
# DO NOT remove this
|
|
custom-protocol = [ "tauri/custom-protocol" ]
|
|
|
|
[target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies]
|
|
tauri-plugin-updater = "2"
|
|
tauri-plugin-single-instance = "2"
|
|
|
|
[target.'cfg(target_os = "windows")'.dependencies]
|
|
webview2-com = "0.38"
|
|
window-vibrancy = "0.6"
|
|
windows = { version = "0.61", features = [
|
|
# WinRT namespaces
|
|
"Data_Xml_Dom", # P5-41 toast XML
|
|
"Foundation",
|
|
"Foundation_Collections", # P5-41 toast UserInput IMap
|
|
"Media",
|
|
"UI_Notifications", # P5-41 WinRT toast notifications
|
|
# Win32 namespaces
|
|
"Win32_Foundation",
|
|
"Win32_Storage_EnhancedStorage", # P5-36 jump list (PKEY_Title)
|
|
"Win32_Graphics_Gdi",
|
|
"Win32_Networking_NetworkListManager", # P5-49 network awareness
|
|
"Win32_System_Com",
|
|
"Win32_System_Com_StructuredStorage", # P5-36 jump list (PROPVARIANT)
|
|
"Win32_System_Power", # P5-46 no-sleep
|
|
"Win32_System_WinRT", # P5-43 SMTC interop
|
|
"Win32_UI_Shell",
|
|
"Win32_UI_Shell_PropertiesSystem", # P5-36 jump list (IPropertyStore/PKEY_Title)
|
|
"Win32_UI_WindowsAndMessaging",
|
|
] }
|
|
|
|
[lib]
|
|
name = "app_lib"
|
|
crate-type = ["staticlib", "cdylib", "rlib"]
|