chore(deps): bump the cargo-minor-patch group in /src-tauri with 3 updates#922
Merged
Salem874 merged 1 commit intoJun 9, 2026
Conversation
Bumps the cargo-minor-patch group in /src-tauri with 3 updates: [configparser](https://github.com/QEDK/configparser-rs), [chrono](https://github.com/chronotope/chrono) and [log](https://github.com/rust-lang/log). Updates `configparser` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/QEDK/configparser-rs/releases) - [Commits](QEDK/configparser-rs@v3.1.0...v3.2.0) Updates `chrono` from 0.4.44 to 0.4.45 - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](chronotope/chrono@v0.4.44...v0.4.45) Updates `log` from 0.4.30 to 0.4.32 - [Release notes](https://github.com/rust-lang/log/releases) - [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md) - [Commits](rust-lang/log@0.4.30...0.4.32) --- updated-dependencies: - dependency-name: configparser dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: cargo-minor-patch - dependency-name: chrono dependency-version: 0.4.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-minor-patch - dependency-name: log dependency-version: 0.4.32 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
PR Security Checks✅ No heuristic or consistency findings on this PR. |
Salem874
deleted the
dependabot/cargo/src-tauri/main/cargo-minor-patch-9d666e39a4
branch
Salem874
added a commit
that referenced
this pull request
Jun 10, 2026
…) (#919) ## What's in this PR PR #919 grew from a focused CI-stability patch into the full M9 Spotify integration backend + UI. All work landed on this single branch per the consolidated-PR direction; the original CI consolidation is the foundation everything else builds on. ### CI / infrastructure (original PR scope) | Commit | Subject | |---|---| | `849ae6d3` | `release.yml` same-channel `PREV_TAG` + alpha/beta/RC `git push` rebase-on-conflict retry (5 attempts, 0–4 s jitter) — fixes the `body is too long` failure that hit alpha.17/19/20 and the alpha.16↔17 lost-cut race | | `d1fe7216`, `87502f96` | Original `upstream-gamdl-watch.yml` SHA rotation + daily cadence (superseded by M9-1's generalised `upstream-engine-watch.yml`) | | `2760812a` | Merge of original PR #918 (closed as superseded) | | `3f70a0c3` | Dep bumps mirroring dependabot PRs #921 + #922 against alpha: `i18next` 26.3.0→26.3.1, `configparser` 3.1.0→3.2.0, `chrono` 0.4.44→0.4.45, `log` 0.4.30→0.4.32 | | `8681743f` | Merge of alpha (carries M9-1 #920) — resolved by accepting the generalised engine watcher | ### M9 Spotify integration — backend | Commit | Layer | |---|---| | `ac730ab3` | **M9-2** — Full `votify_service` + `VotifyOptions` 35-field CLI table + real `VotifyFeature` gates (`DesktopAacAndMp4Flac` 1.9.5+, `UpcTag` 1.9.7+) | | `16f4f9d1` | **M9-3** — Cross-platform best-cover-art picker (Apple Music + Spotify oEmbed; highest-resolution wins; Apple Music tie-break on equal pixel area) | | `2b72f418` | **M9-4** — Anti-ban backend: `AntiBanSettings` model, `compute_playback_throttle_delay` / `compute_inter_track_delay` (pure functions), `DailyCapCounter` with local-midnight rollover, 4 IPC commands, `DispatchGateOutcome` enum | | `6065fc20` | **M9-5** — `start_download` accepts `open.spotify.com`, runs the dispatch gate at IPC entry, `SpotifySettings` session-type fields, `increment_counter` helper | | `5096fe1e` | **M9-6** — Session-artifact dispatch gate (`MissingSpotifyDll` + `MissingWvd` outcomes), `check_session_artifacts` validator, `.wvd` kept first-class for non-Windows FLAC | | `b3358d82` | **M9-7** — Queue dispatch fork to votify with cancellation polling + queue-aware progress events + partial-success detection + crash-restore gate re-eval. Defensive guards on 3 Apple-Music-only post-dispatch helpers. Best-effort manifest write | ### M9 Spotify integration — frontend | Commit | Layer | |---|---| | `54938230` | **M9-UI** — Spotify Settings tab + first-run consent modal + `RiskPill` 3-tier visual cue. Hybrid design from a 2-agent design tournament + adversarial judge | ## Verification * `cargo check --lib` — clean * `cargo clippy --lib -- -D warnings` — clean * `cargo test --lib` — **1411 passed**, 1 ignored, 0 failed (+~80 new tests across the M9 layers) * `tsc --noEmit` — clean * `npm run lint` — clean * Vitest — **550 / 550 passed** ## Multi-agent quality posture The two largest pieces (M9-7 queue refactor + M9-UI design) shipped via parallel discovery → synthesis → adversarial-critique workflows. The M9-7 critique surfaced three ship-blockers (broken cancel button, frozen queue row, silent partial-success) — all addressed in the final implementation. The M9-UI verdict picked a hybrid design (utilitarian base + targeted safety borrowings) over either pure design. ## Anti-ban posture preserved * Default `playback_speed_throttle_enabled = true` — the flagship mitigation can't be silently regressed. * `daily_download_cap = 100` default; `0` is the explicit "unlimited" sentinel and requires consent + dev access to set. * Dev-access gate + first-run consent modal both required before any Spotify URL can dispatch. * IPC-layer gate + per-item dispatch-time gate re-eval closes the crash-restore loophole. * Settings tab destructive-edit confirmations (throttle off, cap = 0) name the specific risk before applying. ## Deferred to follow-ups | Item | Reason | |---|---| | Per-track throttle integration (`compute_playback_throttle_delay` between tracks) | Needs per-track stdout parsing of votify output — M9-8 | | Per-track counter increment | Same — currently per-batch enforcement allows cap overshoot | | Spotify-aware metadata pre-fetch (queue-row artist/album from track 1) | M9-9 — needs a Spotify metadata API client | | Best-cover-art queue integration | M9-9 alongside Spotify metadata pre-fetch | | Multi-ingest gate wiring (HistoryPage, LibraryScanPage, drag/drop, clipboard) | DownloadForm convergence covers the common case; rest is a polish PR | | `help/spotify-account-risk.md` doc | Separate help-doc PR | | i18n for Spotify copy | Alongside the broader M9 localisation pass | ## Outstanding before merge * Per-PR security review (pre-PR security checklist from the standing memory) — flag any non-trivial findings. * Maintainer review of the consent-modal copy and the Settings UI tab.
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the cargo-minor-patch group in /src-tauri with 3 updates: configparser, chrono and log.
Updates
configparserfrom 3.1.0 to 3.2.0Release notes
Sourced from configparser's releases.
Commits
501c1a8fix: unbump version, was already bumped69347b9chore: update some links6e42147feat: bump version and remove changelogd541e35Cargo fmt8365de1Fix a comment line for set_cascade_defaults()9d5c558Add tests after setting cascade_defaults to false4f8969fCompleted the implementation of cascading defaults624bed3fix: replace install with actionf3ed2e8fix: fix doctest for load_from_stream()948a606chore: update .gitignoreUpdates
chronofrom 0.4.44 to 0.4.45Release notes
Sourced from chrono's releases.
Commits
1703382Prepare 0.4.45 release881f9abtz_data: fix tzdata locations on Androidf14ead4fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflowc6063e6Update similar-asserts requirement from 1.6.1 to 2.0.0120686cBump codecov/codecov-action from 5 to 6Updates
logfrom 0.4.30 to 0.4.32Release notes
Sourced from log's releases.
Changelog
Sourced from log's changelog.
Commits
a5b5b21Merge pull request #730 from rust-lang/cargo/0.4.32c8d3b12prepare for 0.4.32 releasece6cd9fMerge pull request #729 from tisonkun/kv-std-support20b3b05drop cfg-feature=kv as it is already met7bc1200kv::std_support may not need value-bag5808392Merge pull request #728 from rust-lang/cargo/0.4.3186d739fprepare for 0.4.31 releasec906cfbMerge pull request #727 from tisonkun/leverage-static-str-key-when-possible756c279leverage str literal as well3dd250drename Key::from_static_str to from_str_staticDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions