chore(deps): bump Tauri ecosystem to 2.11

[axpnet]

Summary

Bumps the Tauri ecosystem to 2.11 across both the Rust and the JS sides, unblocking the `@tauri-apps/api` 2.11.0 bump that was previously stuck behind the `tauri` crate version lock.

Three earlier Dependabot PRs from the May 4 batch (#156 `@tauri-apps/api`, #153 `@tauri-apps/plugin-fs`, #158 `@tauri-apps/plugin-dialog`) were closed with the same root cause: the npm bump tried to land while the Rust crate was still on 2.10.x, and `tauri info` rejects the install with `EVERSIONMISMATCH`. With 2.11.0 now upstream, this PR aligns both sides at once so future Tauri bumps can flow normally.

Source-level changes

• `package.json`: `@tauri-apps/api ^2.9.1 -> ^2.11.0`
• `src-tauri/Cargo.toml`: `tauri-plugin-single-instance 2.4.1 -> 2.4.2` (was the only plugin pinned without caret)

Lockfile changes (cargo update on the tauri family)

• tauri `2.10.3 -> 2.11.0`
• tauri-build `2.5.6 -> 2.6.0`
• tauri-runtime / tauri-runtime-wry `2.10.1 -> 2.11.0`
• tauri-utils `2.8.3 -> 2.9.0`
• tauri-codegen / tauri-macros `2.5.5 -> 2.6.0`
• tao `0.34.8 -> 0.35.2`
• wry `0.54.4 -> 0.55.1`
• tray-icon `0.21.3 -> 0.23.1`
• muda `0.17.2 -> 0.19.1`

Plus the usual transitive churn (objc2 family, dtor, ctor v0.2 -> v0.8, etc.).

Validation

• `cargo clippy --all-targets -D warnings` clean (Linux runner, full workspace)
• `npm run build` clean

Test plan

• CI green on Linux, Windows, macOS
• Manual smoke after merge: app launches, system tray icon shows, single-instance forwarding still routes argv
• No regression on file dialogs, plugin-fs reads, plugin-dialog confirmations

Side notes

• `tauri-plugin-fs 2.5.1` and `tauri-plugin-dialog 2.7.1` are already on main from the May 5 Dependabot triage (PR build(deps): bump tauri-plugin-dialog from 2.7.0 to 2.7.1 in /src-tauri #157 merged, build(deps): bump @tauri-apps/plugin-fs from 2.5.0 to 2.5.1 #153 was closed and is now resolved by the upstream caret). They do not appear in this diff because the lockfile was already aligned.
• After merge, Dependabot will likely propose minor JS plugin bumps separately (`@tauri-apps/plugin-fs 2.5.0 -> 2.5.1`, `@tauri-apps/plugin-dialog 2.7.0 -> 2.7.1`). Those should now sail through CI.

Summary by CodeRabbit

• Chores
  • Updated Tauri API dependency to 2.11.0.
  • Updated single-instance plugin dependency to 2.4.2.

These dependency updates are routine maintenance and may result in minor runtime improvements or compatibility adjustments visible to end users.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 7a0e078a-6c82-420d-9c97-423b28a88e97

📥 Commits

Reviewing files that changed from the base of the PR and between bae31e3 and 26a8bbd.

⛔ Files ignored due to path filters (1)

• src-tauri/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• src-tauri/Cargo.toml

✅ Files skipped from review due to trivial changes (1)

• src-tauri/Cargo.toml

---

📝 Walkthrough

Walkthrough

The PR updates two dependencies: @tauri-apps/api from ^2.9.1 to ^2.11.0 in package.json, and tauri-plugin-single-instance from 2.4.1 to 2.4.2 in src-tauri/Cargo.toml.

Changes

Dependency Updates

Layer / File(s)	Summary
Dependency Manifest package.json, src-tauri/Cargo.toml	Bumped @tauri-apps/api from ^2.9.1 → ^2.11.0 and tauri-plugin-single-instance from 2.4.1 → 2.4.2.
Tests / Docs none changed	No tests, docs, or other files updated in this PR.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A rabbit hops through version lands so neat,
Two crates and an API now tap their feet,
From 2.9 to 2.11 the frontend hums,
Single-instance nudges 2.4.2 — it drums,
New numbers twinkle, the build stays sweet.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(deps): bump Tauri ecosystem to 2.11' accurately summarizes the main change: updating Tauri dependencies to version 2.11 across both the JavaScript (@tauri-apps/api) and Rust (tauri-plugin-single-instance) sides.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/tauri-2.11-bump

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​tauri@​2.10.3 ⏵ 2.11.0	+1
	npm/​@​tauri-apps/​api@​2.10.1 ⏵ 2.11.0	+1		+1
	cargo/​tauri-build@​2.5.6 ⏵ 2.6.0
	cargo/​tauri-plugin-single-instance@​2.4.1 ⏵ 2.4.2

View full report