chore: fix missing items after merges

[shanimal08]

Description

reinstate changes meant to be in release v0.9.838 that may have been overwritten in weird auto merges

NOTE: main affected files were ones where the hotfix release versions were bumped, i.e. package/-lock.json, tauri.conf.json, and Cargo.toml/lock, but there were a few small mismatches in other files from varying PRs too

How Has This Been Tested?

• went through each file change of the PRs listed in the release's "What's changed" section, and compared it with the files changed in its Full Changelog: https://github.com/tari-project/universe/compare/v0.9.837...v0.9.838 section
  • if not in the diff went to check if the changes are in the full repo code of the release's commit (possibly already merged in with a previous hotfix merge)
  • if not there either or missing a change - fixed/reinstated it
• then ran through locally

if one of your PRs is included in the release, PLEASE check the table below and make sure the reinstatement here isn't messed up/wrong if there was a change from the release 😬 cc @Misieq01 @leet4tari

item	changed or fine
fix: add correct tag name for adding new installer to release by @Misieq01 in #1702	overwritten by #1704 - NEEDS CHECKING reverted to match main
fix: change upload action for new installer by @Misieq01 in #1704	reinstated - NEEDS CHECKING - in relation to #1711 reverted to match main
feat: add space x event UI by @BalazsSevecsek in #1659	changes in diff, but some overwritten or missed - [now reinstated]
refactor: airdrop auth and WS by @shanimal08 in #1642	changes in diff, but some overwritten or missed - [now reinstated]
chore: lints and bump outdate deps by @shanimal08 in #1683	changes in diff, except for package.json change - [now reinstated]
fix(ui): tower stop delay by @shanimal08 in #1695	changes in diff, except for package.json change - [now reinstated]
feat: add tor health monitoring by @stringhandler in #1696	not all in release "changelog" but included in release src
fix(ui): remove wasm related csp config by @shanimal08 in #1709	reinstated
chore: bump outdated dependencies by @shanimal08 in #1712	reinstated
chore(ci): windows remove deprecated GH action and use gh cli by @leet4tari in #1711	not in release "changelog" but included in release src
chore: remove unused dependency x npm warning by @shanimal08 in #1715	reinstated
fix: airdrop refresh retry by @shanimal08 in #1714	fine
feat: increase mini pool threshold by @stringhandler in #1717	not in release "changelog" but included in release src
fix: specific CSP sources by @shanimal08 in #1721	reinstated
chore: release notes 0.9.827 by @metalaureate in #1738	fine
chore: add new clippy denies and fix clippy by @stringhandler in #1732	fine

Summary by CodeRabbit

Summary by CodeRabbit

• Chores
  • Updated core libraries and tools to the latest supported versions for enhanced stability.
  • Refined configuration settings to better manage dependencies during project processes.
  • Enhanced security configuration for improved clarity and maintainability.
  • Automated the upload of the Windows installer to GitHub releases.
• Refactor
  • Removed an obsolete module reference to simplify underlying file operations.
  • Renamed gradient properties for improved theme structure and accessibility.
  • Expanded the theme's capabilities by adding new properties for colors and gradients.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates several configuration and code files. In knip.ts, the ignored dependency list is reduced and its comment updated. The version is bumped from 0.9.837 to 0.9.838 in package.json, Cargo.toml, and tauri.conf.json along with dependency and CSP configuration changes. The tor_adapter.rs file removes an unused import, while the useSetUp.ts hook drops an unnecessary function call. Additionally, a new GitHub Actions step is added in release.yml to automate the Windows installer upload during releases.

Changes

File(s)	Change Summary
knip.ts	Removed 'prettier-eslint' from ignoreDependencies; updated comment to reflect dependency need by plugins.
package.json, src-tauri/Cargo.toml, src-tauri/tauri.conf.json	Bumped version from 0.9.837 to 0.9.838; updated various package versions and modified tauri config (CSP, updater artifacts, capabilities).
src-tauri/src/tor_adapter.rs	Removed unused import: use tokio::fs;.
.github/workflows/release.yml	Added conditional GitHub Actions step to upload the Windows installer during release.
src/hooks/app/useSetUp.ts	Removed the call to airdropSetup, simplifying the setup control flow.
src/theme/gradients.ts	Restructured miningButton gradients, promoting sub-properties to top-level.
src/styled.d.ts	Added properties colorsAlpha and gradients to DefaultTheme interface.
src/theme/types.ts	Introduced new type GraidentKey and updated Gradients type to use it.
src/theme/themes.ts	Added type annotation to darkTheme constant.
src/containers/main/SideBar/components/MiningButton/MiningButton.styles.ts	Updated gradient property names in StyledButton component.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as GitHub Runner
    participant Workflow as GitHub Workflow
    participant Asset as Upload Action
    Runner->>Workflow: Trigger release job (Windows & release branch)
    Workflow->>Asset: Execute "Add installer to release" step
    Asset-->>Workflow: Confirm installer uploaded

Loading

sequenceDiagram
    participant Setup as useSetUp Function
    participant Status as Setup Completion Handler
    participant Versions as Version Fetcher
    Setup->>Status: Check progress condition (>= 1)
    Note right of Setup: airdropSetup call removed
    Setup->>Status: Mark setup as complete
    Setup->>Versions: Invoke fetchApplicationsVersionsWithRetry

Loading

Poem

I'm a hopping rabbit in a code-filled glen,
Trimming dependencies now and then,
Configs and workflows set to glide,
Skipping old calls with a joyful stride,
Version bumps and changes light my way—
Hoppy updates chase the bugs away! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src-tauri/tauri.conf.json (1)

43-53: Refactored 'connect-src' as an Array
Converting the connect-src directive from a single string to an array format enhances clarity by explicitly listing each allowed source. Double-check that all necessary endpoints (like "wss://ut.tari.com", "tauri:", "ipc:", etc.) are correctly included and ordered as required.

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05d8840 and 70b855c.

📒 Files selected for processing (2)

• diff (1 hunks)
• src-tauri/tauri.conf.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• diff

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: tauri-build
• GitHub Check: cargo checks (fmt, clippy, check)
• GitHub Check: Check i18n

🔇 Additional comments (7)

src-tauri/tauri.conf.json (7)

34-34: Updated 'createUpdaterArtifacts' Type
Changing "createUpdaterArtifacts": "v1Compatible" to "createUpdaterArtifacts": true aligns the configuration with a boolean flag rather than a string. Please confirm that the Tauri updater API now expects a boolean value.

---

38-39: Streamlined Security Array Configurations
The consolidation of the capabilities and dangerousDisableAssetCspModification properties into single-line arrays improves readability and maintainability. Verify that no required capabilities were unintentionally dropped in the process.

---

41-41: Refined 'default-src' Directive in CSP
The simplified value for "default-src": "'self' tauri: https:" clarifies the allowed sources. Please ensure that this change still meets your application's security requirements.

---

56-56: Added 'worker-src' Directive
The inclusion of "worker-src": "'self' blob: https://cdn.npmjs.com/@tari-project/tari-tower" strengthens the security for web workers by explicitly defining allowed sources. Please verify that this URL and the use of blob: fit the intended security model.

---

57-57: Enhanced 'img-src' Directive
The updated "img-src" now includes explicit trusted origins (e.g., wildcards like https://*.twimg.com and a CDN reference). Confirm that these entries cover all legitimate image sources and that the inclusion of data:, blob:, and base64 protocols does not inadvertently broaden the allowed sources.

---

58-58: Refined 'object-src' Directive
Restricting "object-src" to "'self' data: blob:" helps mitigate risks associated with embedding untrusted objects. Ensure that this limitation does not disrupt any necessary functionality.

---

59-59: Introduced 'script-src-elem' Directive
The new "script-src-elem": "'self' 'unsafe-inline' 'unsafe-eval'" directive adds an extra layer of control over script elements loaded on the page. Validate that this approach aligns with your overall security policy and that both inline scripts and eval usage are accounted for as planned.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

329-339: New Installer Upload Step Added

The new "Add installer to release" step correctly leverages actions/upload-release-asset@v1 to upload the Windows installer when running on a Windows runner and on a release branch. The conditional expression checks that the OS starts with "Windows" and that the Git reference begins with "refs/heads/release", ensuring the step only runs in the intended context.

Key points:

• Conditional Expression: The check

  if: ${{ startsWith(runner.os,'Windows') && startsWith(github.ref, 'refs/heads/release') }}
  

  appears correct for targeting Windows release builds.
• Asset Parameters: The parameters for upload_url, asset_path, asset_name, and asset_content_type are defined appropriately. Verify that the ${{ env.TARI_UNIVERSE_BUNDLER_NAME }} variable is consistently set in the previous steps and that the file exists at ./tari-win-bundler/${{ env.TARI_UNIVERSE_BUNDLER_NAME }}.exe at this point in the workflow.
• Action Version: While using actions/upload-release-asset@v1 is acceptable, consider checking if an updated version might offer improvements or additional features.

Overall, the implementation is solid. A good-to-have enhancement could be adding a pre-upload file existence check or more detailed logging to help diagnose issues if the asset is absent.

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 70b855c and f001234.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• src-tauri/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .github/workflows/release.yml (1 hunks)
• package.json (4 hunks)
• src-tauri/Cargo.toml (1 hunks)
• src-tauri/tauri.conf.json (2 hunks)
• src/hooks/app/useSetUp.ts (0 hunks)

💤 Files with no reviewable changes (1)

• src/hooks/app/useSetUp.ts

✅ Files skipped from review due to trivial changes (1)

• src-tauri/Cargo.toml

🚧 Files skipped from review as they are similar to previous changes (2)

• src-tauri/tauri.conf.json
• package.json

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: tauri-build
• GitHub Check: cargo checks (fmt, clippy, check)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/theme/types.ts (1)

24-24: Fix typo in type name

There's a typo in the type name GraidentKey - it should be GradientKey.

-type GraidentKey = 'setupBg' | 'radialBg' | 'miningButtonStarted' | 'miningButtonHover' | ColourKey;
+type GradientKey = 'setupBg' | 'radialBg' | 'miningButtonStarted' | 'miningButtonHover' | ColourKey;

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f001234 and 84634c6.

⛔ Files ignored due to path filters (1)

• src-tauri/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• src/containers/main/SideBar/components/MiningButton/MiningButton.styles.ts (2 hunks)
• src/styled.d.ts (1 hunks)
• src/theme/gradients.ts (1 hunks)
• src/theme/themes.ts (1 hunks)
• src/theme/types.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/containers/main/SideBar/components/MiningButton/MiningButton.styles.ts

🧰 Additional context used

🧬 Code Definitions (2)

src/theme/themes.ts (1)

src/styled.d.ts (1)

• DefaultTheme (6-12)

src/styled.d.ts (1)

src/theme/types.ts (1)

• ThemePalette (29-35)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: tauri-build

🔇 Additional comments (5)

src/theme/themes.ts (1)

11-11: Type annotation added for consistency

Adding the DefaultTheme type annotation to darkTheme improves type safety and ensures consistency with lightTheme. This is a good practice that helps with IDE autocompletion and type checking.

src/styled.d.ts (1)

10-11: Added theme properties to match ThemePalette interface

The addition of colorsAlpha and gradients properties to the DefaultTheme interface ensures that the theme has access to these properties from the ThemePalette interface. This change complements the flattened gradient structure in gradients.ts.

src/theme/types.ts (1)

27-27: Updated Gradients type to use the new gradient key type

The Gradients type now uses the newly created key type, which includes specific gradient names. Don't forget to update this reference if you rename GraidentKey to GradientKey.

Make sure this change doesn't break any existing code that might be accessing gradient properties not included in the new GraidentKey type.

src/theme/gradients.ts (2)

6-7: Flattened gradient structure for dark theme

The previously nested miningButton.started and miningButton.hover properties have been flattened to miningButtonStarted and miningButtonHover. This change makes the API more direct and aligns with the new type definitions.

Ensure that all references to the old nested properties (theme.gradients.miningButton.started and theme.gradients.miningButton.hover) have been updated throughout the codebase to use the new flattened structure.

---

14-15: Flattened gradient structure for light theme

Similar to the dark theme, the light theme's gradient structure has been flattened for consistency. The gradient values remain unchanged.