chore(deps): bump bytes from 1.10.1 to 1.11.1 in the cargo group across 1 directory

[dependabot]

Bumps the cargo group with 1 update in the / directory: bytes.

Updates bytes from 1.10.1 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Commits

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

🔧 This PR updates the glib dependency from version 0.21.1 to 0.21.5 across multiple Rust crates and applications in the project. The update is part of a dependency maintenance effort that also includes an indirect update to the bytes crate from 1.10.1 to 1.11.1, bringing bug fixes and performance improvements to the project's audio processing and UI components.

🔍 Detailed Analysis

Key Changes

• Dependency Updates: Updated glib from 0.21.1 to 0.21.5 across 7 different Cargo.toml files
• Scope Coverage: Changes affect the main Tauri application and multiple plugin crates (audio transcription, VAD, MCP, rdev, window management)
• Indirect Updates: The bytes crate was updated from 1.10.1 to 1.11.1 as a transitive dependency

Technical Implementation

flowchart TD
    A[Dependabot Scan] --> B[Identify glib 0.21.1 → 0.21.5]
    B --> C[Update Main App]
    B --> D[Update Audio Plugins]
    B --> E[Update Window Plugins]
    B --> F[Update MCP Plugin]
    C --> G[stage-tamagotchi/Cargo.toml]
    D --> H[ipc-audio-transcription-ort]
    D --> I[ipc-audio-vad-ort]
    E --> J[window-pass-through-on-hover]
    E --> K[window-router-link]
    F --> L[tauri-plugin-mcp]
    D --> M[tauri-plugin-rdev]

Loading

Impact

• Security & Stability: The bytes 1.11.1 update includes a critical fix for integer overflow in BytesMut::reserve
• Performance Improvements: Enhanced BytesMut operations with better memory reuse and capacity reservation
• Maintenance: Keeps the project up-to-date with latest stable versions of core dependencies
• Compatibility: All updates are minor/patch versions, ensuring backward compatibility

Created with Palmier

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (9 files)

• Cargo.lock - Dependency version updates
• apps/stage-tamagotchi/src-tauri/Cargo.toml - glib version update
• crates/tauri-plugin-ipc-audio-transcription-ort/Cargo.toml - glib version update
• crates/tauri-plugin-ipc-audio-vad-ort/Cargo.toml - glib version update
• crates/tauri-plugin-mcp/Cargo.toml - glib version update
• crates/tauri-plugin-rdev/Cargo.toml - glib version update
• crates/tauri-plugin-window-pass-through-on-hover/Cargo.toml - glib version update
• crates/tauri-plugin-window-router-link/Cargo.toml - glib version update

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​unocss/​eslint-config@​66.5.0
	@​unocss/​eslint-plugin@​66.5.0
	@​unocss/​core@​66.5.0

View full report