Publish New Versions (v2) (#3268 )

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
chore(deps): fix audits (#3373 )
2026-05-03 12:15:11 +02:00 · 2026-04-04 18:47:18 +02:00 · 2026-03-31 18:28:05 +08:00 · 2026-03-31 10:33:38 +02:00 · 2026-03-25 22:22:30 +08:00 · 2026-03-23 22:00:32 +01:00
138 changed files with 4038 additions and 3492 deletions
@@ -1,11 +1,5 @@
 [advisories]
 ignore = [
-  # time 0.1
-  "RUSTSEC-2020-0071",
-  # needs sqlx 0.7 (still in alpha)
-  "RUSTSEC-2022-0090",
-  # wry needs kuchiki on Android
-  "RUSTSEC-2023-0019",
-  # atty is only used when the `colored` feature is enabled on tauri-plugin-log
-  "RUSTSEC-2021-0145",
+  # time crate can't be updated in the repo because of MSRV, users are unaffected
+  "RUSTSEC-2026-0009",
 ]
@@ -5,6 +5,7 @@ Hi! We, the maintainers, are really excited that you are interested in contribut
 - [Issue Reporting Guidelines](#issue-reporting-guidelines)
 - [Pull Request Guidelines](#pull-request-guidelines)
 - [Development Guide](#development-guide)
+- [AI Tool Policy](#ai-tool-policy)

 ## Issue Reporting Guidelines

@@ -60,3 +61,13 @@ The easiest way to test your changes is to use the [example app](https://github.
 To test local changes against your own application simply point the plugin create to your local repository, for example:

 `tauri-plugin-sample = { path = "path/to/local/tauri-plugin-sample/" }`
+
+## AI Tool Policy
+
+It takes a lot of time to review a Pull Request while it's very easy to make a nonsensical but plausible looking one using AI tools.
+It is unfair for other contributors and the reviewers to spend much of the time dealing with this, hence these rules:
+
+1. Review and test all LLM-generated content before submitting, you're the one responsible for it, not the AI.
+2. Don't use AI to respond to review comments (except for translations).
+
+We will close the Pull Request with a `ai-slop` tag if you failed to do so.
@@ -34,7 +34,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: rustsec/audit-check@v1
+      - uses: rustsec/audit-check@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          # https://github.com/tauri-apps/plugins-workspace/issues/774
@@ -5,6 +5,7 @@
 name: integration tests

 on:
+  workflow_dispatch:
  push:
    branches:
      - v1
@@ -21,6 +21,7 @@ target/
 package-lock.json
 yarn.lock
 bun.lockb
+bun.lock

 # rust compiled folders
 target/
@@ -207,7 +207,7 @@ checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"

 [[package]]
 name = "api"
-version = "2.0.39"
+version = "2.0.42"
 dependencies = [
 "log",
 "serde",
@@ -810,9 +810,9 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"

 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 dependencies = [
 "serde",
 ]
@@ -1024,16 +1024,6 @@ dependencies = [
 "error-code",
 ]

-[[package]]
-name = "color-backtrace"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2123a5984bd52ca861c66f66a9ab9883b27115c607f801f86c1bc2a84eb69f0f"
-dependencies = [
- "backtrace",
- "termcolor",
-]
-
 [[package]]
 name = "colorchoice"
 version = "1.0.3"
@@ -1047,7 +1037,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
 dependencies = [
 "lazy_static",
- "windows-sys 0.59.0",
+ "windows-sys 0.48.0",
 ]

 [[package]]
@@ -1126,9 +1116,9 @@ dependencies = [

 [[package]]
 name = "cookie_store"
-version = "0.21.1"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2eac901828f88a5241ee0600950ab981148a18f2f756900ffba1b125ca6a3ef9"
+checksum = "3fc4bff745c9b4c7fb1e97b25d13153da2bc7796260141df62378998d070207f"
 dependencies = [
 "cookie",
 "document-features",
@@ -2304,7 +2294,7 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed7131e57abbde63513e0e6636f76668a1ca9798dcae2df4e283cae9ee83859e"
 dependencies = [
- "rustix 1.0.5",
+ "rustix 1.1.3",
 "windows-targets 0.52.6",
 ]

@@ -2714,13 +2704,14 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"

 [[package]]
 name = "hyper"
-version = "1.6.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80"
+checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
 dependencies = [
+ "atomic-waker",
 "bytes",
 "futures-channel",
- "futures-util",
+ "futures-core",
 "h2",
 "http",
 "http-body",
@@ -2728,6 +2719,7 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
+ "pin-utils",
 "smallvec",
 "tokio",
 "want",
@@ -2749,7 +2741,7 @@ dependencies = [
 "tokio",
 "tokio-rustls",
 "tower-service",
- "webpki-roots",
+ "webpki-roots 0.26.8",
 ]

 [[package]]
@@ -2770,22 +2762,28 @@ dependencies = [

 [[package]]
 name = "hyper-util"
-version = "0.1.11"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "497bbc33a26fdd4af9ed9c70d63f61cf56a938375fbb32df34db9b1cd6d643f2"
+checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
+ "base64 0.22.1",
 "bytes",
 "futures-channel",
+ "futures-core",
 "futures-util",
 "http",
 "http-body",
 "hyper",
+ "ipnet",
 "libc",
+ "percent-encoding",
 "pin-project-lite",
 "socket2",
+ "system-configuration",
 "tokio",
 "tower-service",
 "tracing",
+ "windows-registry",
 ]

 [[package]]
@@ -2814,9 +2812,9 @@ dependencies = [

 [[package]]
 name = "ico"
-version = "0.4.0"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc50b891e4acf8fe0e71ef88ec43ad82ee07b3810ad09de10f1d01f072ed4b98"
+checksum = "3e795dff5605e0f04bff85ca41b51a96b83e80b281e96231bcaaf1ac35103371"
 dependencies = [
 "byteorder",
 "png",
@@ -3099,6 +3097,16 @@ version = "2.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"

+[[package]]
+name = "iri-string"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a"
+dependencies = [
+ "memchr",
+ "serde",
+]
+
 [[package]]
 name = "is-docker"
 version = "0.2.0"
@@ -3320,9 +3328,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.172"
+version = "0.2.180"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
+checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"

 [[package]]
 name = "libflate"
@@ -3411,9 +3419,9 @@ checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"

 [[package]]
 name = "linux-raw-sys"
-version = "0.9.4"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12"
+checksum = "df1d3c3b53da64cf5760482273a98e575c651a67eec7f77df96b5b642de8f039"

 [[package]]
 name = "litemap"
@@ -3452,6 +3460,12 @@ dependencies = [
 "value-bag",
 ]

+[[package]]
+name = "lru-slab"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
+
 [[package]]
 name = "mac"
 version = "0.1.1"
@@ -3470,12 +3484,6 @@ dependencies = [
 "time",
 ]

-[[package]]
-name = "maplit"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d"
-
 [[package]]
 name = "markup5ever"
 version = "0.14.1"
@@ -4776,12 +4784,13 @@ dependencies = [

 [[package]]
 name = "quinn-proto"
-version = "0.11.10"
+version = "0.11.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b820744eb4dc9b57a3398183639c511b5a26d2ed702cedd3febaa1393caa22cc"
+checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
 dependencies = [
 "bytes",
 "getrandom 0.3.2",
+ "lru-slab",
 "rand 0.9.0",
 "ring",
 "rustc-hash",
@@ -5028,11 +5037,10 @@ dependencies = [

 [[package]]
 name = "reqwest"
-version = "0.12.15"
+version = "0.12.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d19c46a6fdd48bc4dab94b6103fccc55d34c67cc0ad04653aad4ea2a07cd7bbb"
+checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
 dependencies = [
- "async-compression",
 "base64 0.22.1",
 "bytes",
 "cookie",
@@ -5049,39 +5057,76 @@ dependencies = [
 "hyper-rustls",
 "hyper-tls",
 "hyper-util",
- "ipnet",
 "js-sys",
 "log",
 "mime",
 "mime_guess",
 "native-tls",
- "once_cell",
 "percent-encoding",
 "pin-project-lite",
 "quinn",
 "rustls",
 "rustls-native-certs",
- "rustls-pemfile",
 "rustls-pki-types",
 "serde",
 "serde_json",
 "serde_urlencoded",
 "sync_wrapper",
- "system-configuration",
 "tokio",
 "tokio-native-tls",
 "tokio-rustls",
- "tokio-socks",
 "tokio-util",
 "tower",
+ "tower-http",
+ "tower-service",
+ "url",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "wasm-streams",
+ "web-sys",
+ "webpki-roots 1.0.6",
+]
+
+[[package]]
+name = "reqwest"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04e9018c9d814e5f30cc16a0f03271aeab3571e609612d9fe78c1aa8d11c2f62"
+dependencies = [
+ "base64 0.22.1",
+ "bytes",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-rustls",
+ "hyper-tls",
+ "hyper-util",
+ "js-sys",
+ "log",
+ "native-tls",
+ "percent-encoding",
+ "pin-project-lite",
+ "rustls",
+ "rustls-pki-types",
+ "rustls-platform-verifier",
+ "serde",
+ "serde_json",
+ "sync_wrapper",
+ "tokio",
+ "tokio-native-tls",
+ "tokio-rustls",
+ "tokio-util",
+ "tower",
+ "tower-http",
 "tower-service",
 "url",
 "wasm-bindgen",
 "wasm-bindgen-futures",
 "wasm-streams",
 "web-sys",
- "webpki-roots",
- "windows-registry 0.4.0",
 ]

 [[package]]
@@ -5276,22 +5321,22 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "1.0.5"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d97817398dd4bb2e6da002002db259209759911da105da92bec29ccb12cf58bf"
+checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34"
 dependencies = [
 "bitflags 2.9.0",
 "errno",
 "libc",
- "linux-raw-sys 0.9.4",
+ "linux-raw-sys 0.11.0",
 "windows-sys 0.59.0",
 ]

 [[package]]
 name = "rustls"
-version = "0.23.26"
+version = "0.23.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df51b5869f3a441595eac5e8ff14d486ff285f7b8c0df8770e49c3b56351f0f0"
+checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643"
 dependencies = [
 "once_cell",
 "ring",
@@ -5310,32 +5355,51 @@ dependencies = [
 "openssl-probe",
 "rustls-pki-types",
 "schannel",
- "security-framework 3.2.0",
-]
-
-[[package]]
-name = "rustls-pemfile"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
-dependencies = [
- "rustls-pki-types",
+ "security-framework 3.5.1",
 ]

 [[package]]
 name = "rustls-pki-types"
-version = "1.11.0"
+version = "1.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
+checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
 dependencies = [
 "web-time",
+ "zeroize",
 ]

 [[package]]
-name = "rustls-webpki"
-version = "0.103.1"
+name = "rustls-platform-verifier"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fef8b8769aaccf73098557a87cd1816b4f9c7c16811c9c77142aa695c16f2c03"
+checksum = "1d99feebc72bae7ab76ba994bb5e121b8d83d910ca40b36e0921f53becc41784"
+dependencies = [
+ "core-foundation 0.10.0",
+ "core-foundation-sys",
+ "jni",
+ "log",
+ "once_cell",
+ "rustls",
+ "rustls-native-certs",
+ "rustls-platform-verifier-android",
+ "rustls-webpki",
+ "security-framework 3.5.1",
+ "security-framework-sys",
+ "webpki-root-certs",
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "rustls-platform-verifier-android"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
+
+[[package]]
+name = "rustls-webpki"
+version = "0.103.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
 dependencies = [
 "ring",
 "rustls-pki-types",
@@ -5478,9 +5542,9 @@ dependencies = [

 [[package]]
 name = "security-framework"
-version = "3.2.0"
+version = "3.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316"
+checksum = "b3297343eaf830f66ede390ea39da1d462b6b0c1b000f420d0a83f898bbbe6ef"
 dependencies = [
 "bitflags 2.9.0",
 "core-foundation 0.10.0",
@@ -5491,9 +5555,9 @@ dependencies = [

 [[package]]
 name = "security-framework-sys"
-version = "2.14.0"
+version = "2.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
+checksum = "cc1f0cbffaac4852523ce30d8bd3c5cdc873501d96ff467ca09b6767bb8cd5c0"
 dependencies = [
 "core-foundation-sys",
 "libc",
@@ -5528,10 +5592,11 @@ dependencies = [

 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
 dependencies = [
+ "serde_core",
 "serde_derive",
 ]

@@ -5547,10 +5612,19 @@ dependencies = [
 ]

 [[package]]
-name = "serde_derive"
-version = "1.0.219"
+name = "serde_core"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5936,6 +6010,7 @@ dependencies = [
 "memchr",
 "once_cell",
 "percent-encoding",
+ "rust_decimal",
 "rustls",
 "serde",
 "serde_json",
@@ -5947,7 +6022,8 @@ dependencies = [
 "tokio-stream",
 "tracing",
 "url",
- "webpki-roots",
+ "uuid",
+ "webpki-roots 0.26.8",
 ]

 [[package]]
@@ -6020,6 +6096,7 @@ dependencies = [
 "percent-encoding",
 "rand 0.8.5",
 "rsa",
+ "rust_decimal",
 "serde",
 "sha1",
 "sha2",
@@ -6029,6 +6106,7 @@ dependencies = [
 "thiserror 2.0.12",
 "time",
 "tracing",
+ "uuid",
 "whoami",
 ]

@@ -6058,6 +6136,7 @@ dependencies = [
 "memchr",
 "once_cell",
 "rand 0.8.5",
+ "rust_decimal",
 "serde",
 "serde_json",
 "sha2",
@@ -6067,6 +6146,7 @@ dependencies = [
 "thiserror 2.0.12",
 "time",
 "tracing",
+ "uuid",
 "whoami",
 ]

@@ -6093,6 +6173,7 @@ dependencies = [
 "time",
 "tracing",
 "url",
+ "uuid",
 ]

 [[package]]
@@ -6368,9 +6449,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"

 [[package]]
 name = "tar"
-version = "0.4.44"
+version = "0.4.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d863878d212c87a19c1a610eb53bb01fe12951c0501cf5a0d65f724914a667a"
+checksum = "22692a6476a21fa75fdfc11d452fda482af402c008cdbaf3476414e122040973"
 dependencies = [
 "filetime",
 "libc",
@@ -6385,9 +6466,9 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"

 [[package]]
 name = "tauri"
-version = "2.9.4"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15524fc7959bfcaa051ba6d0b3fb1ef18e978de2176c7c6acb977f7fd14d35c7"
+checksum = "e19299a5f2ccb6bcb2a38b1eb7999e8bbdbd5bdd3cf74a4f8ab412726cbd65e7"
 dependencies = [
 "anyhow",
 "bytes",
@@ -6415,7 +6496,7 @@ dependencies = [
 "percent-encoding",
 "plist",
 "raw-window-handle",
- "reqwest",
+ "reqwest 0.13.1",
 "serde",
 "serde_json",
 "serde_repr",
@@ -6440,9 +6521,9 @@ dependencies = [

 [[package]]
 name = "tauri-build"
-version = "2.5.3"
+version = "2.5.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17fcb8819fd16463512a12f531d44826ce566f486d7ccd211c9c8cebdaec4e08"
+checksum = "76809f63061c8b25537b87f46b8733b31397cf419706dc874e1602be6479ba90"
 dependencies = [
 "anyhow",
 "cargo_toml",
@@ -6464,9 +6545,9 @@ dependencies = [

 [[package]]
 name = "tauri-codegen"
-version = "2.5.2"
+version = "2.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fa9844cefcf99554a16e0a278156ae73b0d8680bbc0e2ad1e4287aadd8489cf"
+checksum = "8b2ebe49d690ccaea93aa81fff99277d4f445968f085ba13be67859151e9e4b8"
 dependencies = [
 "base64 0.22.1",
 "ico",
@@ -6490,9 +6571,9 @@ dependencies = [

 [[package]]
 name = "tauri-macros"
-version = "2.5.2"
+version = "2.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3764a12f886d8245e66b7ee9b43ccc47883399be2019a61d80cf0f4117446fde"
+checksum = "1119f651b0187c686c0fc72c66bba311e560e1b5f61869086ce788d43be6cf41"
 dependencies = [
 "heck 0.5.0",
 "proc-macro2",
@@ -6504,9 +6585,9 @@ dependencies = [

 [[package]]
 name = "tauri-plugin"
-version = "2.4.0"
+version = "2.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9946a3cede302eac0c6eb6c6070ac47b1768e326092d32efbb91f21ed58d978f"
+checksum = "692a77abd8b8773e107a42ec0e05b767b8d2b7ece76ab36c6c3947e34df9f53f"
 dependencies = [
 "anyhow",
 "glob",
@@ -6533,7 +6614,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-barcode-scanner"
-version = "2.4.3"
+version = "2.4.4"
 dependencies = [
 "log",
 "serde",
@@ -6584,7 +6665,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-deep-link"
-version = "2.4.6"
+version = "2.4.8"
 dependencies = [
 "dunce",
 "plist",
@@ -6597,13 +6678,13 @@ dependencies = [
 "thiserror 2.0.12",
 "tracing",
 "url",
- "windows-registry 0.5.1",
+ "windows-registry",
 "windows-result",
 ]

 [[package]]
 name = "tauri-plugin-dialog"
-version = "2.5.0"
+version = "2.7.0"
 dependencies = [
 "log",
 "raw-window-handle",
@@ -6619,13 +6700,15 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-fs"
-version = "2.4.5"
+version = "2.5.0"
 dependencies = [
 "anyhow",
 "dunce",
 "glob",
+ "log",
 "notify",
 "notify-debouncer-full",
+ "objc2-foundation 0.3.0",
 "percent-encoding",
 "schemars",
 "serde",
@@ -6680,14 +6763,14 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-http"
-version = "2.5.5"
+version = "2.5.8"
 dependencies = [
 "bytes",
 "cookie_store",
 "data-url",
 "http",
 "regex",
- "reqwest",
+ "reqwest 0.12.28",
 "schemars",
 "serde",
 "serde_json",
@@ -6737,7 +6820,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-nfc"
-version = "2.3.4"
+version = "2.3.5"
 dependencies = [
 "log",
 "serde",
@@ -6752,10 +6835,7 @@ dependencies = [
 name = "tauri-plugin-notification"
 version = "2.3.3"
 dependencies = [
- "color-backtrace",
- "ctor",
 "log",
- "maplit",
 "notify-rust",
 "rand 0.9.0",
 "serde",
@@ -6808,7 +6888,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-persisted-scope"
-version = "2.3.5"
+version = "2.3.6"
 dependencies = [
 "aho-corasick",
 "bincode",
@@ -6843,7 +6923,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-shell"
-version = "2.3.4"
+version = "2.3.5"
 dependencies = [
 "encoding_rs",
 "log",
@@ -6862,7 +6942,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-single-instance"
-version = "2.3.7"
+version = "2.4.1"
 dependencies = [
 "semver",
 "serde",
@@ -6877,11 +6957,12 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-sql"
-version = "2.3.1"
+version = "2.4.0"
 dependencies = [
 "futures-core",
 "indexmap 2.9.0",
 "log",
+ "rust_decimal",
 "serde",
 "serde_json",
 "sqlx",
@@ -6890,6 +6971,7 @@ dependencies = [
 "thiserror 2.0.12",
 "time",
 "tokio",
+ "uuid",
 ]

 [[package]]
@@ -6929,7 +7011,7 @@ dependencies = [

 [[package]]
 name = "tauri-plugin-updater"
-version = "2.9.0"
+version = "2.10.1"
 dependencies = [
 "base64 0.22.1",
 "dirs 6.0.0",
@@ -6941,7 +7023,8 @@ dependencies = [
 "minisign-verify",
 "osakit",
 "percent-encoding",
- "reqwest",
+ "reqwest 0.13.1",
+ "rustls",
 "semver",
 "serde",
 "serde_json",
@@ -6965,7 +7048,7 @@ dependencies = [
 "log",
 "mockito",
 "read-progress-stream",
- "reqwest",
+ "reqwest 0.12.28",
 "serde",
 "serde_json",
 "tauri",
@@ -7008,9 +7091,9 @@ dependencies = [

 [[package]]
 name = "tauri-runtime"
-version = "2.9.2"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87f766fe9f3d1efc4b59b17e7a891ad5ed195fa8d23582abb02e6c9a01137892"
+checksum = "b885ffeac82b00f1f6fd292b6e5aabfa7435d537cef57d11e38a489956535651"
 dependencies = [
 "cookie",
 "dpi",
@@ -7033,9 +7116,9 @@ dependencies = [

 [[package]]
 name = "tauri-runtime-wry"
-version = "2.9.2"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7950f3bde6bcca6655bc5e76d3d6ec587ceb81032851ab4ddbe1f508bdea2729"
+checksum = "5204682391625e867d16584fedc83fc292fb998814c9f7918605c789cd876314"
 dependencies = [
 "gtk",
 "http",
@@ -7060,9 +7143,9 @@ dependencies = [

 [[package]]
 name = "tauri-utils"
-version = "2.8.1"
+version = "2.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76a423c51176eb3616ee9b516a9fa67fed5f0e78baaba680e44eb5dd2cc37490"
+checksum = "fcd169fccdff05eff2c1033210b9b94acd07a47e6fa9a3431cf09cfd4f01c87e"
 dependencies = [
 "aes-gcm",
 "anyhow",
@@ -7122,14 +7205,14 @@ dependencies = [

 [[package]]
 name = "tempfile"
-version = "3.19.1"
+version = "3.24.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7437ac7763b9b123ccf33c338a5cc1bac6f69b45a136c19bdd8a65e3916435bf"
+checksum = "655da9c7eb6305c55742045d5a8d2037996d61d8de95806335c7c86ce0f82e9c"
 dependencies = [
 "fastrand",
 "getrandom 0.3.2",
 "once_cell",
- "rustix 1.0.5",
+ "rustix 1.1.3",
 "windows-sys 0.59.0",
 ]

@@ -7144,15 +7227,6 @@ dependencies = [
 "utf-8",
 ]

-[[package]]
-name = "termcolor"
-version = "1.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
-dependencies = [
- "winapi-util",
-]
-
 [[package]]
 name = "thiserror"
 version = "1.0.69"
@@ -7333,18 +7407,6 @@ dependencies = [
 "tokio",
 ]

-[[package]]
-name = "tokio-socks"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d4770b8024672c1101b3f6733eab95b18007dbe0847a8afe341fcf79e06043f"
-dependencies = [
- "either",
- "futures-util",
- "thiserror 1.0.69",
- "tokio",
-]
-
 [[package]]
 name = "tokio-stream"
 version = "0.1.17"
@@ -7372,7 +7434,7 @@ dependencies = [
 "tokio-native-tls",
 "tokio-rustls",
 "tungstenite",
- "webpki-roots",
+ "webpki-roots 0.26.8",
 ]

 [[package]]
@@ -7498,6 +7560,29 @@ dependencies = [
 "tower-service",
 ]

+[[package]]
+name = "tower-http"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
+dependencies = [
+ "async-compression",
+ "bitflags 2.9.0",
+ "bytes",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "iri-string",
+ "pin-project-lite",
+ "tokio",
+ "tokio-util",
+ "tower",
+ "tower-layer",
+ "tower-service",
+]
+
 [[package]]
 name = "tower-layer"
 version = "0.3.3"
@@ -7815,12 +7900,14 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

 [[package]]
 name = "uuid"
-version = "1.16.0"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
+checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
 dependencies = [
 "getrandom 0.3.2",
- "serde",
+ "js-sys",
+ "serde_core",
+ "wasm-bindgen",
 ]

 [[package]]
@@ -8101,9 +8188,9 @@ dependencies = [

 [[package]]
 name = "webkit2gtk"
-version = "2.0.1"
+version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76b1bc1e54c581da1e9f179d0b38512ba358fb1af2d634a1affe42e37172361a"
+checksum = "a1027150013530fb2eaf806408df88461ae4815a45c541c8975e61d6f2fc4793"
 dependencies = [
 "bitflags 1.3.2",
 "cairo-rs",
@@ -8125,9 +8212,9 @@ dependencies = [

 [[package]]
 name = "webkit2gtk-sys"
-version = "2.0.1"
+version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62daa38afc514d1f8f12b8693d30d5993ff77ced33ce30cd04deebc267a6d57c"
+checksum = "916a5f65c2ef0dfe12fff695960a2ec3d4565359fdbb2e9943c974e06c734ea5"
 dependencies = [
 "bitflags 1.3.2",
 "cairo-sys-rs",
@@ -8143,6 +8230,15 @@ dependencies = [
 "system-deps",
 ]

+[[package]]
+name = "webpki-root-certs"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36a29fc0408b113f68cf32637857ab740edfafdf460c326cd2afaa2d84cc05dc"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "webpki-roots"
 version = "0.26.8"
@@ -8152,6 +8248,15 @@ dependencies = [
 "rustls-pki-types",
 ]

+[[package]]
+name = "webpki-roots"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "websocket-example"
 version = "0.1.0"
@@ -8250,7 +8355,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.48.0",
 ]

 [[package]]
@@ -8319,7 +8424,7 @@ dependencies = [
 "windows-interface",
 "windows-link",
 "windows-result",
- "windows-strings 0.4.0",
+ "windows-strings",
 ]

 [[package]]
@@ -8370,17 +8475,6 @@ dependencies = [
 "windows-link",
 ]

-[[package]]
-name = "windows-registry"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4286ad90ddb45071efd1a66dfa43eb02dd0dfbae1545ad6cc3c51cf34d7e8ba3"
-dependencies = [
- "windows-result",
- "windows-strings 0.3.1",
- "windows-targets 0.53.2",
-]
-
 [[package]]
 name = "windows-registry"
 version = "0.5.1"
@@ -8389,7 +8483,7 @@ checksum = "ad1da3e436dc7653dfdf3da67332e22bff09bb0e28b0239e1624499c7830842e"
 dependencies = [
 "windows-link",
 "windows-result",
- "windows-strings 0.4.0",
+ "windows-strings",
 ]

 [[package]]
@@ -8401,15 +8495,6 @@ dependencies = [
 "windows-link",
 ]

-[[package]]
-name = "windows-strings"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87fa48cc5d406560701792be122a10132491cff9d0aeb23583cc2dcafc847319"
-dependencies = [
- "windows-link",
-]
-
 [[package]]
 name = "windows-strings"
 version = "0.4.0"
@@ -8824,9 +8909,9 @@ checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"

 [[package]]
 name = "wry"
-version = "0.53.5"
+version = "0.54.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "728b7d4c8ec8d81cab295e0b5b8a4c263c0d41a785fb8f8c4df284e5411140a2"
+checksum = "5ed1a195b0375491dd15a7066a10251be217ce743cf4bbbbdcf5391d6473bee0"
 dependencies = [
 "base64 0.22.1",
 "block2 0.6.2",
@@ -8932,7 +9017,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0d65cbf2f12c15564212d48f4e3dfb87923d25d611f2aed18f4cb23f0413d89e"
 dependencies = [
 "libc",
- "rustix 1.0.5",
+ "rustix 1.1.3",
 ]

 [[package]]
@@ -12,10 +12,10 @@ resolver = "2"
 serde = { version = "1", features = ["derive"] }
 tracing = "0.1"
 log = "0.4"
-tauri = { version = "2.9.3", default-features = false }
-tauri-build = "2.4"
-tauri-plugin = "2.4"
-tauri-utils = "2.7"
+tauri = { version = "2.10", default-features = false }
+tauri-build = "2.5"
+tauri-plugin = "2.5"
+tauri-utils = "2.8"
 serde_json = "1"
 thiserror = "2"
 url = "2"
@@ -1,5 +1,31 @@
 # Changelog

+## \[2.0.38]
+
+### Dependencies
+
+- Upgraded to `fs-js@2.5.0`
+- Upgraded to `http-js@2.5.8`
+- Upgraded to `updater-js@2.10.1`
+- Upgraded to `nfc-js@2.3.5`
+- Upgraded to `dialog-js@2.7.0`
+
+## \[2.0.37]
+
+### Dependencies
+
+- Upgraded to `updater-js@2.10.0`
+- Upgraded to `barcode-scanner-js@2.4.4`
+- Upgraded to `http-js@2.5.7`
+- Upgraded to `shell-js@2.3.5`
+
+## \[2.0.36]
+
+### Dependencies
+
+- Upgraded to `http-js@2.5.6`
+- Upgraded to `dialog-js@2.6.0`
+
 ## \[2.0.35]

 ### Dependencies
@@ -1,7 +1,7 @@
 {
  "name": "api",
  "private": true,
-  "version": "2.0.35",
+  "version": "2.0.38",
  "type": "module",
  "scripts": {
    "dev": "vite --clearScreen false",
@@ -10,36 +10,36 @@
    "tauri": "tauri"
  },
  "dependencies": {
-    "@tauri-apps/api": "2.9.1",
-    "@tauri-apps/plugin-barcode-scanner": "^2.4.3",
+    "@tauri-apps/api": "^2.10.1",
+    "@tauri-apps/plugin-barcode-scanner": "^2.4.4",
    "@tauri-apps/plugin-biometric": "^2.3.2",
    "@tauri-apps/plugin-cli": "^2.4.1",
    "@tauri-apps/plugin-clipboard-manager": "^2.3.2",
-    "@tauri-apps/plugin-dialog": "^2.5.0",
-    "@tauri-apps/plugin-fs": "^2.4.5",
-    "@tauri-apps/plugin-geolocation": "^2.2.0",
+    "@tauri-apps/plugin-dialog": "^2.7.0",
+    "@tauri-apps/plugin-fs": "^2.5.0",
+    "@tauri-apps/plugin-geolocation": "^2.3.2",
    "@tauri-apps/plugin-global-shortcut": "^2.3.1",
-    "@tauri-apps/plugin-haptics": "^2.2.0",
-    "@tauri-apps/plugin-http": "^2.5.5",
-    "@tauri-apps/plugin-nfc": "^2.3.4",
+    "@tauri-apps/plugin-haptics": "^2.3.2",
+    "@tauri-apps/plugin-http": "^2.5.8",
+    "@tauri-apps/plugin-nfc": "^2.3.5",
    "@tauri-apps/plugin-notification": "^2.3.3",
    "@tauri-apps/plugin-opener": "^2.5.3",
    "@tauri-apps/plugin-os": "^2.3.2",
    "@tauri-apps/plugin-process": "^2.3.1",
-    "@tauri-apps/plugin-shell": "^2.3.4",
+    "@tauri-apps/plugin-shell": "^2.3.5",
    "@tauri-apps/plugin-store": "^2.4.2",
-    "@tauri-apps/plugin-updater": "^2.9.0",
-    "@tauri-apps/plugin-upload": "^2.3.0",
+    "@tauri-apps/plugin-updater": "^2.10.1",
+    "@tauri-apps/plugin-upload": "^2.4.0",
    "@zerodevx/svelte-json-view": "1.0.11"
  },
  "devDependencies": {
-    "@iconify-json/codicon": "^1.2.12",
+    "@iconify-json/codicon": "^1.2.49",
    "@iconify-json/ph": "^1.2.2",
-    "@sveltejs/vite-plugin-svelte": "^6.0.0",
-    "@tauri-apps/cli": "2.9.6",
-    "@unocss/extractor-svelte": "^66.3.3",
-    "svelte": "^5.20.4",
-    "unocss": "^66.3.3",
-    "vite": "^7.0.7"
+    "@sveltejs/vite-plugin-svelte": "^7.0.0",
+    "@tauri-apps/cli": "2.10.1",
+    "@unocss/extractor-svelte": "^66.6.7",
+    "svelte": "^5.54.0",
+    "unocss": "^66.6.7",
+    "vite": "^8.0.1"
  }
 }
@@ -1,5 +1,31 @@
 # Changelog

+## \[2.0.42]
+
+### Dependencies
+
+- Upgraded to `fs@2.5.0`
+- Upgraded to `http@2.5.8`
+- Upgraded to `updater@2.10.1`
+- Upgraded to `nfc@2.3.5`
+- Upgraded to `dialog@2.7.0`
+
+## \[2.0.41]
+
+### Dependencies
+
+- Upgraded to `updater@2.10.0`
+- Upgraded to `barcode-scanner@2.4.4`
+- Upgraded to `http@2.5.7`
+- Upgraded to `shell@2.3.5`
+
+## \[2.0.40]
+
+### Dependencies
+
+- Upgraded to `http@2.5.6`
+- Upgraded to `dialog@2.6.0`
+
 ## \[2.0.39]

 ### Dependencies
@@ -1,7 +1,7 @@
 [package]
 name = "api"
 publish = false
-version = "2.0.39"
+version = "2.0.42"
 description = "An example Tauri Application showcasing the api"
 edition = "2021"
 rust-version = { workspace = true }
@@ -21,22 +21,22 @@ tiny_http = "0.12"
 time = "0.3"
 log = { workspace = true }
 tauri-plugin-log = { path = "../../../plugins/log", version = "2.8.0" }
-tauri-plugin-fs = { path = "../../../plugins/fs", version = "2.4.5", features = [
+tauri-plugin-fs = { path = "../../../plugins/fs", version = "2.5.0", features = [
  "watch",
 ] }
 tauri-plugin-clipboard-manager = { path = "../../../plugins/clipboard-manager", version = "2.3.2" }
-tauri-plugin-dialog = { path = "../../../plugins/dialog", version = "2.5.0" }
+tauri-plugin-dialog = { path = "../../../plugins/dialog", version = "2.7.0" }
 tauri-plugin-http = { path = "../../../plugins/http", features = [
  "multipart",
  "cookies",
-], version = "2.5.5" }
+], version = "2.5.8" }
 tauri-plugin-notification = { path = "../../../plugins/notification", version = "2.3.3", features = [
  "windows7-compat",
 ] }
 tauri-plugin-os = { path = "../../../plugins/os", version = "2.3.2" }
 tauri-plugin-process = { path = "../../../plugins/process", version = "2.3.1" }
 tauri-plugin-opener = { path = "../../../plugins/opener", version = "2.5.3" }
-tauri-plugin-shell = { path = "../../../plugins/shell", version = "2.3.4" }
+tauri-plugin-shell = { path = "../../../plugins/shell", version = "2.3.5" }
 tauri-plugin-store = { path = "../../../plugins/store", version = "2.4.2" }
 tauri-plugin-upload = { path = "../../../plugins/upload", version = "2.3.0" }

@@ -57,12 +57,12 @@ features = [
 [target."cfg(any(target_os = \"macos\", windows, target_os = \"linux\", target_os = \"dragonfly\", target_os = \"freebsd\", target_os = \"openbsd\", target_os = \"netbsd\"))".dependencies]
 tauri-plugin-cli = { path = "../../../plugins/cli", version = "2.4.1" }
 tauri-plugin-global-shortcut = { path = "../../../plugins/global-shortcut", version = "2.3.1" }
-tauri-plugin-updater = { path = "../../../plugins/updater", version = "2.9.0" }
+tauri-plugin-updater = { path = "../../../plugins/updater", version = "2.10.1" }
 tauri-plugin-window-state = { path = "../../../plugins/window-state", version = "2.2.0" }

 [target."cfg(any(target_os = \"android\", target_os = \"ios\"))".dependencies]
-tauri-plugin-barcode-scanner = { path = "../../../plugins/barcode-scanner/", version = "2.4.3" }
-tauri-plugin-nfc = { path = "../../../plugins/nfc", version = "2.3.4" }
+tauri-plugin-barcode-scanner = { path = "../../../plugins/barcode-scanner/", version = "2.4.4" }
+tauri-plugin-nfc = { path = "../../../plugins/nfc", version = "2.3.5" }
 tauri-plugin-biometric = { path = "../../../plugins/biometric/", version = "2.3.2" }
 tauri-plugin-geolocation = { path = "../../../plugins/geolocation/", version = "2.3.2" }
 tauri-plugin-haptics = { path = "../../../plugins/haptics/", version = "2.3.2" }
@@ -23,11 +23,7 @@
    "core:window:allow-start-dragging",
    "notification:default",
    "os:allow-platform",
-    "dialog:allow-open",
-    "dialog:allow-ask",
-    "dialog:allow-save",
-    "dialog:allow-confirm",
-    "dialog:allow-message",
+    "dialog:default",
    {
      "identifier": "shell:allow-spawn",
      "allow": [
@@ -8,7 +8,8 @@
  let filter = null;
  let multiple = false;
  let directory = false;
-  let pickerMode = "";
+  let pickerMode = "document";
+  let fileAccessMode = "scoped";

  function arrayBufferToBase64(buffer, callback) {
    var blob = new Blob([buffer], {
@@ -42,7 +43,7 @@
  }

  async function msg() {
-    await message("Tauri is awesome!");
+    await message("Tauri is awesome!").then((res) => onMessage(res));
  }

  async function msgCustom(result) {
@@ -52,54 +53,60 @@
      .catch(onMessage);
  }

-  function openDialog() {
-    open({
-      title: "My wonderful open dialog",
-      defaultPath,
-      filters: filter
-        ? [
-            {
-              name: "Tauri Example",
-              extensions: filter.split(",").map((f) => f.trim()),
-            },
-          ]
-        : [],
-      multiple,
-      directory,
-      pickerMode: pickerMode === "" ? undefined : pickerMode,
-    })
-      .then(function (res) {
-        if (Array.isArray(res)) {
-          onMessage(res);
-        } else {
-          var pathToRead = res;
-          var isFile = pathToRead.match(/\S+\.\S+$/g);
-          readFile(pathToRead)
-            .then(function (response) {
-              if (isFile) {
-                if (
-                  pathToRead.includes(".png") ||
-                  pathToRead.includes(".jpg") ||
-                  pathToRead.includes(".jpeg")
-                ) {
-                  arrayBufferToBase64(
-                    new Uint8Array(response),
-                    function (base64) {
-                      var src = "data:image/png;base64," + base64;
-                      insecureRenderHtml('<img src="' + src + '"></img>');
-                    }
-                  );
-                } else {
-                  onMessage(res);
-                }
-              } else {
-                onMessage(res);
-              }
-            })
-            .catch(onMessage);
-        }
+  async function openDialog() {
+    try {
+      var result = await open({
+        title: "My wonderful open dialog",
+        defaultPath,
+        filters: filter
+          ? [
+              {
+                name: "Tauri Example",
+                extensions: filter.split(",").map((f) => f.trim()),
+              },
+            ]
+          : [],
+        multiple,
+        directory,
+        pickerMode,
+        fileAccessMode,
      })
-      .catch(onMessage);
+
+      if (Array.isArray(result)) {
+        onMessage(result);
+      } else {
+        var pathToRead = result;
+        var isFile = pathToRead.match(/\S+\.\S+$/g);
+
+        await readFile(pathToRead)
+          .then(function (res) {
+            if (isFile) {
+              if (
+                pathToRead.includes(".png") ||
+                pathToRead.includes(".jpg") ||
+                pathToRead.includes(".jpeg")
+              ) {
+                arrayBufferToBase64(
+                  new Uint8Array(res),
+                  function (base64) {
+                    var src = "data:image/png;base64," + base64;
+                    insecureRenderHtml('<img src="' + src + '"></img>');
+                  }
+                );
+              } else {
+                // Convert byte array to UTF-8 string
+                const decoder = new TextDecoder('utf-8');
+                const text = decoder.decode(new Uint8Array(res));
+                onMessage(text);
+              }
+            } else {
+              onMessage(res);
+          }
+        })
+      }
+    } catch(exception) {
+      onMessage(exception)
+    }
  }

  function saveDialog() {
@@ -154,6 +161,13 @@
    <option value="document">Document</option>
  </select>
 </div>
+<div>
+  <label for="dialog-file-access-mode">File Access Mode:</label>
+  <select id="dialog-file-access-mode" bind:value={fileAccessMode}>
+    <option value="copy">Copy</option>
+    <option value="scoped">Scoped</option>
+  </select>
+</div>
 <br />

 <div class="flex flex-wrap flex-col md:flex-row gap-2 children:flex-shrink-0">
@@ -11,19 +11,18 @@
    "example:api:dev": "pnpm run --filter \"api\" tauri dev"
  },
  "devDependencies": {
-    "@eslint/js": "9.39.2",
+    "@eslint/js": "10.0.1",
    "@rollup/plugin-node-resolve": "16.0.3",
-    "@rollup/plugin-terser": "0.4.4",
+    "@rollup/plugin-terser": "1.0.0",
    "@rollup/plugin-typescript": "12.3.0",
-    "covector": "^0.12.4",
-    "eslint": "9.39.2",
+    "eslint": "10.1.0",
    "eslint-config-prettier": "10.1.8",
-    "eslint-plugin-security": "3.0.1",
-    "prettier": "3.7.4",
-    "rollup": "4.54.0",
+    "eslint-plugin-security": "4.0.0",
+    "prettier": "3.8.1",
+    "rollup": "4.59.0",
    "tslib": "2.8.1",
    "typescript": "5.9.3",
-    "typescript-eslint": "8.50.1"
+    "typescript-eslint": "8.57.1"
  },
  "minimumReleaseAge": 4320,
  "pnpm": {
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,11 @@
 # Changelog

+## \[2.4.4]
+
+- [`82fbb0c7`](https://github.com/tauri-apps/plugins-workspace/commit/82fbb0c790288eca72af9ade13828ded7700ff90) ([#3221](https://github.com/tauri-apps/plugins-workspace/pull/3221)) On iOS, fixed an application crash happening when the scanner was started when user denied permission before.
+- [`b60dd887`](https://github.com/tauri-apps/plugins-workspace/commit/b60dd88702a2be2af942a3d104d728970a4c42d6) ([#3223](https://github.com/tauri-apps/plugins-workspace/pull/3223)) On iOS, start the scanning session on a separate thread to fix performance issues.
+- [`c27af912`](https://github.com/tauri-apps/plugins-workspace/commit/c27af9128d6cc7a2424ec49e98005e68b2d0eb1a) ([#3222](https://github.com/tauri-apps/plugins-workspace/pull/3222)) On iOS, fixed an application crash happening when the scanner was started on the iOS Simulator (no camera available).
+
 ## \[2.4.3]

 - [`d8bfe61f`](https://github.com/tauri-apps/plugins-workspace/commit/d8bfe61f20f235314bad93a9c50d8b7f3eade734) ([#3121](https://github.com/tauri-apps/plugins-workspace/pull/3121) by [@NKIPSC](https://github.com/tauri-apps/plugins-workspace/../../NKIPSC)) Remove unnecessary checks on Android when requesting camera permission.
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-barcode-scanner"
-version = "2.4.3"
+version = "2.4.4"
 description = "Scan QR codes, EAN-13 and other kinds of barcodes on Android and iOS"
 edition = { workspace = true }
 authors = { workspace = true }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_BARCODE_SCANNER__=function(n){"use strict";async function a(n,a={},e){return window.__TAURI_INTERNALS__.invoke(n,a,e)}var e;return"function"==typeof SuppressedError&&SuppressedError,n.Format=void 0,(e=n.Format||(n.Format={})).QRCode="QR_CODE",e.UPC_A="UPC_A",e.UPC_E="UPC_E",e.EAN8="EAN_8",e.EAN13="EAN_13",e.Code39="CODE_39",e.Code93="CODE_93",e.Code128="CODE_128",e.Codabar="CODABAR",e.ITF="ITF",e.Aztec="AZTEC",e.DataMatrix="DATA_MATRIX",e.PDF417="PDF_417",e.GS1DataBar="GS1_DATA_BAR",e.GS1DataBarLimited="GS1_DATA_BAR_LIMITED",e.GS1DataBarExpanded="GS1_DATA_BAR_EXPANDED",n.cancel=async function(){await a("plugin:barcode-scanner|cancel")},n.checkPermissions=async function(){return await async function(n){return a(`plugin:${n}|check_permissions`)}("barcode-scanner").then((n=>n.camera))},n.openAppSettings=async function(){await a("plugin:barcode-scanner|open_app_settings")},n.requestPermissions=async function(){return await async function(n){return a(`plugin:${n}|request_permissions`)}("barcode-scanner").then((n=>n.camera))},n.scan=async function(n){return await a("plugin:barcode-scanner|scan",{...n})},n}({});Object.defineProperty(window.__TAURI__,"barcodeScanner",{value:__TAURI_PLUGIN_BARCODE_SCANNER__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_BARCODE_SCANNER__=function(n){"use strict";async function a(n,a={},e){return window.__TAURI_INTERNALS__.invoke(n,a,e)}var e;return"function"==typeof SuppressedError&&SuppressedError,n.Format=void 0,(e=n.Format||(n.Format={})).QRCode="QR_CODE",e.UPC_A="UPC_A",e.UPC_E="UPC_E",e.EAN8="EAN_8",e.EAN13="EAN_13",e.Code39="CODE_39",e.Code93="CODE_93",e.Code128="CODE_128",e.Codabar="CODABAR",e.ITF="ITF",e.Aztec="AZTEC",e.DataMatrix="DATA_MATRIX",e.PDF417="PDF_417",e.GS1DataBar="GS1_DATA_BAR",e.GS1DataBarLimited="GS1_DATA_BAR_LIMITED",e.GS1DataBarExpanded="GS1_DATA_BAR_EXPANDED",n.cancel=async function(){await a("plugin:barcode-scanner|cancel")},n.checkPermissions=async function(){return await async function(n){return a(`plugin:${n}|check_permissions`)}("barcode-scanner").then(n=>n.camera)},n.openAppSettings=async function(){await a("plugin:barcode-scanner|open_app_settings")},n.requestPermissions=async function(){return await async function(n){return a(`plugin:${n}|request_permissions`)}("barcode-scanner").then(n=>n.camera)},n.scan=async function(n){return await a("plugin:barcode-scanner|scan",{...n})},n}({});Object.defineProperty(window.__TAURI__,"barcodeScanner",{value:__TAURI_PLUGIN_BARCODE_SCANNER__})}
@@ -261,27 +261,34 @@ class BarcodeScannerPlugin: Plugin, AVCaptureMetadataOutputObjectsDelegate {
  }

  private func runScanner(_ invoke: Invoke, args: ScanOptions) {
+    if getPermissionState() != "granted" {
+      invoke.reject("Camera permission denied or not yet requested")
+      return
+    }
+
    scanFormats = [AVMetadataObject.ObjectType]()

    (args.formats ?? []).forEach { format in
-        if let formatValue = format.value {
-            scanFormats.append(formatValue)
-        } else {
-            invoke.reject("Unsupported barcode format on this iOS version: \(format)")
-            return
-        }
+      if let formatValue = format.value {
+        scanFormats.append(formatValue)
+      } else {
+        invoke.reject("Unsupported barcode format on this iOS version: \(format)")
+        return
+      }
    }

    if scanFormats.isEmpty {
-        for supportedFormat in SupportedFormat.allCases {
-            if let formatValue = supportedFormat.value {
-                scanFormats.append(formatValue)
-            }
+      for supportedFormat in SupportedFormat.allCases {
+        if let formatValue = supportedFormat.value {
+          scanFormats.append(formatValue)
        }
+      }
    }

    self.metaOutput!.metadataObjectTypes = self.scanFormats
-    self.captureSession!.startRunning()
+    DispatchQueue.main.async {
+      self.captureSession!.startRunning()
+    }

    self.isScanning = true
  }
@@ -298,6 +305,13 @@ class BarcodeScannerPlugin: Plugin, AVCaptureMetadataOutputObjectsDelegate {
      return
    }

+    // Check if camera is available on this platform (iOS simulator doesn't have cameras)
+    let availableVideoDevices = discoverCaptureDevices()
+    if availableVideoDevices.isEmpty {
+      invoke.reject("No camera available on this device (e.g., iOS Simulator)")
+      return
+    }
+
    var iOS14min: Bool = false
    if #available(iOS 14.0, *) { iOS14min = true }
    if !iOS14min && self.getPermissionState() != "granted" {
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-barcode-scanner",
-  "version": "2.4.3",
+  "version": "2.4.4",
  "description": "Scan QR codes, EAN-13 and other kinds of barcodes on Android and iOS",
  "license": "MIT OR Apache-2.0",
  "authors": [
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_CLIPBOARD_MANAGER__=function(e){"use strict";var n;async function t(e,n={},t){return window.__TAURI_INTERNALS__.invoke(e,n,t)}"function"==typeof SuppressedError&&SuppressedError;class r{get rid(){return function(e,n,t,r){if("function"==typeof n?e!==n||!r:!n.has(e))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===t?r:"a"===t?r.call(e):r?r.value:n.get(e)}(this,n,"f")}constructor(e){n.set(this,void 0),function(e,n,t){if("function"==typeof n||!n.has(e))throw new TypeError("Cannot write private member to an object whose class did not declare it");n.set(e,t)}(this,n,e)}async close(){return t("plugin:resources|close",{rid:this.rid})}}n=new WeakMap;class a extends r{constructor(e){super(e)}static async new(e,n,r){return t("plugin:image|new",{rgba:i(e),width:n,height:r}).then((e=>new a(e)))}static async fromBytes(e){return t("plugin:image|from_bytes",{bytes:i(e)}).then((e=>new a(e)))}static async fromPath(e){return t("plugin:image|from_path",{path:e}).then((e=>new a(e)))}async rgba(){return t("plugin:image|rgba",{rid:this.rid}).then((e=>new Uint8Array(e)))}async size(){return t("plugin:image|size",{rid:this.rid})}}function i(e){return null==e?null:"string"==typeof e?e:e instanceof a?e.rid:e}return e.clear=async function(){await t("plugin:clipboard-manager|clear")},e.readImage=async function(){return await t("plugin:clipboard-manager|read_image").then((e=>new a(e)))},e.readText=async function(){return await t("plugin:clipboard-manager|read_text")},e.writeHtml=async function(e,n){await t("plugin:clipboard-manager|write_html",{html:e,altText:n})},e.writeImage=async function(e){await t("plugin:clipboard-manager|write_image",{image:i(e)})},e.writeText=async function(e,n){await t("plugin:clipboard-manager|write_text",{label:n?.label,text:e})},e}({});Object.defineProperty(window.__TAURI__,"clipboardManager",{value:__TAURI_PLUGIN_CLIPBOARD_MANAGER__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_CLIPBOARD_MANAGER__=function(e){"use strict";var n;async function t(e,n={},t){return window.__TAURI_INTERNALS__.invoke(e,n,t)}"function"==typeof SuppressedError&&SuppressedError;class r{get rid(){return function(e,n,t,r){if("function"==typeof n?e!==n||!r:!n.has(e))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===t?r:"a"===t?r.call(e):r?r.value:n.get(e)}(this,n,"f")}constructor(e){n.set(this,void 0),function(e,n,t){if("function"==typeof n||!n.has(e))throw new TypeError("Cannot write private member to an object whose class did not declare it");n.set(e,t)}(this,n,e)}async close(){return t("plugin:resources|close",{rid:this.rid})}}n=new WeakMap;class a extends r{constructor(e){super(e)}static async new(e,n,r){return t("plugin:image|new",{rgba:i(e),width:n,height:r}).then(e=>new a(e))}static async fromBytes(e){return t("plugin:image|from_bytes",{bytes:i(e)}).then(e=>new a(e))}static async fromPath(e){return t("plugin:image|from_path",{path:e}).then(e=>new a(e))}async rgba(){return t("plugin:image|rgba",{rid:this.rid}).then(e=>new Uint8Array(e))}async size(){return t("plugin:image|size",{rid:this.rid})}}function i(e){return null==e?null:"string"==typeof e?e:e instanceof a?e.rid:e}return e.clear=async function(){await t("plugin:clipboard-manager|clear")},e.readImage=async function(){return await t("plugin:clipboard-manager|read_image").then(e=>new a(e))},e.readText=async function(){return await t("plugin:clipboard-manager|read_text")},e.writeHtml=async function(e,n){await t("plugin:clipboard-manager|write_html",{html:e,altText:n})},e.writeImage=async function(e){await t("plugin:clipboard-manager|write_image",{image:i(e)})},e.writeText=async function(e,n){await t("plugin:clipboard-manager|write_text",{label:n?.label,text:e})},e}({});Object.defineProperty(window.__TAURI__,"clipboardManager",{value:__TAURI_PLUGIN_CLIPBOARD_MANAGER__})}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,14 @@
 # Changelog

+## \[2.4.8]
+
+- [`024ec0c2`](https://github.com/tauri-apps/plugins-workspace/commit/024ec0c29c20cf94579dab9b79d6be0da61a8daa) ([#3214](https://github.com/tauri-apps/plugins-workspace/pull/3214) by [@joshIsCoding](https://github.com/tauri-apps/plugins-workspace/../../joshIsCoding)) Account for differing Android VIEW intent in ChromeOS, fixing deep-link behaviour on Chromium platforms.
+- [`015e817c`](https://github.com/tauri-apps/plugins-workspace/commit/015e817cf2d7f66c1b9268606af8318dfe0bc4ee) ([#3186](https://github.com/tauri-apps/plugins-workspace/pull/3186) by [@lucasfernog](https://github.com/tauri-apps/plugins-workspace/../../lucasfernog)) Validate Android new intent is actually a deep link before triggering the onOpenUrl event.
+
+## \[2.4.7]
+
+- [`8374e997`](https://github.com/tauri-apps/plugins-workspace/commit/8374e997b82c95516fc0c1f6d665d9fc3b52edf8) ([#3258](https://github.com/tauri-apps/plugins-workspace/pull/3258) by [@lucasfernog](https://github.com/tauri-apps/plugins-workspace/../../lucasfernog)) Fix runtime deep link registration failing on Linux when the app path has spaces.
+
 ## \[2.4.6]

 - [`28048039`](https://github.com/tauri-apps/plugins-workspace/commit/28048039496e84b46847c008416d341f1349e30e) ([#3143](https://github.com/tauri-apps/plugins-workspace/pull/3143) by [@Tunglies](https://github.com/tauri-apps/plugins-workspace/../../Tunglies)) Fix clippy warnings. No user facing changes.
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-deep-link"
-version = "2.4.6"
+version = "2.4.8"
 description = "Set your Tauri application as the default handler for an URL"
 authors = { workspace = true }
 license = { workspace = true }
@@ -6,9 +6,8 @@ package app.tauri.deep_link

 import android.app.Activity
 import android.content.Intent
-import android.os.Bundle
+import android.os.PatternMatcher
 import android.webkit.WebView
-import app.tauri.Logger
 import app.tauri.annotation.InvokeArg
 import app.tauri.annotation.Command
 import app.tauri.annotation.TauriPlugin
@@ -16,23 +15,43 @@ import app.tauri.plugin.Channel
 import app.tauri.plugin.JSObject
 import app.tauri.plugin.Plugin
 import app.tauri.plugin.Invoke
+import androidx.core.net.toUri

@InvokeArg
 class SetEventHandlerArgs {
    lateinit var handler: Channel
 }

+@InvokeArg
+class AssociatedDomain {
+    var scheme: List<String> = listOf("https", "http")
+    var host: String? = null
+    var path: List<String> = listOf()
+    var pathPattern: List<String> = listOf()
+    var pathPrefix: List<String> = listOf()
+    var pathSuffix: List<String> = listOf()
+}
+
+@InvokeArg
+class PluginConfig {
+    var mobile: List<AssociatedDomain> = listOf()
+}
+
@TauriPlugin
 class DeepLinkPlugin(private val activity: Activity): Plugin(activity) {
    //private val implementation = Example()
    private var webView: WebView? = null
    private var currentUrl: String? = null
    private var channel: Channel? = null
-
+    private var config: PluginConfig? = null
    companion object {
        var instance: DeepLinkPlugin? = null
    }

+    private fun isViewIntent(action: String?): Boolean {
+        return action == Intent.ACTION_VIEW || action == "org.chromium.arc.intent.action.VIEW"
+    }
+
    @Command
    fun getCurrent(invoke: Invoke) {
        val ret = JSObject()
@@ -51,27 +70,105 @@ class DeepLinkPlugin(private val activity: Activity): Plugin(activity) {

    override fun load(webView: WebView) {
        instance = this
-
-        val intent = activity.intent
-
-        if (intent.action == Intent.ACTION_VIEW) {
-            // TODO: check if it makes sense to split up init url and last url
-            this.currentUrl = intent.data.toString()
-            val event = JSObject()
-            event.put("url", this.currentUrl)
-            this.channel?.send(event)
-        }
+        config = getConfig(PluginConfig::class.java)

        super.load(webView)
        this.webView = webView
+
+        val intent = activity.intent
+
+        if (isViewIntent(intent.action) && intent.data != null) {
+            val url = intent.data.toString()
+            if (isDeepLink(url)) {
+                // TODO: check if it makes sense to split up init url and last url
+                this.currentUrl = url
+                val event = JSObject()
+                event.put("url", this.currentUrl)
+                this.channel?.send(event)
+            }
+        }
    }

    override fun onNewIntent(intent: Intent) {
-        if (intent.action == Intent.ACTION_VIEW) {
-            this.currentUrl = intent.data.toString()
-            val event = JSObject()
-            event.put("url", this.currentUrl)
-            this.channel?.send(event)
+        if (isViewIntent(intent.action) && intent.data != null) {
+            val url = intent.data.toString()
+            if (isDeepLink(url)) {
+                this.currentUrl = url
+                val event = JSObject()
+                event.put("url", this.currentUrl)
+                this.channel?.send(event)
+            }
        }
    }
+
+    private fun isDeepLink(url: String): Boolean {
+        val config = this.config ?: return false
+        
+        if (config.mobile.isEmpty()) {
+            return false
+        }
+
+        val uri = try {
+            url.toUri()
+        } catch (_: Exception) {
+            // not a URL
+            return false
+        }
+
+        val scheme = uri.scheme ?: return false
+        val host = uri.host
+        val path = uri.path ?: ""
+
+        // Check if URL matches any configured mobile deep link
+        for (domain in config.mobile) {
+            // Check scheme
+            if (!domain.scheme.any { it.equals(scheme, ignoreCase = true) }) {
+                continue
+            }
+
+            // Check host (if configured)
+            if (domain.host != null) {
+                if (!host.equals(domain.host, ignoreCase = true)) {
+                    continue
+                }
+            }
+
+            // Check path constraints
+            // According to Android docs:
+            // - path: exact match, must begin with /
+            // - pathPrefix: matches initial part of path
+            // - pathSuffix: matches ending part, doesn't need to begin with /
+            // - pathPattern: simple glob pattern (., *, .*)
+            val pathMatches = when {
+                // Exact path match (must begin with /)
+                domain.path.isNotEmpty() && domain.path.any { it == path } -> true
+                // Path pattern match (simple glob: ., *, .*)
+                domain.pathPattern.isNotEmpty() && domain.pathPattern.any { pattern ->
+                    try {
+                        PatternMatcher(pattern, PatternMatcher.PATTERN_SIMPLE_GLOB).match(path)
+                    } catch (e: Exception) {
+                        false
+                    }
+                } -> true
+                // Path prefix match
+                domain.pathPrefix.isNotEmpty() && domain.pathPrefix.any { prefix ->
+                    path.startsWith(prefix)
+                } -> true
+                // Path suffix match
+                domain.pathSuffix.isNotEmpty() && domain.pathSuffix.any { suffix ->
+                    path.endsWith(suffix)
+                } -> true
+                // If no path constraints, any path is allowed
+                domain.path.isEmpty() && domain.pathPattern.isEmpty() && 
+                domain.pathPrefix.isEmpty() && domain.pathSuffix.isEmpty() -> true
+                else -> false
+            }
+
+            if (pathMatches) {
+                return true
+            }
+        }
+
+        return false
+    }
 }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_DEEP_LINK__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function r(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}var t;async function i(e,t,i){const _={kind:"Any"};return r("plugin:event|listen",{event:e,target:_,handler:n(t)}).then((n=>async()=>async function(e,n){window.__TAURI_EVENT_PLUGIN_INTERNALS__.unregisterListener(e,n),await r("plugin:event|unlisten",{event:e,eventId:n})}(e,n)))}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WINDOW_CREATED="tauri://window-created",e.WEBVIEW_CREATED="tauri://webview-created",e.DRAG_ENTER="tauri://drag-enter",e.DRAG_OVER="tauri://drag-over",e.DRAG_DROP="tauri://drag-drop",e.DRAG_LEAVE="tauri://drag-leave"}(t||(t={})),e.getCurrent=async function(){return await r("plugin:deep-link|get_current")},e.isRegistered=async function(e){return await r("plugin:deep-link|is_registered",{protocol:e})},e.onOpenUrl=async function(e){return await i("deep-link://new-url",(n=>{e(n.payload)}))},e.register=async function(e){return await r("plugin:deep-link|register",{protocol:e})},e.unregister=async function(e){return await r("plugin:deep-link|unregister",{protocol:e})},e}({});Object.defineProperty(window.__TAURI__,"deepLink",{value:__TAURI_PLUGIN_DEEP_LINK__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_DEEP_LINK__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function r(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}var t;async function i(e,t,i){const _={kind:"Any"};return r("plugin:event|listen",{event:e,target:_,handler:n(t)}).then(n=>async()=>async function(e,n){window.__TAURI_EVENT_PLUGIN_INTERNALS__.unregisterListener(e,n),await r("plugin:event|unlisten",{event:e,eventId:n})}(e,n))}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WINDOW_CREATED="tauri://window-created",e.WEBVIEW_CREATED="tauri://webview-created",e.DRAG_ENTER="tauri://drag-enter",e.DRAG_OVER="tauri://drag-over",e.DRAG_DROP="tauri://drag-drop",e.DRAG_LEAVE="tauri://drag-leave"}(t||(t={})),e.getCurrent=async function(){return await r("plugin:deep-link|get_current")},e.isRegistered=async function(e){return await r("plugin:deep-link|is_registered",{protocol:e})},e.onOpenUrl=async function(e){return await i("deep-link://new-url",n=>{e(n.payload)})},e.register=async function(e){return await r("plugin:deep-link|register",{protocol:e})},e.unregister=async function(e){return await r("plugin:deep-link|unregister",{protocol:e})},e}({});Object.defineProperty(window.__TAURI__,"deepLink",{value:__TAURI_PLUGIN_DEEP_LINK__})}
@@ -25,6 +25,8 @@ fn intent_filter(domain: &AssociatedDomain) -> String {
    format!(
        r#"<intent-filter {auto_verify}>
    <action android:name="android.intent.action.VIEW" />
+    <!-- ChromeOS ARC++ uses a different action for deep links -->
+    <action android:name="org.chromium.arc.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    {schemes}
@@ -1,5 +1,17 @@
 # Changelog

+## \[2.2.11]
+
+### Dependencies
+
+- Upgraded to `deep-link-js@2.4.8`
+
+## \[2.2.10]
+
+### Dependencies
+
+- Upgraded to `deep-link-js@2.4.7`
+
 ## \[2.2.9]

 ### Dependencies
@@ -1,7 +1,7 @@
 {
  "name": "deep-link-example",
  "private": true,
-  "version": "2.2.9",
+  "version": "2.2.11",
  "type": "module",
  "scripts": {
    "dev": "vite",
@@ -10,12 +10,12 @@
    "tauri": "tauri"
  },
  "dependencies": {
-    "@tauri-apps/api": "2.9.1",
-    "@tauri-apps/plugin-deep-link": "2.4.6"
+    "@tauri-apps/api": "^2.10.1",
+    "@tauri-apps/plugin-deep-link": "2.4.8"
  },
  "devDependencies": {
-    "@tauri-apps/cli": "2.9.6",
-    "typescript": "^5.7.3",
-    "vite": "^7.0.7"
+    "@tauri-apps/cli": "2.10.1",
+    "typescript": "^5.9.3",
+    "vite": "^8.0.1"
  }
 }
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-deep-link",
-  "version": "2.4.6",
+  "version": "2.4.8",
  "description": "Set your Tauri application as the default handler for an URL",
  "license": "MIT OR Apache-2.0",
  "authors": [
@@ -25,9 +25,9 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  },
  "devDependencies": {
-    "@tauri-apps/cli": "2.9.6"
+    "@tauri-apps/cli": "2.10.1"
  }
 }
@@ -293,7 +293,7 @@ mod imp {
                    .unwrap_or_else(|| bin.into_os_string())
                    .to_string_lossy()
                    .to_string();
-                let qualified_exec = format!("{} %u", exec);
+                let qualified_exec = format!("\"{}\" %u", exec);

                let target = self.app.path().data_dir()?.join("applications");

@@ -1,5 +1,17 @@
 # Changelog

+## \[2.7.0]
+
+- [`24154472`](https://github.com/tauri-apps/plugins-workspace/commit/24154472a6710a690173df0a121125d1f1b871e8) ([#3287](https://github.com/tauri-apps/plugins-workspace/pull/3287) by [@Legend-Master](https://github.com/tauri-apps/plugins-workspace/../../Legend-Master)) Re-use `message` command in Rust side for `ask` and `confirm` commands, `allow-ask` and `allow-confirm` permissions are now aliases to `allow-message`
+
+### Dependencies
+
+- Upgraded to `fs-js@2.5.0`
+
+## \[2.6.0]
+
+- [`d7a0bb32`](https://github.com/tauri-apps/plugins-workspace/commit/d7a0bb325dad919d6cc132eb3898c33540de77c4) ([#3136](https://github.com/tauri-apps/plugins-workspace/pull/3136) by [@onehumandev](https://github.com/tauri-apps/plugins-workspace/../../onehumandev)) Add `fileAccessMode` option to file picker.
+
 ## \[2.5.0]

 - [`dff6fa98`](https://github.com/tauri-apps/plugins-workspace/commit/dff6fa986a9a05ba98b6ca660fea78ae97251fc2) ([#3034](https://github.com/tauri-apps/plugins-workspace/pull/3034) by [@onehumandev](https://github.com/tauri-apps/plugins-workspace/../../onehumandev)) Add `pickerMode` option to file picker (currently only used on iOS)
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-dialog"
-version = "2.5.0"
+version = "2.7.0"
 description = "Native system dialogs for opening and saving files along with message dialogs on your Tauri application."
 edition = { workspace = true }
 authors = { workspace = true }
@@ -37,7 +37,7 @@ tauri = { workspace = true }
 log = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
-tauri-plugin-fs = { path = "../fs", version = "2.4.5" }
+tauri-plugin-fs = { path = "../fs", version = "2.5.0" }

 [target.'cfg(target_os = "ios")'.dependencies]
 tauri = { workspace = true, features = ["wry"] }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_DIALOG__=function(t){"use strict";async function n(t,n={},e){return window.__TAURI_INTERNALS__.invoke(t,n,e)}function e(t){if(void 0!==t)return"string"==typeof t?t:"ok"in t&&"cancel"in t?{OkCancelCustom:[t.ok,t.cancel]}:"yes"in t&&"no"in t&&"cancel"in t?{YesNoCancelCustom:[t.yes,t.no,t.cancel]}:"ok"in t?{OkCustom:t.ok}:void 0}return"function"==typeof SuppressedError&&SuppressedError,t.ask=async function(t,e){const o="string"==typeof e?{title:e}:e;return await n("plugin:dialog|ask",{message:t.toString(),title:o?.title?.toString(),kind:o?.kind,yesButtonLabel:o?.okLabel?.toString(),noButtonLabel:o?.cancelLabel?.toString()})},t.confirm=async function(t,e){const o="string"==typeof e?{title:e}:e;return await n("plugin:dialog|confirm",{message:t.toString(),title:o?.title?.toString(),kind:o?.kind,okButtonLabel:o?.okLabel?.toString(),cancelButtonLabel:o?.cancelLabel?.toString()})},t.message=async function(t,o){const i="string"==typeof o?{title:o}:o;return n("plugin:dialog|message",{message:t.toString(),title:i?.title?.toString(),kind:i?.kind,okButtonLabel:i?.okLabel?.toString(),buttons:e(i?.buttons)})},t.open=async function(t={}){return"object"==typeof t&&Object.freeze(t),await n("plugin:dialog|open",{options:t})},t.save=async function(t={}){return"object"==typeof t&&Object.freeze(t),await n("plugin:dialog|save",{options:t})},t}({});Object.defineProperty(window.__TAURI__,"dialog",{value:__TAURI_PLUGIN_DIALOG__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_DIALOG__=function(n){"use strict";async function e(n,e={},t){return window.__TAURI_INTERNALS__.invoke(n,e,t)}function t(n){if(void 0!==n)return"string"==typeof n?n:"ok"in n&&"cancel"in n?{OkCancelCustom:[n.ok,n.cancel]}:"yes"in n&&"no"in n&&"cancel"in n?{YesNoCancelCustom:[n.yes,n.no,n.cancel]}:"ok"in n?{OkCustom:n.ok}:void 0}async function o(n,o){return await e("plugin:dialog|message",{message:n,title:o?.title,kind:o?.kind,buttons:t(o?.buttons)})}return"function"==typeof SuppressedError&&SuppressedError,n.ask=async function(n,e){const t="string"==typeof e?{title:e}:e,i=t?.okLabel||t?.cancelLabel,a=t?.okLabel??"Yes";return await o(n,{title:t?.title,kind:t?.kind,buttons:i?{ok:a,cancel:t.cancelLabel??"No"}:"YesNo"})===a},n.confirm=async function(n,e){const t="string"==typeof e?{title:e}:e,i=t?.okLabel||t?.cancelLabel,a=t?.okLabel??"Ok";return await o(n,{title:t?.title,kind:t?.kind,buttons:i?{ok:a,cancel:t.cancelLabel??"Cancel"}:"OkCancel"})===a},n.message=async function(n,e){const t="string"==typeof e?{title:e}:e;return t&&!t.buttons&&t.okLabel&&(t.buttons={ok:t.okLabel}),o(n,t)},n.open=async function(n={}){return"object"==typeof n&&Object.freeze(n),await e("plugin:dialog|open",{options:n})},n.save=async function(n={}){return"object"==typeof n&&Object.freeze(n),await e("plugin:dialog|save",{options:n})},n}({});Object.defineProperty(window.__TAURI__,"dialog",{value:__TAURI_PLUGIN_DIALOG__})}
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-const COMMANDS: &[&str] = &["open", "save", "message", "ask", "confirm"];
+const COMMANDS: &[&str] = &["open", "save", "message"];

 fn main() {
    let result = tauri_plugin::Builder::new(COMMANDS)
@@ -76,6 +76,31 @@ interface OpenDialogOptions {
   * On desktop, this option is ignored.
   */
  pickerMode?: PickerMode
+  /**
+   * The file access mode of the dialog.
+   * If not provided, `copy` is used, which matches the behavior of the {@linkcode open} method before the introduction of this option.
+   *
+   * **Usage**
+   * If a file is opened with {@linkcode fileAccessMode: 'copy'}, it will be copied to the app's sandbox.
+   * This means the file can be read, edited, deleted, copied, or any other operation without any issues, since the file
+   * now belongs to the app.
+   * This also means that the caller has responsibility of deleting the file if this file is not meant to be retained
+   * in the app sandbox.
+   *
+   * If a file is opened with {@linkcode fileAccessMode: 'scoped'}, the file will remain in its original location
+   * and security-scoped access will be automatically managed by the system.
+   *
+   * **Note**
+   * This is specifically meant for document pickers on iOS or MacOS, in conjunction with [security scoped resources](https://developer.apple.com/documentation/foundation/nsurl/startaccessingsecurityscopedresource()).
+   *
+   * Why only document pickers, and not image or video pickers?
+   * The image and video pickers on iOS behave differently from the document pickers, and return [NSItemProvider](https://developer.apple.com/documentation/foundation/nsitemprovider) objects instead of file URLs.
+   * These are meant to be ephemeral (only available within the callback of the picker), and are not accessible outside of the callback.
+   * So for image and video pickers, the only way to access the file is to copy it to the app's sandbox, and this is the URL that is returned from this API.
+   * This means there is no provision for using `scoped` mode with image or video pickers.
+   * If an image or video picker is used, `copy` is always used.
+   */
+  fileAccessMode?: FileAccessMode
 }

 /**
@@ -111,6 +136,16 @@ interface SaveDialogOptions {
 */
 export type PickerMode = 'document' | 'media' | 'image' | 'video'

+/**
+ * The file access mode of the dialog.
+ *
+ * - `copy`: copy/move the picked file to the app sandbox; no scoped access required.
+ * - `scoped`: keep file in place; security-scoped access is automatically managed.
+ *
+ * **Note:** This option is only supported on iOS 14 and above. This parameter is ignored on iOS 13 and below.
+ */
+export type FileAccessMode = 'copy' | 'scoped'
+
 /**
 * Default buttons for a message dialog.
 *
@@ -370,6 +405,18 @@ async function save(options: SaveDialogOptions = {}): Promise<string | null> {
 */
 export type MessageDialogResult = 'Yes' | 'No' | 'Ok' | 'Cancel' | (string & {})

+async function messageCommand(
+  message: string,
+  options?: Omit<MessageDialogOptions, 'okLabel'>
+) {
+  return await invoke<MessageDialogResult>('plugin:dialog|message', {
+    message,
+    title: options?.title,
+    kind: options?.kind,
+    buttons: buttonsToRust(options?.buttons)
+  })
+}
+
 /**
 * Shows a message dialog with an `Ok` button.
 * @example
@@ -392,18 +439,17 @@ async function message(
  options?: string | MessageDialogOptions
 ): Promise<MessageDialogResult> {
  const opts = typeof options === 'string' ? { title: options } : options
-
-  return invoke<MessageDialogResult>('plugin:dialog|message', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    okButtonLabel: opts?.okLabel?.toString(),
-    buttons: buttonsToRust(opts?.buttons)
-  })
+  if (opts && !opts.buttons && opts.okLabel) {
+    opts.buttons = { ok: opts.okLabel }
+  }
+  return messageCommand(message, opts)
 }

 /**
 * Shows a question dialog with `Yes` and `No` buttons.
+ *
+ * Convenient wrapper for `await message('msg', { buttons: 'YesNo' }) === 'Yes'`
+ *
 * @example
 * ```typescript
 * import { ask } from '@tauri-apps/plugin-dialog';
@@ -423,17 +469,24 @@ async function ask(
  options?: string | ConfirmDialogOptions
 ): Promise<boolean> {
  const opts = typeof options === 'string' ? { title: options } : options
-  return await invoke('plugin:dialog|ask', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    yesButtonLabel: opts?.okLabel?.toString(),
-    noButtonLabel: opts?.cancelLabel?.toString()
-  })
+  const customButtons = opts?.okLabel || opts?.cancelLabel
+  const okLabel = opts?.okLabel ?? 'Yes'
+  return (
+    (await messageCommand(message, {
+      title: opts?.title,
+      kind: opts?.kind,
+      buttons: customButtons
+        ? { ok: okLabel, cancel: opts.cancelLabel ?? 'No' }
+        : 'YesNo'
+    })) === okLabel
+  )
 }

 /**
 * Shows a question dialog with `Ok` and `Cancel` buttons.
+ *
+ * Convenient wrapper for `await message('msg', { buttons: 'OkCancel' }) === 'Ok'`
+ *
 * @example
 * ```typescript
 * import { confirm } from '@tauri-apps/plugin-dialog';
@@ -453,13 +506,17 @@ async function confirm(
  options?: string | ConfirmDialogOptions
 ): Promise<boolean> {
  const opts = typeof options === 'string' ? { title: options } : options
-  return await invoke('plugin:dialog|confirm', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    okButtonLabel: opts?.okLabel?.toString(),
-    cancelButtonLabel: opts?.cancelLabel?.toString()
-  })
+  const customButtons = opts?.okLabel || opts?.cancelLabel
+  const okLabel = opts?.okLabel ?? 'Ok'
+  return (
+    (await messageCommand(message, {
+      title: opts?.title,
+      kind: opts?.kind,
+      buttons: customButtons
+        ? { ok: okLabel, cancel: opts.cancelLabel ?? 'Cancel' }
+        : 'OkCancel'
+    })) === okLabel
+  )
 }

 export type {
@@ -34,6 +34,7 @@ struct FilePickerOptions: Decodable {
  var filters: [Filter]?
  var defaultPath: String?
  var pickerMode: PickerMode?
+  var fileAccessMode: FileAccessMode?
 }

 struct SaveFileDialogOptions: Decodable {
@@ -41,6 +42,11 @@ struct SaveFileDialogOptions: Decodable {
  var defaultPath: String?
 }

+enum FileAccessMode: String, Decodable {
+  case copy
+  case scoped
+}
+
 enum PickerMode: String, Decodable {
  case document
  case media
@@ -56,6 +62,7 @@ class DialogPlugin: Plugin {
  override init() {
    super.init()
    filePickerController = FilePickerController(self)
+
  }

  @objc public func showFilePicker(_ invoke: Invoke) throws {
@@ -70,12 +77,13 @@ class DialogPlugin: Plugin {
      case .error(let error):
        invoke.reject(error)
      }
-      }
+    }

    if #available(iOS 14, *) {
      let parsedTypes = parseFiltersOption(args.filters ?? [])

-      let mimeKinds = Set(parsedTypes.compactMap { $0.preferredMIMEType?.components(separatedBy: "/")[0] })
+      let mimeKinds = Set(
+        parsedTypes.compactMap { $0.preferredMIMEType?.components(separatedBy: "/")[0] })
      let filtersIncludeImage = mimeKinds.contains("image")
      let filtersIncludeVideo = mimeKinds.contains("video")
      let filtersIncludeNonMedia = mimeKinds.contains(where: { $0 != "image" && $0 != "video" })
@@ -85,7 +93,8 @@ class DialogPlugin: Plugin {
      if args.pickerMode == .media
        || args.pickerMode == .image
        || args.pickerMode == .video
-        || (!filtersIncludeNonMedia && (filtersIncludeImage || filtersIncludeVideo)) {
+        || (!filtersIncludeNonMedia && (filtersIncludeImage || filtersIncludeVideo))
+      {
        DispatchQueue.main.async {
          var configuration = PHPickerConfiguration(photoLibrary: PHPhotoLibrary.shared())
          configuration.selectionLimit = (args.multiple ?? false) ? 0 : 1
@@ -107,8 +116,10 @@ class DialogPlugin: Plugin {
        DispatchQueue.main.async {
          // The UTType.item is the catch-all, allowing for any file type to be selected.
          let contentTypes = parsedTypes.isEmpty ? [UTType.item] : parsedTypes
-          let picker: UIDocumentPickerViewController = UIDocumentPickerViewController(forOpeningContentTypes: contentTypes, asCopy: true)
-          
+          let picker: UIDocumentPickerViewController = UIDocumentPickerViewController(
+            forOpeningContentTypes: contentTypes,
+            asCopy: args.fileAccessMode == .scoped ? false : true)
+
          if let defaultPath = args.defaultPath {
            picker.directoryURL = URL(string: defaultPath)
          }
@@ -181,7 +192,7 @@ class DialogPlugin: Plugin {
        }
      }
    }
-    
+
    return parsedTypes
  }

@@ -203,14 +214,14 @@ class DialogPlugin: Plugin {
    if !filtersIncludeNonMedia && (filtersIncludeImage || filtersIncludeVideo) {
      DispatchQueue.main.async {
        let picker = UIImagePickerController()
-          picker.delegate = self.filePickerController
+        picker.delegate = self.filePickerController

-          if filtersIncludeImage && !filtersIncludeVideo {
-            picker.sourceType = .photoLibrary
-          }
+        if filtersIncludeImage && !filtersIncludeVideo {
+          picker.sourceType = .photoLibrary
+        }

-          picker.modalPresentationStyle = .fullScreen
-          self.presentViewController(picker)
+        picker.modalPresentationStyle = .fullScreen
+        self.presentViewController(picker)
      }
    } else {
      let documentTypes = parsedTypes.isEmpty ? ["public.data"] : parsedTypes
@@ -234,7 +245,8 @@ class DialogPlugin: Plugin {
    for filter in filters {
      for ext in filter.extensions ?? [] {
        guard
-          let utType: String = UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, ext as CFString, nil)?.takeRetainedValue() as String?
+          let utType: String = UTTypeCreatePreferredIdentifierForTag(
+            kUTTagClassMIMEType, ext as CFString, nil)?.takeRetainedValue() as String?
        else {
          continue
        }
@@ -292,6 +304,7 @@ class DialogPlugin: Plugin {
      manager.viewController?.present(alert, animated: true, completion: nil)
    }
  }
+
 }

@_cdecl("init_plugin_dialog")
@@ -95,16 +95,33 @@ public class FilePickerController: NSObject {
 			return nil
 		}
 	}
-
+    
+	/// ## In which cases do we need to save a copy of a file selected by a user to the app sandbox?
+	/// In short, only when the file is **not** selected using UIDocumentPickerDelegate.
+	/// For the rest of the cases, we need to write a copy of the file to the app sandbox. 
+	/// 
+	/// For PHPicker (used for photos and videos), `NSItemProvider.loadFileRepresentation` returns a temporary file URL that is deleted after the completion handler.
+	/// The recommendation is to [Persist](https://developer.apple.com/documentation/foundation/nsitemprovider/2888338-loadfilerepresentation) the file by moving/copying
+	/// it to your app’s directory within the completion handler.
+	/// 
+	/// If available, `loadInPlaceFileRepresentation` can open a file in place; Photos assets typically do not support true in-place access,
+	/// so fall back to persisting a local file.
+	/// Ref: https://developer.apple.com/documentation/foundation/nsitemprovider/2888335-loadinplacefilerepresentation
+	/// 
+	/// For UIDocumentPicker, prefer "open in place" and avoid copying when possible.
+	/// Ref: https://developer.apple.com/documentation/uikit/uidocumentpickerviewcontroller
 	private func saveTemporaryFile(_ sourceUrl: URL) throws -> URL {
+
 		var directory = URL(fileURLWithPath: NSTemporaryDirectory())
 		if let cachesDirectory = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first {
 			directory = cachesDirectory
 		}
+		
 		let targetUrl = directory.appendingPathComponent(sourceUrl.lastPathComponent)
 		do {
 			try deleteFile(targetUrl)
 		}
+
 		try FileManager.default.copyItem(at: sourceUrl, to: targetUrl)
 		return targetUrl
 	}
@@ -119,8 +136,7 @@ public class FilePickerController: NSObject {
 extension FilePickerController: UIDocumentPickerDelegate {
 	public func documentPicker(_ controller: UIDocumentPickerViewController, didPickDocumentsAt urls: [URL]) {
 		do {
-			let temporaryUrls = try urls.map { try saveTemporaryFile($0) }
-			self.plugin.onFilePickerEvent(.selected(temporaryUrls))
+			self.plugin.onFilePickerEvent(.selected(urls))
 		} catch {
 			self.plugin.onFilePickerEvent(.error("Failed to create a temporary copy of the file"))
 		}
@@ -191,6 +207,8 @@ extension FilePickerController: PHPickerViewControllerDelegate {
 						return
 					}
 					do {
+						// We have to make a copy of the file to the app sandbox here, as PHPicker returns an NSItemProvider with either an ephemeral file URL or content that is deleted after the completion handler.
+						// This is a different behavior from UIDocumentPicker, where the file can either be copied to the app sandbox or opened in place, and then accessed with `startAccessingSecurityScopedResource`.
 						let temporaryUrl = try self.saveTemporaryFile(url)
 						temporaryUrls.append(temporaryUrl)
 					} catch {
@@ -212,6 +230,8 @@ extension FilePickerController: PHPickerViewControllerDelegate {
 						return
 					}
 					do {
+						// We have to make a copy of the file to the app sandbox here, as PHPicker returns an NSItemProvider with either an ephemeral file URL or content that is deleted after the completion handler.
+						// This is a different behavior from UIDocumentPicker, where the file can either be copied to the app sandbox or opened in place, and then accessed with `startAccessingSecurityScopedResource`.
 						let temporaryUrl = try self.saveTemporaryFile(url)
 						temporaryUrls.append(temporaryUrl)
 					} catch {
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-dialog",
-  "version": "2.5.0",
+  "version": "2.7.0",
  "license": "MIT OR Apache-2.0",
  "authors": [
    "Tauri Programme within The Commons Conservancy"
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -0,0 +1,11 @@
+"$schema" = "schemas/schema.json"
+
+[[permission]]
+identifier = "allow-ask"
+description = "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
+commands.allow = ["message"]
+
+[[permission]]
+identifier = "deny-ask"
+description = "Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
+commands.deny = ["message"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-ask"
-description = "Enables the ask command without any pre-configured scope."
-commands.allow = ["ask"]
-
-[[permission]]
-identifier = "deny-ask"
-description = "Denies the ask command without any pre-configured scope."
-commands.deny = ["ask"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-confirm"
-description = "Enables the confirm command without any pre-configured scope."
-commands.allow = ["confirm"]
-
-[[permission]]
-identifier = "deny-confirm"
-description = "Denies the confirm command without any pre-configured scope."
-commands.deny = ["confirm"]
@@ -9,8 +9,6 @@ All dialog types are enabled.

 #### This default permission set includes the following:

- `allow-ask`
- `allow-confirm`
 - `allow-message`
 - `allow-save`
 - `allow-open`
@@ -32,7 +30,7 @@ All dialog types are enabled.
 </td>
 <td>

-Enables the ask command without any pre-configured scope.
+Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)

 </td>
 </tr>
@@ -45,33 +43,7 @@ Enables the ask command without any pre-configured scope.
 </td>
 <td>

-Denies the ask command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`dialog:allow-confirm`
-
-</td>
-<td>
-
-Enables the confirm command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`dialog:deny-confirm`
-
-</td>
-<td>
-
-Denies the confirm command without any pre-configured scope.
+Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)

 </td>
 </tr>
@@ -151,6 +123,32 @@ Enables the save command without any pre-configured scope.

 Denies the save command without any pre-configured scope.

+</td>
+</tr>
+
+<tr>
+<td>
+
+`dialog:allow-confirm`
+
+</td>
+<td>
+
+Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`dialog:deny-confirm`
+
+</td>
+<td>
+
+Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)
+
 </td>
 </tr>
 </table>
@@ -0,0 +1,11 @@
+"$schema" = "schemas/schema.json"
+
+[[permission]]
+identifier = "allow-confirm"
+description = "Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
+commands.allow = ["message"]
+
+[[permission]]
+identifier = "deny-confirm"
+description = "Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
+commands.deny = ["message"]
@@ -11,10 +11,4 @@ All dialog types are enabled.


 """
-permissions = [
-  "allow-ask",
-  "allow-confirm",
-  "allow-message",
-  "allow-save",
-  "allow-open",
-]
+permissions = ["allow-message", "allow-save", "allow-open"]
@@ -295,28 +295,16 @@
      "type": "string",
      "oneOf": [
        {
-          "description": "Enables the ask command without any pre-configured scope.",
+          "description": "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)",
          "type": "string",
          "const": "allow-ask",
-          "markdownDescription": "Enables the ask command without any pre-configured scope."
+          "markdownDescription": "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
        },
        {
-          "description": "Denies the ask command without any pre-configured scope.",
+          "description": "Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)",
          "type": "string",
          "const": "deny-ask",
-          "markdownDescription": "Denies the ask command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the confirm command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-confirm",
-          "markdownDescription": "Enables the confirm command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the confirm command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-confirm",
-          "markdownDescription": "Denies the confirm command without any pre-configured scope."
+          "markdownDescription": "Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
        },
        {
          "description": "Enables the message command without any pre-configured scope.",
@@ -355,10 +343,22 @@
          "markdownDescription": "Denies the save command without any pre-configured scope."
        },
        {
-          "description": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-ask`\n- `allow-confirm`\n- `allow-message`\n- `allow-save`\n- `allow-open`",
+          "description": "Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)",
+          "type": "string",
+          "const": "allow-confirm",
+          "markdownDescription": "Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
+        },
+        {
+          "description": "Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)",
+          "type": "string",
+          "const": "deny-confirm",
+          "markdownDescription": "Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
+        },
+        {
+          "description": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-message`\n- `allow-save`\n- `allow-open`",
          "type": "string",
          "const": "default",
-          "markdownDescription": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-ask`\n- `allow-confirm`\n- `allow-message`\n- `allow-save`\n- `allow-open`"
+          "markdownDescription": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-message`\n- `allow-save`\n- `allow-open`"
        }
      ]
    }
@@ -9,8 +9,8 @@ use tauri::{command, Manager, Runtime, State, Window};
 use tauri_plugin_fs::FsExt;

 use crate::{
-    Dialog, FileDialogBuilder, FilePath, MessageDialogBuilder, MessageDialogButtons,
-    MessageDialogKind, MessageDialogResult, PickerMode, Result, CANCEL, NO, OK, YES,
+    Dialog, FileAccessMode, FileDialogBuilder, FilePath, MessageDialogButtons, MessageDialogKind,
+    MessageDialogResult, PickerMode, Result,
 };

 #[derive(Serialize)]
@@ -63,6 +63,10 @@ pub struct OpenDialogOptions {
    #[serde(default)]
    #[cfg_attr(mobile, allow(dead_code))]
    picker_mode: Option<PickerMode>,
+    /// The file access mode of the dialog.
+    #[serde(default)]
+    #[cfg_attr(mobile, allow(dead_code))]
+    file_access_mode: Option<FileAccessMode>,
 }

 /// The options for the save dialog API.
@@ -141,6 +145,9 @@ pub(crate) async fn open<R: Runtime>(
        let extensions: Vec<&str> = filter.extensions.iter().map(|s| &**s).collect();
        dialog_builder = dialog_builder.add_filter(filter.name, &extensions);
    }
+    if let Some(file_access_mode) = options.file_access_mode {
+        dialog_builder = dialog_builder.set_file_access_mode(file_access_mode);
+    }

    let res = if options.directory {
        #[cfg(desktop)]
@@ -251,17 +258,20 @@ pub(crate) async fn save<R: Runtime>(
    Ok(path.map(|p| p.simplified()))
 }

-fn message_dialog<R: Runtime>(
-    #[allow(unused_variables)] window: Window<R>,
+#[command]
+pub(crate) async fn message<R: Runtime>(
+    #[allow(unused)] window: Window<R>,
    dialog: State<'_, Dialog<R>>,
    title: Option<String>,
    message: String,
    kind: Option<MessageDialogKind>,
-    buttons: MessageDialogButtons,
-) -> MessageDialogBuilder<R> {
+    buttons: Option<MessageDialogButtons>,
+) -> Result<MessageDialogResult> {
    let mut builder = dialog.message(message);

-    builder = builder.buttons(buttons);
+    if let Some(buttons) = buttons {
+        builder = builder.buttons(buttons);
+    }

    if let Some(title) = title {
        builder = builder.title(title);
@@ -276,86 +286,5 @@ fn message_dialog<R: Runtime>(
        builder = builder.kind(kind);
    }

-    builder
-}
-
-#[command]
-pub(crate) async fn message<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    ok_button_label: Option<String>,
-    buttons: Option<MessageDialogButtons>,
-) -> Result<MessageDialogResult> {
-    let buttons = buttons.unwrap_or(if let Some(ok_button_label) = ok_button_label {
-        MessageDialogButtons::OkCustom(ok_button_label)
-    } else {
-        MessageDialogButtons::Ok
-    });
-
-    Ok(message_dialog(window, dialog, title, message, kind, buttons).blocking_show_with_result())
-}
-
-#[command]
-pub(crate) async fn ask<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    yes_button_label: Option<String>,
-    no_button_label: Option<String>,
-) -> Result<bool> {
-    let dialog = message_dialog(
-        window,
-        dialog,
-        title,
-        message,
-        kind,
-        if let Some(yes_button_label) = yes_button_label {
-            MessageDialogButtons::OkCancelCustom(
-                yes_button_label,
-                no_button_label.unwrap_or(NO.to_string()),
-            )
-        } else if let Some(no_button_label) = no_button_label {
-            MessageDialogButtons::OkCancelCustom(YES.to_string(), no_button_label)
-        } else {
-            MessageDialogButtons::YesNo
-        },
-    );
-
-    Ok(dialog.blocking_show())
-}
-
-#[command]
-pub(crate) async fn confirm<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    ok_button_label: Option<String>,
-    cancel_button_label: Option<String>,
-) -> Result<bool> {
-    let dialog = message_dialog(
-        window,
-        dialog,
-        title,
-        message,
-        kind,
-        if let Some(ok_button_label) = ok_button_label {
-            MessageDialogButtons::OkCancelCustom(
-                ok_button_label,
-                cancel_button_label.unwrap_or(CANCEL.to_string()),
-            )
-        } else if let Some(cancel_button_label) = cancel_button_label {
-            MessageDialogButtons::OkCancelCustom(OK.to_string(), cancel_button_label)
-        } else {
-            MessageDialogButtons::OkCancel
-        },
-    );
-
-    Ok(dialog.blocking_show())
+    Ok(builder.blocking_show_with_result())
 }
@@ -53,9 +53,19 @@ pub enum PickerMode {
    Video,
 }

+#[derive(Debug, Serialize, Deserialize, Clone)]
+#[serde(rename_all = "lowercase")]
+pub enum FileAccessMode {
+    Copy,
+    Scoped,
+}
+
 pub(crate) const OK: &str = "Ok";
+#[cfg(mobile)]
 pub(crate) const CANCEL: &str = "Cancel";
+#[cfg(mobile)]
 pub(crate) const YES: &str = "Yes";
+#[cfg(mobile)]
 pub(crate) const NO: &str = "No";

 macro_rules! blocking_fn {
@@ -190,8 +200,6 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
            commands::open,
            commands::save,
            commands::message,
-            commands::ask,
-            commands::confirm
        ])
        .setup(|app, api| {
            #[cfg(mobile)]
@@ -239,8 +247,8 @@ impl<R: Runtime> MessageDialogBuilder<R> {
            dialog,
            title: title.into(),
            message: message.into(),
-            kind: Default::default(),
-            buttons: Default::default(),
+            kind: MessageDialogKind::default(),
+            buttons: MessageDialogButtons::default(),
            #[cfg(desktop)]
            parent: None,
        }
@@ -379,6 +387,7 @@ pub struct FileDialogBuilder<R: Runtime> {
    pub(crate) title: Option<String>,
    pub(crate) can_create_directories: Option<bool>,
    pub(crate) picker_mode: Option<PickerMode>,
+    pub(crate) file_access_mode: Option<FileAccessMode>,
    #[cfg(desktop)]
    pub(crate) parent: Option<crate::desktop::WindowHandle>,
 }
@@ -391,6 +400,7 @@ pub(crate) struct FileDialogPayload<'a> {
    filters: &'a Vec<Filter>,
    multiple: bool,
    picker_mode: &'a Option<PickerMode>,
+    file_access_mode: &'a Option<FileAccessMode>,
 }

 // raw window handle :(
@@ -407,6 +417,7 @@ impl<R: Runtime> FileDialogBuilder<R> {
            title: None,
            can_create_directories: None,
            picker_mode: None,
+            file_access_mode: None,
            #[cfg(desktop)]
            parent: None,
        }
@@ -419,6 +430,7 @@ impl<R: Runtime> FileDialogBuilder<R> {
            filters: &self.filters,
            multiple,
            picker_mode: &self.picker_mode,
+            file_access_mode: &self.file_access_mode,
        }
    }

@@ -488,6 +500,14 @@ impl<R: Runtime> FileDialogBuilder<R> {
        self
    }

+    /// Set the file access mode of the dialog.
+    /// This is only used on iOS.
+    /// On desktop and Android, this option is ignored.
+    pub fn set_file_access_mode(mut self, mode: FileAccessMode) -> Self {
+        self.file_access_mode.replace(mode);
+        self
+    }
+
    /// Shows the dialog to select a single file.
    ///
    /// This is not a blocking operation,
@@ -1,5 +1,11 @@
 # Changelog

+## \[2.5.0]
+
+- [`e97a4ded`](https://github.com/tauri-apps/plugins-workspace/commit/e97a4dedab8608d9d57029784ee8a2607ca3a996) ([#3244](https://github.com/tauri-apps/plugins-workspace/pull/3244) by [@SeijiOkuda](https://github.com/tauri-apps/plugins-workspace/../../SeijiOkuda)) Add `encoding` option for `readTextFile` and `readTextFileLines`
+- [`f75d21db`](https://github.com/tauri-apps/plugins-workspace/commit/f75d21db3351d6f12adf585c2c797c20ece94f7f) ([#3360](https://github.com/tauri-apps/plugins-workspace/pull/3360) by [@Legend-Master](https://github.com/tauri-apps/plugins-workspace/../../Legend-Master)) Removed the dependency on `tauri-utils`'s `build` feature
+- [`f5f68063`](https://github.com/tauri-apps/plugins-workspace/commit/f5f68063e459c33522f44a04df3120d9d039ec13) ([#3185](https://github.com/tauri-apps/plugins-workspace/pull/3185) by [@lucasfernog](https://github.com/tauri-apps/plugins-workspace/../../lucasfernog)) Enable access for security-scoped resources on iOS by automatically calling `NSURL::startAccessingSecurityScopedResource` on resource access and adding the `stopAccessingSecurityScopedResource` API.
+
 ## \[2.4.5]

 - [`521cd8b3`](https://github.com/tauri-apps/plugins-workspace/commit/521cd8b372c862d96b1637775710e4d7cf2443e2) ([#3155](https://github.com/tauri-apps/plugins-workspace/pull/3155) by [@EliasStar](https://github.com/tauri-apps/plugins-workspace/../../EliasStar)) Fix off by one error in the implementation of readTextFileLines causing all lines to end with an (additional) null byte.
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-fs"
-version = "2.4.5"
+version = "2.5.0"
 description = "Access the file system."
 authors = { workspace = true }
 license = { workspace = true }
@@ -21,7 +21,7 @@ tauri-plugin = { workspace = true, features = ["build"] }
 schemars = { workspace = true }
 serde = { workspace = true }
 toml = "0.9"
-tauri-utils = { workspace = true, features = ["build"] }
+tauri-utils = { workspace = true }

 [dependencies]
 serde = { workspace = true }
@@ -30,6 +30,7 @@ serde_repr = "0.1"
 tauri = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
+log = { workspace = true }
 anyhow = "1"
 glob = { workspace = true }
 # TODO: Remove `serialization-compat-6` in v3
@@ -41,5 +42,8 @@ notify-debouncer-full = { version = "0.6", optional = true }
 dunce = { workspace = true }
 percent-encoding = "2"

+[target.'cfg(target_os = "ios")'.dependencies]
+objc2-foundation = { version = "0.3", features = ["NSURL", "NSString"] }
+
 [features]
 watch = ["notify", "notify-debouncer-full"]
@@ -104,6 +104,8 @@ const COMMANDS: &[(&str, &[&str])] = &[
    // TODO: Remove this in v3
    ("unwatch", &[]),
    ("size", &[]),
+    ("start_accessing_security_scoped_resource", &[]),
+    ("stop_accessing_security_scoped_resource", &[]),
 ];

 fn main() {
@@ -5,6 +5,19 @@
 /**
 * Access the file system.
 *
+ * ## iOS security-scoped resources
+ *
+ * On iOS, the `fs` plugin automatically manages access to security-scoped resources when a file URL is accessed.
+ * This is required for files outside the app's sandbox (e.g., from file picker).
+ *
+ * @example
+ * ```typescript
+ * import { open } from '@tauri-apps/plugin-fs';
+ *
+ * const file = await open('file:///path/to/file.txt');
+ * await file.close();
+ * ```
+ *
 * ## Security
 *
 * This module prevents path traversal, not allowing parent directory accessors to be used
@@ -723,6 +736,8 @@ async function readDir(
 interface ReadFileOptions {
  /** Base directory for `path` */
  baseDir?: BaseDirectory
+  /** Text encoding to use when reading a text file. Defaults to 'utf-8'. */
+  encoding?: string
 }

 /**
@@ -753,7 +768,7 @@ async function readFile(
 }

 /**
- * Reads and returns the entire contents of a file as UTF-8 string.
+ * Reads and returns the entire contents of a file as a string using the specified encoding (default: UTF-8).
 * @example
 * ```typescript
 * import { readTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
@@ -777,11 +792,11 @@ async function readTextFile(

  const bytes = arr instanceof ArrayBuffer ? arr : Uint8Array.from(arr)

-  return new TextDecoder().decode(bytes)
+  return new TextDecoder(options?.encoding ?? 'utf-8').decode(bytes)
 }

 /**
- * Returns an async {@linkcode AsyncIterableIterator} over the lines of a file as UTF-8 string.
+ * Returns an async {@linkcode AsyncIterableIterator} over the lines of a file, decoded using the specified encoding (default: UTF-8).
 * @example
 * ```typescript
 * import { readTextFileLines, BaseDirectory } from '@tauri-apps/plugin-fs';
@@ -810,10 +825,15 @@ async function readTextFileLines(
    rid: null as number | null,

    async next(): Promise<IteratorResult<string>> {
+      const decoder = new TextDecoder(options?.encoding ?? 'utf-8')
+
      if (this.rid === null) {
+        // Use the normalized encoding label for options.
+        const encoding = decoder.encoding
+
        this.rid = await invoke<number>('plugin:fs|read_text_file_lines', {
          path: pathStr,
-          options
+          options: options != null ? { ...options, encoding } : undefined
        })
      }

@@ -838,9 +858,7 @@ async function readTextFileLines(
        return { value: null, done }
      }

-      const line = new TextDecoder().decode(
-        bytes.slice(0, bytes.byteLength - 1)
-      )
+      const line = decoder.decode(bytes.slice(0, bytes.byteLength - 1))

      return {
        value: line,
@@ -1348,6 +1366,79 @@ async function size(path: string | URL): Promise<number> {
  })
 }

+/**
+ * Starts accessing a security-scoped resource for the given file URL.
+ * This should be called when you're accessing a file that was opened
+ * using a security-scoped URL (e.g., from a file picker).
+ *
+ * Note that accessing security-scoped resources is automatically managed by the plugin on iOS, so you don't need to call this function
+ * unless you want to manage the scope manually.
+ *
+ * You must call {@linkcode stopAccessingSecurityScopedResource} when you're done accessing the resource.
+ *
+ * #### Platform-specific
+ *
+ * - **iOS:** Starts accessing the security-scoped resource.
+ * - **Other platforms:** does nothing.
+ *
+ * @example
+ * ```typescript
+ * import { startAccessingSecurityScopedResource } from '@tauri-apps/plugin-fs';
+ *
+ * const filePath = 'file:///path/to/file.txt';
+ * await startAccessingSecurityScopedResource(filePath);
+ * // ... use the resource ...
+ * ```
+ *
+ * @since 2.5.0
+ */
+async function startAccessingSecurityScopedResource(
+  path: string | URL
+): Promise<void> {
+  if (path instanceof URL && path.protocol !== 'file:') {
+    throw new TypeError('Must be a file URL.')
+  }
+
+  await invoke('plugin:fs|start_accessing_security_scoped_resource', {
+    path: path instanceof URL ? path.toString() : path
+  })
+}
+
+/**
+ * Stops accessing a security-scoped resource for the given file URL.
+ * This should be called when you're done accessing a file that was opened
+ * using a security-scoped URL (e.g., from a file picker) when using manual tracking via {@linkcode startAccessingSecurityScopedResource}.
+ *
+ * #### Platform-specific
+ *
+ * - **iOS:** Stops accessing the security-scoped resource.
+ * - **Other platforms:** does nothing.
+ *
+ * @example
+ * ```typescript
+ * import { stopAccessingSecurityScopedResource } from '@tauri-apps/plugin-fs';
+ *
+ * const filePath = 'file:///path/to/file.txt';
+ * await startAccessingSecurityScopedResource(filePath);
+ * // ... use the resource ...
+ * // when you're done with the resource:
+ * await stopAccessingSecurityScopedResource(filePath);
+ * ```
+ *
+ * @since 2.5.0
+ */
+async function stopAccessingSecurityScopedResource(
+  path: string | URL
+): Promise<void> {
+  if (path instanceof URL && path.protocol !== 'file:') {
+    throw new TypeError('Must be a file URL.')
+  }
+
+  await invoke('plugin:fs|stop_accessing_security_scoped_resource', {
+    path: path instanceof URL ? path.toString() : path
+  })
+}
+
 export type {
  CreateOptions,
  OpenOptions,
@@ -1396,5 +1487,7 @@ export {
  exists,
  watch,
  watchImmediate,
-  size
+  size,
+  startAccessingSecurityScopedResource,
+  stopAccessingSecurityScopedResource
 }
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-fs",
-  "version": "2.4.5",
+  "version": "2.5.0",
  "description": "Access the file system.",
  "license": "MIT OR Apache-2.0",
  "authors": [
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-start-accessing-security-scoped-resource"
+description = "Enables the start_accessing_security_scoped_resource command without any pre-configured scope."
+commands.allow = ["start_accessing_security_scoped_resource"]
+
+[[permission]]
+identifier = "deny-start-accessing-security-scoped-resource"
+description = "Denies the start_accessing_security_scoped_resource command without any pre-configured scope."
+commands.deny = ["start_accessing_security_scoped_resource"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-stop-accessing-security-scoped-resource"
+description = "Enables the stop_accessing_security_scoped_resource command without any pre-configured scope."
+commands.allow = ["stop_accessing_security_scoped_resource"]
+
+[[permission]]
+identifier = "deny-stop-accessing-security-scoped-resource"
+description = "Denies the stop_accessing_security_scoped_resource command without any pre-configured scope."
+commands.deny = ["stop_accessing_security_scoped_resource"]
@@ -3435,6 +3435,32 @@ Denies the size command without any pre-configured scope.
 <tr>
 <td>

+`fs:allow-start-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Enables the start_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-start-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Denies the start_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
 `fs:allow-stat`

 </td>
@@ -3461,6 +3487,32 @@ Denies the stat command without any pre-configured scope.
 <tr>
 <td>

+`fs:allow-stop-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Enables the stop_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-stop-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Denies the stop_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
 `fs:allow-truncate`

 </td>
@@ -1860,6 +1860,18 @@
          "const": "deny-size",
          "markdownDescription": "Denies the size command without any pre-configured scope."
        },
+        {
+          "description": "Enables the start_accessing_security_scoped_resource command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-start-accessing-security-scoped-resource",
+          "markdownDescription": "Enables the start_accessing_security_scoped_resource command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the start_accessing_security_scoped_resource command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-start-accessing-security-scoped-resource",
+          "markdownDescription": "Denies the start_accessing_security_scoped_resource command without any pre-configured scope."
+        },
        {
          "description": "Enables the stat command without any pre-configured scope.",
          "type": "string",
@@ -1872,6 +1884,18 @@
          "const": "deny-stat",
          "markdownDescription": "Denies the stat command without any pre-configured scope."
        },
+        {
+          "description": "Enables the stop_accessing_security_scoped_resource command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-stop-accessing-security-scoped-resource",
+          "markdownDescription": "Enables the stop_accessing_security_scoped_resource command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the stop_accessing_security_scoped_resource command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-stop-accessing-security-scoped-resource",
+          "markdownDescription": "Denies the stop_accessing_security_scoped_resource command without any pre-configured scope."
+        },
        {
          "description": "Enables the truncate command without any pre-configured scope.",
          "type": "string",
@@ -3,37 +3,31 @@
 // SPDX-License-Identifier: MIT

 use serde::de::DeserializeOwned;
-use tauri::{
-    plugin::{PluginApi, PluginHandle},
-    AppHandle, Runtime,
-};
+use tauri::{plugin::PluginApi, AppHandle, Runtime};

 use crate::{models::*, FilePath, OpenOptions};

-#[cfg(target_os = "android")]
 const PLUGIN_IDENTIFIER: &str = "com.plugin.fs";

-#[cfg(target_os = "ios")]
-tauri::ios_plugin_binding!(init_plugin_fs);
+pub struct Fs<R: Runtime>(tauri::plugin::PluginHandle<R>);

-// initializes the Kotlin or Swift plugin classes
 pub fn init<R: Runtime, C: DeserializeOwned>(
    _app: &AppHandle<R>,
    api: PluginApi<R, C>,
 ) -> crate::Result<Fs<R>> {
-    #[cfg(target_os = "android")]
    let handle = api
        .register_android_plugin(PLUGIN_IDENTIFIER, "FsPlugin")
        .unwrap();
-    #[cfg(target_os = "ios")]
-    let handle = api.register_ios_plugin(init_plugin_android - intent - send)?;
    Ok(Fs(handle))
 }

-/// Access to the android-intent-send APIs.
-pub struct Fs<R: Runtime>(PluginHandle<R>);
-
 impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call `stop_accessing_security_scoped_resource` when you're done accessing the file.
    pub fn open<P: Into<FilePath>>(
        &self,
        path: P,
@@ -68,29 +62,25 @@ impl<R: Runtime> Fs<R> {
        }
    }

-    #[cfg(target_os = "android")]
    fn resolve_content_uri(
        &self,
        uri: impl Into<String>,
        mode: impl Into<String>,
    ) -> crate::Result<std::fs::File> {
-        #[cfg(target_os = "android")]
-        {
-            let result = self.0.run_mobile_plugin::<GetFileDescriptorResponse>(
-                "getFileDescriptor",
-                GetFileDescriptorPayload {
-                    uri: uri.into(),
-                    mode: mode.into(),
-                },
-            )?;
-            if let Some(fd) = result.fd {
-                Ok(unsafe {
-                    use std::os::fd::FromRawFd;
-                    std::fs::File::from_raw_fd(fd)
-                })
-            } else {
-                unimplemented!()
-            }
+        let result = self.0.run_mobile_plugin::<GetFileDescriptorResponse>(
+            "getFileDescriptor",
+            GetFileDescriptorPayload {
+                uri: uri.into(),
+                mode: mode.into(),
+            },
+        )?;
+        if let Some(fd) = result.fd {
+            Ok(unsafe {
+                use std::os::fd::FromRawFd;
+                std::fs::File::from_raw_fd(fd)
+            })
+        } else {
+            unimplemented!()
        }
    }
 }
@@ -16,6 +16,7 @@ use std::{
    borrow::Cow,
    fs::File,
    io::{BufRead, BufReader, Read, Write},
+    ops::{Deref, DerefMut},
    path::{Path, PathBuf},
    str::FromStr,
    sync::Mutex,
@@ -70,6 +71,209 @@ impl Serialize for CommandError {

 pub type CommandResult<T> = std::result::Result<T, CommandError>;

+/// Represents either a plain PathBuf or a PathHandle that manages security-scoped resources.
+pub enum PathKind<R: Runtime> {
+    /// A plain path that doesn't manage security-scoped resources.
+    #[allow(dead_code)] // only used on mobile
+    Path(PathBuf),
+    /// A path handle that manages security-scoped resources and will clean them up on drop.
+    Handle(PathHandle<R>),
+}
+
+impl<R: Runtime> PathKind<R> {
+    /// Get a reference to the underlying path.
+    pub fn as_path(&self) -> &Path {
+        match self {
+            PathKind::Path(p) => p.as_ref(),
+            PathKind::Handle(h) => h.as_ref(),
+        }
+    }
+
+    /// Get a reference to the underlying PathBuf.
+    pub fn as_path_buf(&self) -> &PathBuf {
+        match self {
+            PathKind::Path(p) => p,
+            PathKind::Handle(h) => h,
+        }
+    }
+}
+
+impl<R: Runtime> AsRef<Path> for PathKind<R> {
+    fn as_ref(&self) -> &Path {
+        self.as_path()
+    }
+}
+
+impl<R: Runtime> AsRef<PathBuf> for PathKind<R> {
+    fn as_ref(&self) -> &PathBuf {
+        self.as_path_buf()
+    }
+}
+
+/// A file handle that automatically stops accessing security-scoped resources on iOS when dropped.
+pub struct FileHandle<R: Runtime> {
+    file: File,
+    path: PathKind<R>,
+    #[allow(dead_code)] // Used in Drop implementation
+    path_: SafeFilePath,
+    #[allow(dead_code)] // Used in Drop implementation
+    app_handle: tauri::AppHandle<R>,
+}
+
+impl<R: Runtime> FileHandle<R> {
+    fn new(
+        file: File,
+        path: PathKind<R>,
+        path_: SafeFilePath,
+        app_handle: tauri::AppHandle<R>,
+    ) -> Self {
+        Self {
+            file,
+            path,
+            path_,
+            app_handle,
+        }
+    }
+
+    /// Get the resolved path.
+    pub fn path(&self) -> &Path {
+        self.path.as_path()
+    }
+}
+
+impl<R: Runtime> Deref for FileHandle<R> {
+    type Target = File;
+
+    fn deref(&self) -> &Self::Target {
+        &self.file
+    }
+}
+
+impl<R: Runtime> DerefMut for FileHandle<R> {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.file
+    }
+}
+
+impl<R: Runtime> Drop for FileHandle<R> {
+    fn drop(&mut self) {
+        #[cfg(target_os = "ios")]
+        {
+            // Only clean up if we have a plain PathBuf, not a PathHandle
+            // PathHandle will handle its own cleanup when it's dropped
+            if let PathKind::Path(_) = &self.path {
+                use crate::{FilePath, FsExt};
+                // Convert SafeFilePath to FilePath
+                let file_path: FilePath = match &self.path_ {
+                    SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+                    SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+                };
+
+                // Only clean up if we're tracking this resource
+                // If start_accessing_security_scoped_resource was used, it won't be in our tracking
+                // and we shouldn't interfere
+                if let FilePath::Url(url) = file_path {
+                    if url.scheme() == "file" {
+                        let security_scoped_resources =
+                            self.app_handle.state::<crate::SecurityScopedResources>();
+
+                        // Only clean up if it's not tracked manually
+                        if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                            log::debug!("Stopping accessing security-scoped resource for URL: {url} on drop");
+                            let _ = self
+                                .app_handle
+                                .fs()
+                                .stop_accessing_security_scoped_resource(FilePath::Url(
+                                    url.clone(),
+                                ));
+                            security_scoped_resources.remove(url.as_str());
+                        } else {
+                            log::debug!("Not cleaning up security-scoped resource for URL: {url} on drop (manually tracked via start_accessing_security_scoped_resource)");
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+/// A path handle that automatically stops accessing security-scoped resources on iOS when dropped.
+pub struct PathHandle<R: Runtime> {
+    path: PathBuf,
+    #[allow(dead_code)] // Used in Drop implementation
+    path_: SafeFilePath,
+    #[allow(dead_code)] // Used in Drop implementation
+    app_handle: tauri::AppHandle<R>,
+}
+
+impl<R: Runtime> PathHandle<R> {
+    fn new(path: PathBuf, path_: SafeFilePath, app_handle: tauri::AppHandle<R>) -> Self {
+        Self {
+            path,
+            path_,
+            app_handle,
+        }
+    }
+}
+
+impl<R: Runtime> Deref for PathHandle<R> {
+    type Target = PathBuf;
+
+    fn deref(&self) -> &Self::Target {
+        &self.path
+    }
+}
+
+impl<R: Runtime> AsRef<Path> for PathHandle<R> {
+    fn as_ref(&self) -> &Path {
+        self.path.as_ref()
+    }
+}
+
+impl<R: Runtime> AsRef<PathBuf> for PathHandle<R> {
+    fn as_ref(&self) -> &PathBuf {
+        &self.path
+    }
+}
+
+impl<R: Runtime> Drop for PathHandle<R> {
+    fn drop(&mut self) {
+        #[cfg(target_os = "ios")]
+        {
+            use crate::{FilePath, FsExt};
+            // Convert SafeFilePath to FilePath
+            let file_path: FilePath = match &self.path_ {
+                SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+                SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+            };
+
+            // Only clean up if we're tracking this resource (i.e., resolve_path started it)
+            // If start_accessing_security_scoped_resource was used, it won't be in our tracking
+            // and we shouldn't interfere
+            if let FilePath::Url(url) = file_path {
+                if url.scheme() == "file" {
+                    let security_scoped_resources =
+                        self.app_handle.state::<crate::SecurityScopedResources>();
+
+                    // Only clean up if it's not tracked manually
+                    if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                        log::debug!(
+                            "Stopping accessing security-scoped resource for URL: {url} on drop"
+                        );
+                        let _ = self
+                            .app_handle
+                            .fs()
+                            .stop_accessing_security_scoped_resource(FilePath::Url(url.clone()));
+                        security_scoped_resources.remove(url.as_str());
+                    } else {
+                        log::debug!("Not cleaning up security-scoped resource for URL: {url} on drop (manually tracked via start_accessing_security_scoped_resource)");
+                    }
+                }
+            }
+        }
+    }
+}
+
 #[derive(Debug, Default, Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct BaseOptions {
@@ -84,7 +288,8 @@ pub fn create<R: Runtime>(
    path: SafeFilePath,
    options: Option<BaseOptions>,
 ) -> CommandResult<ResourceId> {
-    let resolved_path = resolve_path(
+    let path_ = path.clone();
+    let resolved_path_handle = resolve_path(
        "create",
        &webview,
        &global_scope,
@@ -92,13 +297,22 @@ pub fn create<R: Runtime>(
        path,
        options.and_then(|o| o.base_dir),
    )?;
-    let file = File::create(&resolved_path).map_err(|e| {
+    let file = File::create(&*resolved_path_handle).map_err(|e| {
        format!(
            "failed to create file at path: {} with error: {e}",
-            resolved_path.display()
+            resolved_path_handle.display()
        )
    })?;
-    let rid = webview.resources_table().add(StdFileResource::new(file));
+    let app_handle = webview.app_handle().clone();
+    let file_handle = FileHandle::new(
+        file,
+        PathKind::Handle(resolved_path_handle),
+        path_,
+        app_handle,
+    );
+    let rid = webview
+        .resources_table()
+        .add(StdFileResource::new(file_handle));
    Ok(rid)
 }

@@ -119,7 +333,7 @@ pub fn open<R: Runtime>(
    path: SafeFilePath,
    options: Option<OpenOptions>,
 ) -> CommandResult<ResourceId> {
-    let (file, _path) = resolve_file(
+    let file_handle = resolve_file(
        "open",
        &webview,
        &global_scope,
@@ -147,7 +361,9 @@ pub fn open<R: Runtime>(
        },
    )?;

-    let rid = webview.resources_table().add(StdFileResource::new(file));
+    let rid = webview
+        .resources_table()
+        .add(StdFileResource::new(file_handle));

    Ok(rid)
 }
@@ -308,8 +524,8 @@ pub async fn read<R: Runtime>(
    len: usize,
 ) -> CommandResult<tauri::ipc::Response> {
    let mut data = vec![0; len];
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    let nread = StdFileResource::with_lock(&file, |mut file| file.read(&mut data))
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    let nread = StdFileResource::with_lock(&file, |file| file.read(&mut data))
        .map_err(|e| format!("faied to read bytes from file with error: {e}"))?;

    // This is an optimization to include the number of read bytes (as bigendian bytes)
@@ -345,7 +561,7 @@ async fn read_file_inner<R: Runtime>(
    path: SafeFilePath,
    options: Option<BaseOptions>,
 ) -> CommandResult<tauri::ipc::Response> {
-    let (mut file, path) = resolve_file(
+    let mut file_handle = resolve_file(
        permission,
        &webview,
        &global_scope,
@@ -364,10 +580,10 @@ async fn read_file_inner<R: Runtime>(

    let mut contents = Vec::new();

-    file.read_to_end(&mut contents).map_err(|e| {
+    file_handle.read_to_end(&mut contents).map_err(|e| {
        format!(
            "failed to read file as text at path: {} with error: {e}",
-            path.display()
+            file_handle.path().display()
        )
    })?;

@@ -393,6 +609,14 @@ pub async fn read_file<R: Runtime>(
    .await
 }

+#[derive(Debug, Default, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ReadTextFileOptions {
+    #[serde(flatten)]
+    base: BaseOptions,
+    encoding: Option<String>,
+}
+
 // TODO, remove in v3, rely on `read_file` command instead
 #[tauri::command]
 pub async fn read_text_file<R: Runtime>(
@@ -419,7 +643,7 @@ pub fn read_text_file_lines<R: Runtime>(
    global_scope: GlobalScope<Entry>,
    command_scope: CommandScope<Entry>,
    path: SafeFilePath,
-    options: Option<BaseOptions>,
+    options: Option<ReadTextFileOptions>,
 ) -> CommandResult<ResourceId> {
    let resolved_path = resolve_path(
        "read-text-file-lines",
@@ -427,7 +651,7 @@ pub fn read_text_file_lines<R: Runtime>(
        &global_scope,
        &command_scope,
        path,
-        options.as_ref().and_then(|o| o.base_dir),
+        options.as_ref().and_then(|o| o.base.base_dir),
    )?;

    let file = File::open(&resolved_path).map_err(|e| {
@@ -437,12 +661,43 @@ pub fn read_text_file_lines<R: Runtime>(
        )
    })?;

+    let encoding = options.as_ref().and_then(|o| o.encoding.as_deref());
+    let (lf_bytes, cr_bytes) = lf_cr_bytes_for_encoding_label(encoding);
    let lines = BufReader::new(file);
-    let rid = webview.resources_table().add(StdLinesResource::new(lines));
+    let rid = webview
+        .resources_table()
+        .add(StdLinesResource::new(lines, lf_bytes, cr_bytes));

    Ok(rid)
 }

+/// Returns the byte sequences for LF (`\n`) and CR (`\r`) in the encoding label.
+///
+/// The provided encoding label must be a normalized, lowercase string,
+/// such as one obtained via `(new TextDecoder(encoding)).encoding`.
+///
+/// <https://developer.mozilla.org/ja/docs/Web/API/Encoding_API/Encodings>
+fn lf_cr_bytes_for_encoding_label(label: Option<&str>) -> (Vec<u8>, Vec<u8>) {
+    // Defaults to utf-8
+    // https://developer.mozilla.org/ja/docs/Web/API/TextDecoder/TextDecoder#label
+    let label = label.unwrap_or("utf-8");
+
+    // Currently, according to the Web Standard,
+    // the ASCII-incompatible encodings are UTF-16LE/BE and ISO-2022-JP.
+    // However, ISO-2022-JP can still detect line breaks in the same way as ASCII.
+    //
+    // https://encoding.spec.whatwg.org/#security-background
+    if label == "utf-16le" {
+        return (vec![0x0A, 0x00], vec![0x0D, 0x00]);
+    }
+    if label == "utf-16be" {
+        return (vec![0x00, 0x0A], vec![0x00, 0x0D]);
+    }
+
+    // ASCII-compatible
+    (vec![b'\n'], vec![b'\r'])
+}
+
 #[tauri::command]
 pub async fn read_text_file_lines_next<R: Runtime>(
    webview: Webview<R>,
@@ -599,8 +854,8 @@ pub async fn seek<R: Runtime>(
    whence: SeekMode,
 ) -> CommandResult<u64> {
    use std::io::{Seek, SeekFrom};
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    StdFileResource::with_lock(&file, |mut file| {
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    StdFileResource::with_lock(&file, |file| {
        file.seek(match whence {
            SeekMode::Start => SeekFrom::Start(offset as u64),
            SeekMode::Current => SeekFrom::Current(offset),
@@ -623,7 +878,7 @@ fn get_metadata<R: Runtime, F: FnOnce(&PathBuf) -> std::io::Result<std::fs::Meta
 ) -> CommandResult<std::fs::Metadata> {
    match path {
        SafeFilePath::Url(url) => {
-            let (file, path) = resolve_file(
+            let file_handle = resolve_file(
                permission,
                webview,
                global_scope,
@@ -637,10 +892,10 @@ fn get_metadata<R: Runtime, F: FnOnce(&PathBuf) -> std::io::Result<std::fs::Meta
                    },
                },
            )?;
-            file.metadata().map_err(|e| {
+            file_handle.metadata().map_err(|e| {
                format!(
                    "failed to get metadata of path: {} with error: {e}",
-                    path.display()
+                    file_handle.path().display()
                )
                .into()
            })
@@ -747,7 +1002,7 @@ pub fn lstat<R: Runtime>(

 #[tauri::command]
 pub fn fstat<R: Runtime>(webview: Webview<R>, rid: ResourceId) -> CommandResult<FileInfo> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
    let metadata = StdFileResource::with_lock(&file, |file| file.metadata())
        .map_err(|e| format!("failed to get metadata of file with error: {e}"))?;
    Ok(get_stat(metadata))
@@ -795,7 +1050,7 @@ pub async fn ftruncate<R: Runtime>(
    rid: ResourceId,
    len: Option<u64>,
 ) -> CommandResult<()> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
    StdFileResource::with_lock(&file, |file| file.set_len(len.unwrap_or(0)))
        .map_err(|e| format!("failed to truncate file with error: {e}"))
        .map_err(Into::into)
@@ -807,8 +1062,8 @@ pub async fn write<R: Runtime>(
    rid: ResourceId,
    data: Vec<u8>,
 ) -> CommandResult<usize> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    StdFileResource::with_lock(&file, |mut file| file.write(&data))
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    StdFileResource::with_lock(&file, |file| file.write(&data))
        .map_err(|e| format!("failed to write bytes to file with error: {e}"))
        .map_err(Into::into)
 }
@@ -856,7 +1111,7 @@ async fn write_file_inner<R: Runtime>(
        .and_then(|p| p.to_str().ok())
        .and_then(|opts| serde_json::from_str(opts).ok());

-    let (mut file, path) = resolve_file(
+    let mut file_handle = resolve_file(
        permission,
        &webview,
        &global_scope,
@@ -903,11 +1158,12 @@ async fn write_file_inner<R: Runtime>(
        _ => return Err(anyhow::anyhow!("unexpected invoke body").into()),
    };

-    file.write_all(&data)
+    file_handle
+        .write_all(&data)
        .map_err(|e| {
            format!(
                "failed to write bytes to file at path: {} with error: {e}",
-                path.display()
+                file_handle.path().display()
            )
        })
        .map_err(Into::into)
@@ -993,6 +1249,130 @@ pub async fn size<R: Runtime>(
    }
 }

+#[tauri::command]
+pub fn start_accessing_security_scoped_resource<R: Runtime>(
+    webview: Webview<R>,
+    path: SafeFilePath,
+) -> CommandResult<()> {
+    #[cfg(target_os = "ios")]
+    {
+        use crate::FilePath;
+        // Convert SafeFilePath to FilePath
+        let file_path: FilePath = match &path {
+            SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+            SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+        };
+
+        // Only handle file URLs
+        if let FilePath::Url(url) = &file_path {
+            if url.scheme() == "file" {
+                use objc2_foundation::{NSString, NSURL};
+
+                let url_nsstring = NSString::from_str(url.as_str());
+                let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                if let Some(ns_url) = ns_url {
+                    // Check if already active
+                    let security_scoped_resources =
+                        webview.state::<crate::SecurityScopedResources>();
+                    if security_scoped_resources.is_tracked_manually(url.as_str()) {
+                        log::debug!(
+                            "Security-scoped resource already active for URL: {}",
+                            url.as_str()
+                        );
+                        return Ok(());
+                    }
+
+                    // Start accessing the security-scoped resource
+                    unsafe {
+                        let success = ns_url.startAccessingSecurityScopedResource();
+                        if success {
+                            log::debug!(
+                                "Started accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            );
+                            security_scoped_resources.track_manually(url.as_str().to_string());
+                        } else {
+                            log::warn!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            );
+                            return Err(CommandError::from(format!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            )));
+                        }
+                    }
+                } else {
+                    return Err(CommandError::from(format!(
+                        "Failed to create NSURL from URL: {}",
+                        url.as_str()
+                    )));
+                }
+            }
+        }
+        Ok(())
+    }
+    #[cfg(not(target_os = "ios"))]
+    {
+        // No-op on non-iOS platforms
+        let _ = webview;
+        let _ = path;
+        Ok(())
+    }
+}
+
+#[tauri::command]
+pub fn stop_accessing_security_scoped_resource<R: Runtime>(
+    webview: Webview<R>,
+    path: SafeFilePath,
+) -> CommandResult<()> {
+    #[cfg(target_os = "ios")]
+    {
+        use crate::{FilePath, FsExt};
+        // Convert SafeFilePath to FilePath
+        let file_path: FilePath = match &path {
+            SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+            SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+        };
+
+        // Only handle file URLs
+        if let FilePath::Url(url) = file_path {
+            if url.scheme() == "file" {
+                let security_scoped_resources = webview.state::<crate::SecurityScopedResources>();
+
+                // Check if it's tracked
+                if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                    log::debug!(
+                        "Security-scoped resource not tracked as active for URL: {}",
+                        url.as_str()
+                    );
+                    return Ok(());
+                }
+
+                // Stop accessing the security-scoped resource
+                webview
+                    .fs()
+                    .stop_accessing_security_scoped_resource(FilePath::Url(url.clone()))?;
+
+                // Remove from tracking
+                security_scoped_resources.remove(url.as_str());
+                log::debug!(
+                    "Stopped accessing security-scoped resource for URL: {}",
+                    url.as_str()
+                );
+            }
+        }
+        Ok(())
+    }
+    #[cfg(not(target_os = "ios"))]
+    {
+        // No-op on non-iOS platforms
+        let _ = webview;
+        let _ = path;
+        Ok(())
+    }
+}
+
 fn get_dir_size(path: &PathBuf) -> CommandResult<u64> {
    let mut size = 0;

@@ -1010,7 +1390,7 @@ fn get_dir_size(path: &PathBuf) -> CommandResult<u64> {
    Ok(size)
 }

-#[cfg(not(target_os = "android"))]
+#[cfg(desktop)]
 pub fn resolve_file<R: Runtime>(
    permission: &str,
    webview: &Webview<R>,
@@ -1018,7 +1398,7 @@ pub fn resolve_file<R: Runtime>(
    command_scope: &CommandScope<Entry>,
    path: SafeFilePath,
    open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
+) -> CommandResult<FileHandle<R>> {
    resolve_file_in_fs(
        permission,
        webview,
@@ -1036,8 +1416,9 @@ fn resolve_file_in_fs<R: Runtime>(
    command_scope: &CommandScope<Entry>,
    path: SafeFilePath,
    open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
-    let path = resolve_path(
+) -> CommandResult<FileHandle<R>> {
+    let path_ = path.clone();
+    let resolved_path_handle = resolve_path(
        permission,
        webview,
        global_scope,
@@ -1047,17 +1428,24 @@ fn resolve_file_in_fs<R: Runtime>(
    )?;

    let file = std::fs::OpenOptions::from(open_options.options)
-        .open(&path)
+        .open(&*resolved_path_handle)
        .map_err(|e| {
            format!(
                "failed to open file at path: {} with error: {e}",
-                path.display()
+                resolved_path_handle.display()
            )
        })?;
-    Ok((file, path))
+
+    let app_handle = webview.app_handle().clone();
+    Ok(FileHandle::new(
+        file,
+        PathKind::Handle(resolved_path_handle),
+        path_,
+        app_handle,
+    ))
 }

-#[cfg(target_os = "android")]
+#[cfg(mobile)]
 pub fn resolve_file<R: Runtime>(
    permission: &str,
    webview: &Webview<R>,
@@ -1065,16 +1453,23 @@ pub fn resolve_file<R: Runtime>(
    command_scope: &CommandScope<Entry>,
    path: SafeFilePath,
    open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
+) -> CommandResult<FileHandle<R>> {
    use crate::FsExt;

+    let path_ = path.clone();
    match path {
        SafeFilePath::Url(url) => {
-            let path = url.as_str().into();
+            let resolved_path = url.as_str().into();
            let file = webview
                .fs()
-                .open(SafeFilePath::Url(url), open_options.options)?;
-            Ok((file, path))
+                .open(SafeFilePath::Url(url.clone()), open_options.options)?;
+            let app_handle = webview.app_handle().clone();
+            Ok(FileHandle::new(
+                file,
+                PathKind::Path(resolved_path),
+                path_,
+                app_handle,
+            ))
        }
        SafeFilePath::Path(path) => resolve_file_in_fs(
            permission,
@@ -1094,9 +1489,47 @@ pub fn resolve_path<R: Runtime>(
    command_scope: &CommandScope<Entry>,
    path: SafeFilePath,
    base_dir: Option<BaseDirectory>,
-) -> CommandResult<PathBuf> {
+) -> CommandResult<PathHandle<R>> {
+    let path_ = path.clone();
+    // On iOS, start accessing security-scoped resource if the path is a file URL
+    // Only if it hasn't been started already via start_accessing_security_scoped_resource
+    #[cfg(target_os = "ios")]
+    {
+        if let SafeFilePath::Url(url) = &path {
+            if url.scheme() == "file" {
+                use objc2_foundation::{NSString, NSURL};
+
+                let security_scoped_resources = webview.state::<crate::SecurityScopedResources>();
+
+                // Check if already active (started via start_accessing_security_scoped_resource)
+                if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                    let url_nsstring = NSString::from_str(url.as_str());
+                    let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                    if let Some(ns_url) = ns_url {
+                        // Start accessing the security-scoped resource
+                        // This is required for files outside the app's sandbox (e.g., from file picker)
+                        unsafe {
+                            let success = ns_url.startAccessingSecurityScopedResource();
+                            if success {
+                                log::debug!("Started accessing security-scoped resource for URL: {} (via resolve_path)", url.as_str());
+                                // Track it so we know to clean it up
+                                security_scoped_resources.track_manually(url.as_str().to_string());
+                            } else {
+                                log::warn!("Failed to start accessing security-scoped resource for URL: {}", url.as_str());
+                            }
+                        }
+                    } else {
+                        log::debug!("Failed to create NSURL from URL: {}, ignoring security-scoped resource access request", url.as_str());
+                    }
+                } else {
+                    log::debug!("Security-scoped resource already active for URL: {} (started via start_accessing_security_scoped_resource), skipping", url.as_str());
+                }
+            }
+        }
+    }
+
    let path = path.into_path()?;
-    let path = if let Some(base_dir) = base_dir {
+    let resolved_path = if let Some(base_dir) = base_dir {
        webview.path().resolve(&path, base_dir)?
    } else {
        path
@@ -1125,23 +1558,24 @@ pub fn resolve_path<R: Runtime>(

    let require_literal_leading_dot = fs_scope.require_literal_leading_dot.unwrap_or(cfg!(unix));

-    if is_forbidden(&fs_scope.scope, &path, require_literal_leading_dot)
-        || is_forbidden(&scope, &path, require_literal_leading_dot)
+    if is_forbidden(&fs_scope.scope, &resolved_path, require_literal_leading_dot)
+        || is_forbidden(&scope, &resolved_path, require_literal_leading_dot)
    {
-        return Err(CommandError::Plugin(Error::PathForbidden(path)));
+        return Err(CommandError::Plugin(Error::PathForbidden(resolved_path)));
    }

-    if fs_scope.scope.is_allowed(&path) || scope.is_allowed(&path) {
-        Ok(path)
+    if fs_scope.scope.is_allowed(&resolved_path) || scope.is_allowed(&resolved_path) {
+        let app_handle = webview.app_handle().clone();
+        Ok(PathHandle::new(resolved_path, path_, app_handle))
    } else {
        #[cfg(not(debug_assertions))]
-        return Err(CommandError::Plugin(Error::PathForbidden(path)));
+        return Err(CommandError::Plugin(Error::PathForbidden(resolved_path)));

        #[cfg(debug_assertions)]
        Err(
            anyhow::anyhow!(
                "forbidden path: {}, maybe it is not allowed on the scope for `allow-{permission}` permission in your capability file",
-                path.display()
+                resolved_path.display()
            )
        )
        .map_err(Into::into)
@@ -1187,38 +1621,55 @@ fn is_forbidden<P: AsRef<Path>>(
    }
 }

-struct StdFileResource(Mutex<File>);
+struct StdFileResource<R: Runtime>(Mutex<FileHandle<R>>);

-impl StdFileResource {
-    fn new(file: File) -> Self {
-        Self(Mutex::new(file))
+impl<R: Runtime> StdFileResource<R> {
+    fn new(file_handle: FileHandle<R>) -> Self {
+        Self(Mutex::new(file_handle))
    }

-    fn with_lock<R, F: FnMut(&File) -> R>(&self, mut f: F) -> R {
-        let file = self.0.lock().unwrap();
-        f(&file)
+    fn with_lock<Ret, F: FnMut(&mut File) -> Ret>(&self, mut f: F) -> Ret {
+        let mut file_handle = self.0.lock().unwrap();
+        f(&mut file_handle)
    }
 }

-impl Resource for StdFileResource {}
+impl<R: Runtime> Resource for StdFileResource<R> {}

 /// Same as [std::io::Lines] but with bytes
-struct LinesBytes<T: BufRead>(T);
+struct LinesBytes<T: BufRead> {
+    bytes: T,
+    lf_bytes: Vec<u8>,
+    cr_bytes: Vec<u8>,
+}
+
+impl<T: BufRead> LinesBytes<T> {
+    fn new(bytes: T, lf_bytes: Vec<u8>, cr_bytes: Vec<u8>) -> Self {
+        LinesBytes {
+            bytes,
+            lf_bytes,
+            cr_bytes,
+        }
+    }
+}

 impl<B: BufRead> Iterator for LinesBytes<B> {
    type Item = std::io::Result<Vec<u8>>;

    fn next(&mut self) -> Option<std::io::Result<Vec<u8>>> {
        let mut buf = Vec::new();
-        match self.0.read_until(b'\n', &mut buf) {
+        // Search for '\n'
+        match read_until_bytes(&mut self.bytes, &self.lf_bytes, &mut buf) {
            Ok(0) => None,
            Ok(_n) => {
-                if buf.last() == Some(&b'\n') {
-                    buf.pop();
-                    if buf.last() == Some(&b'\r') {
-                        buf.pop();
+                // Remove '\n' or '\r\n'
+                if buf.ends_with(&self.lf_bytes) {
+                    buf.truncate(buf.len() - self.lf_bytes.len());
+                    if buf.ends_with(&self.cr_bytes) {
+                        buf.truncate(buf.len() - self.cr_bytes.len());
                    }
                }
+
                Some(Ok(buf))
            }
            Err(e) => Some(Err(e)),
@@ -1226,11 +1677,35 @@ impl<B: BufRead> Iterator for LinesBytes<B> {
    }
 }

+fn read_until_bytes(
+    r: &mut impl BufRead,
+    bytes: &[u8],
+    buf: &mut Vec<u8>,
+) -> std::io::Result<usize> {
+    let last_byte = *bytes
+        .last()
+        .ok_or_else(|| std::io::Error::other("invalid empty bytes"))?;
+
+    if bytes.len() == 1 {
+        return r.read_until(last_byte, buf);
+    }
+
+    let mut total_n = 0;
+    loop {
+        let n = r.read_until(last_byte, buf)?;
+        total_n += n;
+
+        if n == 0 || buf.ends_with(bytes) {
+            return Ok(total_n);
+        }
+    }
+}
+
 struct StdLinesResource(Mutex<LinesBytes<BufReader<File>>>);

 impl StdLinesResource {
-    fn new(lines: BufReader<File>) -> Self {
-        Self(Mutex::new(LinesBytes(lines)))
+    fn new(lines: BufReader<File>, lf_bytes: Vec<u8>, cr_bytes: Vec<u8>) -> Self {
+        Self(Mutex::new(LinesBytes::new(lines, lf_bytes, cr_bytes)))
    }

    fn with_lock<R, F: FnMut(&mut LinesBytes<BufReader<File>>) -> R>(&self, mut f: F) -> R {
@@ -1354,21 +1829,60 @@ mod test {

    #[test]
    fn test_lines_bytes() {
-        let base = String::from("line 1\nline2\nline 3\nline 4");
-        let bytes = base.as_bytes();
+        // UTF-8
+        {
+            let base = String::from("line 1\nline2\nline 3\r\nline 4");
+            let bytes = base.as_bytes();

-        let string1 = base.lines().collect::<String>();
-        let string2 = BufReader::new(bytes)
-            .lines()
-            .map_while(Result::ok)
-            .collect::<String>();
-        let string3 = LinesBytes(BufReader::new(bytes))
-            .flatten()
-            .flat_map(String::from_utf8)
-            .collect::<String>();
+            let string1 = base.lines().collect::<String>();
+            let string2 = BufReader::new(bytes)
+                .lines()
+                .map_while(Result::ok)
+                .collect::<String>();
+            let string3 = LinesBytes::new(BufReader::new(bytes), vec![b'\n'], vec![b'\r'])
+                .flatten()
+                .flat_map(String::from_utf8)
+                .collect::<String>();

-        assert_eq!(string1, string2);
-        assert_eq!(string1, string3);
-        assert_eq!(string2, string3);
+            assert_eq!(string1, string2);
+            assert_eq!(string1, string3);
+            assert_eq!(string2, string3);
+        }
+
+        // UTF-16 LE
+        {
+            fn utf16(text: &str) -> Vec<u8> {
+                text.encode_utf16().flat_map(|u| u.to_le_bytes()).collect()
+            }
+
+            let base = String::from("line 1\nline2\nline 3\r\nline 4\n");
+            let bytes = utf16(&base);
+
+            let mut lines = LinesBytes::new(BufReader::new(&bytes[..]), utf16("\n"), utf16("\r"));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 1")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line2")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 3")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 4")));
+            assert!(lines.next().is_none());
+        }
+
+        // UTF-16 BE
+        {
+            fn utf16(text: &str) -> Vec<u8> {
+                text.encode_utf16().flat_map(|u| u.to_be_bytes()).collect()
+            }
+
+            // ਗ (U+0A17) encodes to 0x0A 0x17,
+            // which contains 0x0A but is not a line feed (U+000A = 0x00 0x0A).
+            let base = String::from("line 1\nline2ਗ\nline 3\r\nline 4");
+            let bytes = utf16(&base);
+
+            let mut lines = LinesBytes::new(BufReader::new(&bytes[..]), utf16("\n"), utf16("\r"));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 1")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line2ਗ")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 3")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 4")));
+            assert!(lines.next().is_none());
+        }
    }
 }
@@ -24,6 +24,12 @@ fn path_or_err<P: Into<FilePath>>(p: P) -> std::io::Result<PathBuf> {
 }

 impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call `stop_accessing_security_scoped_resource` when you're done accessing the file.
    pub fn open<P: Into<FilePath>>(
        &self,
        path: P,
@@ -0,0 +1,137 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+use serde::de::DeserializeOwned;
+use tauri::{plugin::PluginApi, AppHandle, Runtime};
+
+use crate::{FilePath, OpenOptions};
+
+pub struct Fs<R: Runtime> {
+    _phantom: std::marker::PhantomData<fn() -> R>,
+}
+
+pub fn init<R: Runtime, C: DeserializeOwned>(
+    _app: &AppHandle<R>,
+    _api: PluginApi<R, C>,
+) -> crate::Result<Fs<R>> {
+    Ok(Fs {
+        _phantom: std::marker::PhantomData,
+    })
+}
+
+impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call [`Self::stop_accessing_security_scoped_resource`] when you're done accessing the file.
+    pub fn open<P: Into<FilePath>>(
+        &self,
+        path: P,
+        opts: OpenOptions,
+    ) -> std::io::Result<std::fs::File> {
+        use objc2_foundation::{NSString, NSURL};
+
+        match path.into() {
+            FilePath::Url(url) if url.scheme() == "file" => {
+                // Handle security-scoped URLs on iOS
+                let url_string = url.as_str();
+                let url_nsstring = NSString::from_str(url_string);
+
+                // Create NSURL from the URL string
+                // URLWithString may return None for invalid URLs, but file:// URLs should be valid
+                let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                if let Some(ns_url) = ns_url {
+                    // Start accessing the security-scoped resource
+                    // This is required for files outside the app's sandbox (e.g., from file picker)
+                    // Note: We don't call stopAccessingSecurityScopedResource here because
+                    // the file handle needs to remain accessible while the File is in use.
+                    // The access will be automatically stopped when the app is backgrounded or terminated.
+                    unsafe {
+                        let success = ns_url.startAccessingSecurityScopedResource();
+                        if success {
+                            log::debug!(
+                                "Started accessing security-scoped resource for URL: {}",
+                                url_string
+                            );
+                        } else {
+                            log::warn!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url_string
+                            );
+                        }
+                    }
+                } else {
+                    log::debug!("Failed to create NSURL from URL: {}, ignoring security-scoped resource access request", url_string);
+                }
+
+                // Convert URL to path and open the file
+                let path = url.to_file_path().map_err(|_| {
+                    std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid file URL")
+                })?;
+                std::fs::OpenOptions::from(opts).open(path)
+            }
+            FilePath::Url(_) => Err(std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "cannot use a non-file URL to load files on iOS",
+            )),
+            FilePath::Path(p) => {
+                // Regular path, no security-scoped resource handling needed
+                std::fs::OpenOptions::from(opts).open(p)
+            }
+        }
+    }
+
+    /// Stops accessing a security-scoped resource for the given file path or URL.
+    /// This should be called when you're done accessing a file that was opened
+    /// using a security-scoped URL (e.g., from a file picker).
+    ///
+    /// # Arguments
+    ///
+    /// * `path` - A file path or URL that was previously accessed via `startAccessingSecurityScopedResource`
+    ///
+    /// # Returns
+    ///
+    /// Returns `Ok(())` if successful, or an error if the path/URL is invalid or not a file URL.
+    pub fn stop_accessing_security_scoped_resource<P: Into<FilePath>>(
+        &self,
+        path: P,
+    ) -> crate::Result<()> {
+        use objc2_foundation::{NSString, NSURL};
+
+        let file_path = path.into();
+        let url_string = match file_path {
+            FilePath::Url(url) => {
+                if url.scheme() != "file" {
+                    return Err(crate::Error::InvalidPathUrl);
+                }
+                url.as_str().to_string()
+            }
+            FilePath::Path(p) => {
+                // Convert path to file URL
+                url::Url::from_file_path(&p)
+                    .map_err(|_| crate::Error::InvalidPathUrl)?
+                    .as_str()
+                    .to_string()
+            }
+        };
+
+        let url_nsstring = NSString::from_str(&url_string);
+        let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+        if let Some(ns_url) = ns_url {
+            // Stop accessing the security-scoped resource
+            unsafe {
+                ns_url.stopAccessingSecurityScopedResource();
+            }
+        } else {
+            return Err(crate::Error::Io(std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "failed to create NSURL from URL",
+            )));
+        }
+
+        Ok(())
+    }
+}
@@ -4,12 +4,17 @@

 //! Access the file system.

+// TODO(v3): consider redesign the API to implement automatic stopAccessingSecurityScopedResource on iOS
+// this likely requires returning a handle to a resource so we can impl Drop for it
+
 #![doc(
    html_logo_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png",
    html_favicon_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png"
 )]

 use std::io::Read;
+#[cfg(target_os = "ios")]
+use std::sync::Mutex;

 use serde::Deserialize;
 use tauri::{
@@ -19,24 +24,28 @@ use tauri::{
    AppHandle, DragDropEvent, Manager, RunEvent, Runtime, WindowEvent,
 };

+#[cfg(target_os = "android")]
+mod android;
 mod commands;
 mod config;
-#[cfg(not(target_os = "android"))]
+#[cfg(desktop)]
 mod desktop;
 mod error;
 mod file_path;
-#[cfg(target_os = "android")]
-mod mobile;
+#[cfg(target_os = "ios")]
+mod ios;
 #[cfg(target_os = "android")]
 mod models;
 mod scope;
 #[cfg(feature = "watch")]
 mod watcher;

-#[cfg(not(target_os = "android"))]
-pub use desktop::Fs;
 #[cfg(target_os = "android")]
-pub use mobile::Fs;
+pub use android::Fs;
+#[cfg(desktop)]
+pub use desktop::Fs;
+#[cfg(target_os = "ios")]
+pub use ios::Fs;

 pub use error::Error;

@@ -369,6 +378,56 @@ pub(crate) struct Scope {
    pub(crate) require_literal_leading_dot: Option<bool>,
 }

+/// Tracks which paths have active security-scoped resource access on iOS.
+#[cfg(target_os = "ios")]
+pub(crate) struct SecurityScopedResources {
+    /// Set of file URLs that are currently accessing security-scoped resources.
+    /// The key is the URL string representation.
+    pub(crate) active_urls: Mutex<std::collections::HashSet<String>>,
+}
+
+#[cfg(target_os = "ios")]
+impl SecurityScopedResources {
+    pub(crate) fn new() -> Self {
+        Self {
+            active_urls: Mutex::new(std::collections::HashSet::new()),
+        }
+    }
+
+    pub(crate) fn is_tracked_manually(&self, url: &str) -> bool {
+        self.active_urls.lock().unwrap().contains(url)
+    }
+
+    pub(crate) fn track_manually(&self, url: String) {
+        self.active_urls.lock().unwrap().insert(url);
+    }
+
+    pub(crate) fn remove(&self, url: &str) {
+        self.active_urls.lock().unwrap().remove(url);
+    }
+}
+
+#[cfg(not(target_os = "ios"))]
+pub(crate) struct SecurityScopedResources;
+
+#[cfg(not(target_os = "ios"))]
+impl SecurityScopedResources {
+    pub(crate) fn new() -> Self {
+        Self
+    }
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn is_tracked_manually(&self, _url: &str) -> bool {
+        false
+    }
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn track_manually(&self, _url: String) {}
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn remove(&self, _url: &str) {}
+}
+
 pub trait FsExt<R: Runtime> {
    fn fs_scope(&self) -> tauri::fs::Scope;
    fn try_fs_scope(&self) -> Option<tauri::fs::Scope>;
@@ -417,6 +476,8 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {
            commands::write_text_file,
            commands::exists,
            commands::size,
+            commands::start_accessing_security_scoped_resource,
+            commands::stop_accessing_security_scoped_resource,
            #[cfg(feature = "watch")]
            watcher::watch,
        ])
@@ -431,13 +492,19 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {

            #[cfg(target_os = "android")]
            {
-                let fs = mobile::init(app, api)?;
+                let fs = android::init(app, api)?;
                app.manage(fs);
            }
-            #[cfg(not(target_os = "android"))]
+            #[cfg(target_os = "ios")]
+            {
+                let fs = ios::init(app, api)?;
+                app.manage(fs);
+            }
+            #[cfg(desktop)]
            app.manage(Fs(app.clone()));

            app.manage(scope);
+            app.manage(SecurityScopedResources::new());
            Ok(())
        })
        .on_event(|app, event| {
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_GEOLOCATION__=function(t){"use strict";function n(t,n,i,e){if("function"==typeof n?t!==n||!e:!n.has(t))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===i?e:"a"===i?e.call(t):e?e.value:n.get(t)}function i(t,n,i,e,s){if("function"==typeof n||!n.has(t))throw new TypeError("Cannot write private member to an object whose class did not declare it");return n.set(t,i),i}var e,s,o,a;"function"==typeof SuppressedError&&SuppressedError;const r="__TAURI_TO_IPC_KEY__";class c{constructor(t){e.set(this,void 0),s.set(this,0),o.set(this,[]),a.set(this,void 0),i(this,e,t||(()=>{})),this.id=function(t,n=!1){return window.__TAURI_INTERNALS__.transformCallback(t,n)}((t=>{const r=t.index;if("end"in t)return void(r==n(this,s,"f")?this.cleanupCallback():i(this,a,r));const c=t.message;if(r==n(this,s,"f")){for(n(this,e,"f").call(this,c),i(this,s,n(this,s,"f")+1);n(this,s,"f")in n(this,o,"f");){const t=n(this,o,"f")[n(this,s,"f")];n(this,e,"f").call(this,t),delete n(this,o,"f")[n(this,s,"f")],i(this,s,n(this,s,"f")+1)}n(this,s,"f")===n(this,a,"f")&&this.cleanupCallback()}else n(this,o,"f")[r]=c}))}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(t){i(this,e,t)}get onmessage(){return n(this,e,"f")}[(e=new WeakMap,s=new WeakMap,o=new WeakMap,a=new WeakMap,r)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[r]()}}async function _(t,n={},i){return window.__TAURI_INTERNALS__.invoke(t,n,i)}return t.checkPermissions=async function(){return await async function(t){return _(`plugin:${t}|check_permissions`)}("geolocation")},t.clearWatch=async function(t){await _("plugin:geolocation|clear_watch",{channelId:t})},t.getCurrentPosition=async function(t){return await _("plugin:geolocation|get_current_position",{options:t})},t.requestPermissions=async function(t){return await _("plugin:geolocation|request_permissions",{permissions:t})},t.watchPosition=async function(t,n){const i=new c;return i.onmessage=t=>{"string"==typeof t?n(null,t):n(t)},await _("plugin:geolocation|watch_position",{options:t,channel:i}),i.id},t}({});Object.defineProperty(window.__TAURI__,"geolocation",{value:__TAURI_PLUGIN_GEOLOCATION__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_GEOLOCATION__=function(t){"use strict";function n(t,n,i,e){if("function"==typeof n?t!==n||!e:!n.has(t))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===i?e:"a"===i?e.call(t):e?e.value:n.get(t)}function i(t,n,i,e,s){if("function"==typeof n||!n.has(t))throw new TypeError("Cannot write private member to an object whose class did not declare it");return n.set(t,i),i}var e,s,o,a;"function"==typeof SuppressedError&&SuppressedError;const r="__TAURI_TO_IPC_KEY__";class c{constructor(t){e.set(this,void 0),s.set(this,0),o.set(this,[]),a.set(this,void 0),i(this,e,t||(()=>{})),this.id=function(t,n=!1){return window.__TAURI_INTERNALS__.transformCallback(t,n)}(t=>{const r=t.index;if("end"in t)return void(r==n(this,s,"f")?this.cleanupCallback():i(this,a,r));const c=t.message;if(r==n(this,s,"f")){for(n(this,e,"f").call(this,c),i(this,s,n(this,s,"f")+1);n(this,s,"f")in n(this,o,"f");){const t=n(this,o,"f")[n(this,s,"f")];n(this,e,"f").call(this,t),delete n(this,o,"f")[n(this,s,"f")],i(this,s,n(this,s,"f")+1)}n(this,s,"f")===n(this,a,"f")&&this.cleanupCallback()}else n(this,o,"f")[r]=c})}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(t){i(this,e,t)}get onmessage(){return n(this,e,"f")}[(e=new WeakMap,s=new WeakMap,o=new WeakMap,a=new WeakMap,r)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[r]()}}async function _(t,n={},i){return window.__TAURI_INTERNALS__.invoke(t,n,i)}return t.checkPermissions=async function(){return await async function(t){return _(`plugin:${t}|check_permissions`)}("geolocation")},t.clearWatch=async function(t){await _("plugin:geolocation|clear_watch",{channelId:t})},t.getCurrentPosition=async function(t){return await _("plugin:geolocation|get_current_position",{options:t})},t.requestPermissions=async function(t){return await _("plugin:geolocation|request_permissions",{permissions:t})},t.watchPosition=async function(t,n){const i=new c;return i.onmessage=t=>{"string"==typeof t?n(null,t):n(t)},await _("plugin:geolocation|watch_position",{options:t,channel:i}),i.id},t}({});Object.defineProperty(window.__TAURI__,"geolocation",{value:__TAURI_PLUGIN_GEOLOCATION__})}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_GLOBAL_SHORTCUT__=function(t){"use strict";function e(t,e,s,i){if("function"==typeof e?t!==e||!i:!e.has(t))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===s?i:"a"===s?i.call(t):i?i.value:e.get(t)}function s(t,e,s,i,r){if("function"==typeof e||!e.has(t))throw new TypeError("Cannot write private member to an object whose class did not declare it");return e.set(t,s),s}var i,r,n,a;"function"==typeof SuppressedError&&SuppressedError;const o="__TAURI_TO_IPC_KEY__";class c{constructor(t){i.set(this,void 0),r.set(this,0),n.set(this,[]),a.set(this,void 0),s(this,i,t||(()=>{})),this.id=function(t,e=!1){return window.__TAURI_INTERNALS__.transformCallback(t,e)}((t=>{const o=t.index;if("end"in t)return void(o==e(this,r,"f")?this.cleanupCallback():s(this,a,o));const c=t.message;if(o==e(this,r,"f")){for(e(this,i,"f").call(this,c),s(this,r,e(this,r,"f")+1);e(this,r,"f")in e(this,n,"f");){const t=e(this,n,"f")[e(this,r,"f")];e(this,i,"f").call(this,t),delete e(this,n,"f")[e(this,r,"f")],s(this,r,e(this,r,"f")+1)}e(this,r,"f")===e(this,a,"f")&&this.cleanupCallback()}else e(this,n,"f")[o]=c}))}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(t){s(this,i,t)}get onmessage(){return e(this,i,"f")}[(i=new WeakMap,r=new WeakMap,n=new WeakMap,a=new WeakMap,o)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[o]()}}async function u(t,e={},s){return window.__TAURI_INTERNALS__.invoke(t,e,s)}return t.isRegistered=async function(t){return await u("plugin:global-shortcut|is_registered",{shortcut:t})},t.register=async function(t,e){const s=new c;return s.onmessage=e,await u("plugin:global-shortcut|register",{shortcuts:Array.isArray(t)?t:[t],handler:s})},t.unregister=async function(t){return await u("plugin:global-shortcut|unregister",{shortcuts:Array.isArray(t)?t:[t]})},t.unregisterAll=async function(){return await u("plugin:global-shortcut|unregister_all",{})},t}({});Object.defineProperty(window.__TAURI__,"globalShortcut",{value:__TAURI_PLUGIN_GLOBAL_SHORTCUT__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_GLOBAL_SHORTCUT__=function(t){"use strict";function e(t,e,s,i){if("function"==typeof e?t!==e||!i:!e.has(t))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===s?i:"a"===s?i.call(t):i?i.value:e.get(t)}function s(t,e,s,i,r){if("function"==typeof e||!e.has(t))throw new TypeError("Cannot write private member to an object whose class did not declare it");return e.set(t,s),s}var i,r,n,a;"function"==typeof SuppressedError&&SuppressedError;const o="__TAURI_TO_IPC_KEY__";class c{constructor(t){i.set(this,void 0),r.set(this,0),n.set(this,[]),a.set(this,void 0),s(this,i,t||(()=>{})),this.id=function(t,e=!1){return window.__TAURI_INTERNALS__.transformCallback(t,e)}(t=>{const o=t.index;if("end"in t)return void(o==e(this,r,"f")?this.cleanupCallback():s(this,a,o));const c=t.message;if(o==e(this,r,"f")){for(e(this,i,"f").call(this,c),s(this,r,e(this,r,"f")+1);e(this,r,"f")in e(this,n,"f");){const t=e(this,n,"f")[e(this,r,"f")];e(this,i,"f").call(this,t),delete e(this,n,"f")[e(this,r,"f")],s(this,r,e(this,r,"f")+1)}e(this,r,"f")===e(this,a,"f")&&this.cleanupCallback()}else e(this,n,"f")[o]=c})}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(t){s(this,i,t)}get onmessage(){return e(this,i,"f")}[(i=new WeakMap,r=new WeakMap,n=new WeakMap,a=new WeakMap,o)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[o]()}}async function u(t,e={},s){return window.__TAURI_INTERNALS__.invoke(t,e,s)}return t.isRegistered=async function(t){return await u("plugin:global-shortcut|is_registered",{shortcut:t})},t.register=async function(t,e){const s=new c;return s.onmessage=e,await u("plugin:global-shortcut|register",{shortcuts:Array.isArray(t)?t:[t],handler:s})},t.unregister=async function(t){return await u("plugin:global-shortcut|unregister",{shortcuts:Array.isArray(t)?t:[t]})},t.unregisterAll=async function(){return await u("plugin:global-shortcut|unregister_all",{})},t}({});Object.defineProperty(window.__TAURI__,"globalShortcut",{value:__TAURI_PLUGIN_GLOBAL_SHORTCUT__})}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,21 @@
 # Changelog

+## \[2.5.8]
+
+- [`29712892`](https://github.com/tauri-apps/plugins-workspace/commit/29712892526cfc2d35c9002e0a56925084ae1b73) ([#3252](https://github.com/tauri-apps/plugins-workspace/pull/3252) by [@NVolcz](https://github.com/tauri-apps/plugins-workspace/../../NVolcz)) Correct Response header initialization to support cloning and ensure Set-Cookie visibility.
+
+### Dependencies
+
+- Upgraded to `fs-js@2.5.0`
+
+## \[2.5.7]
+
+- [`61e9b0ab`](https://github.com/tauri-apps/plugins-workspace/commit/61e9b0ab64c56cc5f7a5cb3b92b386671da6e0a2) ([#3228](https://github.com/tauri-apps/plugins-workspace/pull/3228)) Cleanup resource when the returned `ReadableStream.cancel` is called to avoid memory leaks
+
+## \[2.5.6]
+
+- [`b1dbee2c`](https://github.com/tauri-apps/plugins-workspace/commit/b1dbee2c55c1aa7b64732c4cc9f8cb20520b8666) ([#3210](https://github.com/tauri-apps/plugins-workspace/pull/3210) by [@FabianLars](https://github.com/tauri-apps/plugins-workspace/../../FabianLars)) Fixed an issue that caused the Origin header to always be `null` on macOS, iOS and Linux.
+
 ## \[2.5.5]

 - [`e8915f17`](https://github.com/tauri-apps/plugins-workspace/commit/e8915f17e418138f0776870353cd6ce7254b0473) ([#2562](https://github.com/tauri-apps/plugins-workspace/pull/2562) by [@amrbashir](https://github.com/tauri-apps/plugins-workspace/../../amrbashir)) Fix aborting a request in the middle of a streaming response.
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-http"
-version = "2.5.5"
+version = "2.5.8"
 description = "Access an HTTP client written in Rust."
 edition = { workspace = true }
 authors = { workspace = true }
@@ -30,14 +30,14 @@ serde_json = { workspace = true }
 tauri = { workspace = true }
 thiserror = { workspace = true }
 tokio = { version = "1", features = ["sync", "macros"] }
-tauri-plugin-fs = { path = "../fs", version = "2.4.5" }
+tauri-plugin-fs = { path = "../fs", version = "2.5.0" }
 urlpattern = "0.3"
 regex = "1"
 http = "1"
 reqwest = { version = "0.12", default-features = false }
 url = { workspace = true }
 data-url = "0.3"
-cookie_store = { version = "0.21.1", optional = true, features = ["serde"] }
+cookie_store = { version = "0.22", optional = true, features = ["serde"] }
 bytes = { version = "1.9", optional = true }
 tracing = { workspace = true, optional = true }

@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request cancelled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,s=n?.connectTimeout,i=n?.proxy,d=n?.danger;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy,delete n.danger);const c=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,u=new Request(e,n),l=await u.arrayBuffer(),_=0!==l.byteLength?Array.from(new Uint8Array(l)):null;for(const[e,t]of u.headers)c.get(e)||c.set(e,t);const h=(c instanceof Headers?Array.from(c.entries()):Array.isArray(c)?c:Object.entries(c)).map((([e,t])=>[e,"string"==typeof t?t:t.toString()]));if(a?.aborted)throw new Error(r);const f=await t("plugin:http|fetch",{clientConfig:{method:u.method,url:u.url,headers:h,data:_,maxRedirections:o,connectTimeout:s,proxy:i,danger:d}}),p=()=>t("plugin:http|fetch_cancel",{rid:f});if(a?.aborted)throw p(),new Error(r);a?.addEventListener("abort",(()=>{p()}));const{status:w,statusText:y,url:g,headers:b,rid:T}=await t("plugin:http|fetch_send",{rid:f}),R=()=>t("plugin:http|fetch_cancel_body",{rid:T}),m=[101,103,204,205,304].includes(w)?null:new ReadableStream({start:e=>{a?.addEventListener("abort",(()=>{e.error(r),R()}))},pull:e=>(async e=>{let r;try{r=await t("plugin:http|fetch_read_body",{rid:T})}catch(t){return e.error(t),void R()}const n=new Uint8Array(r),a=n[n.byteLength-1],o=n.slice(0,n.byteLength-1);1!==a?e.enqueue(o):e.close()})(e)}),A=new Response(m,{status:w,statusText:y});return Object.defineProperty(A,"url",{value:g}),Object.defineProperty(A,"headers",{value:new Headers(b)}),A},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request cancelled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,i=n?.connectTimeout,s=n?.proxy,d=n?.danger;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy,delete n.danger);const c=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,l=new Request(e,n),u=await l.arrayBuffer(),f=0!==u.byteLength?Array.from(new Uint8Array(u)):null;for(const[e,t]of l.headers)c.get(e)||c.set(e,t);const _=(c instanceof Headers?Array.from(c.entries()):Array.isArray(c)?c:Object.entries(c)).map(([e,t])=>[e,"string"==typeof t?t:t.toString()]);if(a?.aborted)throw new Error(r);const h=await t("plugin:http|fetch",{clientConfig:{method:l.method,url:l.url,headers:_,data:f,maxRedirections:o,connectTimeout:i,proxy:s,danger:d}}),p=()=>t("plugin:http|fetch_cancel",{rid:h});if(a?.aborted)throw p(),new Error(r);a?.addEventListener("abort",()=>{p()});const{status:w,statusText:y,url:b,headers:g,rid:T}=await t("plugin:http|fetch_send",{rid:h}),R=()=>t("plugin:http|fetch_cancel_body",{rid:T}),m=[101,103,204,205,304].includes(w)?null:new ReadableStream({start:e=>{a?.addEventListener("abort",()=>{e.error(r),R()})},pull:e=>(async e=>{let r;try{r=await t("plugin:http|fetch_read_body",{rid:T})}catch(t){return e.error(t),void R()}const n=new Uint8Array(r),a=n[n.byteLength-1],o=n.slice(0,n.byteLength-1);1!==a?e.enqueue(o):e.close()})(e),cancel:()=>{R()}}),A=new Response(m,{status:w,statusText:y});Object.defineProperty(A,"url",{value:b,writable:!1}),Object.defineProperty(A,"headers",{value:new Headers(g),writable:!1});const v=A.clone.bind(A);return Object.defineProperty(A,"clone",{value:()=>{const e=v();return Object.defineProperty(e,"url",{value:b,writable:!1}),Object.defineProperty(e,"headers",{value:new Headers(g),writable:!1}),e}}),A},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})}
@@ -275,7 +275,11 @@ export async function fetch(
            void dropBody()
          })
        },
-        pull: (controller) => readChunk(controller)
+        pull: (controller) => readChunk(controller),
+        cancel: () => {
+          // Ensure body resources are released on stream cancellation
+          void dropBody()
+        }
      })

  const res = new Response(body, {
@@ -283,14 +287,30 @@ export async function fetch(
    statusText
  })

-  // Set `Response` properties that are ignored by the
-  // constructor, like url and some headers
-  //
-  // Since url and headers are read only properties
-  // this is the only way to set them.
-  Object.defineProperty(res, 'url', { value: url })
+  // `Response.url` cannot be set via the constructor, so we define it manually
+  Object.defineProperty(res, 'url', { value: url, writable: false })
+
+  // Expose `set-cookie` via `response.headers` (and `getSetCookie()` where
+  // supported). This is not Fetch-spec compliant for network responses in
+  // browsers, where `set-cookie` is treated as a forbidden response
+  // header and is generally not readable from JavaScript.
  Object.defineProperty(res, 'headers', {
-    value: new Headers(responseHeaders)
+    value: new Headers(responseHeaders),
+    writable: false
+  })
+
+  // Patch clone() per-instance so cloning preserves the overridden properties
+  const originalClone = res.clone.bind(res)
+  Object.defineProperty(res, 'clone', {
+    value: () => {
+      const cloned = originalClone()
+      Object.defineProperty(cloned, 'url', { value: url, writable: false })
+      Object.defineProperty(cloned, 'headers', {
+        value: new Headers(responseHeaders),
+        writable: false
+      })
+      return cloned
+    }
  })

  return res
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-http",
-  "version": "2.5.5",
+  "version": "2.5.8",
  "license": "MIT OR Apache-2.0",
  "authors": [
    "Tauri Programme within The Commons Conservancy"
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -279,7 +279,7 @@ pub async fn fetch<R: Runtime>(

                if headers.contains_key(header::RANGE) {
                    // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch step 18
-                    // If httpRequest’s header list contains `Range`, then append (`Accept-Encoding`, `identity`)
+                    // If httpRequest's header list contains `Range`, then append (`Accept-Encoding`, `identity`)
                    headers.append(header::ACCEPT_ENCODING, HeaderValue::from_str("identity")?);
                }

@@ -290,10 +290,13 @@ pub async fn fetch<R: Runtime>(
                // ensure we have an Origin header set
                if cfg!(not(feature = "unsafe-headers")) || !headers.contains_key(header::ORIGIN) {
                    if let Ok(url) = webview.url() {
-                        headers.append(
-                            header::ORIGIN,
-                            HeaderValue::from_str(&url.origin().ascii_serialization())?,
-                        );
+                        // The url crate returns OpaqueOrigin for tauri://localhost which serializes to "null"
+                        let origin = if url.scheme() == "tauri" {
+                            "tauri://localhost".to_string()
+                        } else {
+                            url.origin().ascii_serialization()
+                        };
+                        headers.append(header::ORIGIN, HeaderValue::from_str(&origin)?);
                    }
                }

@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_LOG__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function r(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}var a,t;async function o(e,a,t){const o={kind:"Any"};return r("plugin:event|listen",{event:e,target:o,handler:n(a)}).then((n=>async()=>async function(e,n){window.__TAURI_EVENT_PLUGIN_INTERNALS__.unregisterListener(e,n),await r("plugin:event|unlisten",{event:e,eventId:n})}(e,n)))}async function i(e,n,a){const t=function(e){if(e){if(!e.startsWith("Error")){const n=e.split("\n").map((e=>e.split("@"))).filter((([e,n])=>e.length>0&&"[native code]"!==n));return n[2]?.filter((e=>e.length>0)).join("@")}{const n=e.split("\n"),r=n[3]?.trim();if(!r)return;const a=/at\s+(?<functionName>.*?)\s+\((?<fileName>.*?):(?<lineNumber>\d+):(?<columnNumber>\d+)\)/,t=r.match(a);if(t){const{functionName:e,fileName:n,lineNumber:r,columnNumber:a}=t.groups;return`${e}@${n}:${r}:${a}`}{const e=/at\s+(?<fileName>.*?):(?<lineNumber>\d+):(?<columnNumber>\d+)/,n=r.match(e);if(n){const{fileName:e,lineNumber:r,columnNumber:a}=n.groups;return`<anonymous>@${e}:${r}:${a}`}}}}}((new Error).stack),{file:o,line:i,keyValues:u}=a??{};await r("plugin:log|log",{level:e,message:n,location:t,file:o,line:i,keyValues:u})}async function u(e){return await o("log://log",(n=>{const{level:r}=n.payload;let{message:a}=n.payload;a=a.replace(/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g,""),e({message:a,level:r})}))}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WINDOW_CREATED="tauri://window-created",e.WEBVIEW_CREATED="tauri://webview-created",e.DRAG_ENTER="tauri://drag-enter",e.DRAG_OVER="tauri://drag-over",e.DRAG_DROP="tauri://drag-drop",e.DRAG_LEAVE="tauri://drag-leave"}(a||(a={})),e.LogLevel=void 0,(t=e.LogLevel||(e.LogLevel={}))[t.Trace=1]="Trace",t[t.Debug=2]="Debug",t[t.Info=3]="Info",t[t.Warn=4]="Warn",t[t.Error=5]="Error",e.attachConsole=async function(){return await u((({level:n,message:r})=>{switch(n){case e.LogLevel.Trace:console.log(r);break;case e.LogLevel.Debug:console.debug(r);break;case e.LogLevel.Info:console.info(r);break;case e.LogLevel.Warn:console.warn(r);break;case e.LogLevel.Error:console.error(r);break;default:throw new Error(`unknown log level ${n}`)}}))},e.attachLogger=u,e.debug=async function(n,r){await i(e.LogLevel.Debug,n,r)},e.error=async function(n,r){await i(e.LogLevel.Error,n,r)},e.info=async function(n,r){await i(e.LogLevel.Info,n,r)},e.trace=async function(n,r){await i(e.LogLevel.Trace,n,r)},e.warn=async function(n,r){await i(e.LogLevel.Warn,n,r)},e}({});Object.defineProperty(window.__TAURI__,"log",{value:__TAURI_PLUGIN_LOG__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_LOG__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function r(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}var a,t;async function o(e,a,t){const o={kind:"Any"};return r("plugin:event|listen",{event:e,target:o,handler:n(a)}).then(n=>async()=>async function(e,n){window.__TAURI_EVENT_PLUGIN_INTERNALS__.unregisterListener(e,n),await r("plugin:event|unlisten",{event:e,eventId:n})}(e,n))}async function i(e,n,a){const t=function(e){if(e){if(!e.startsWith("Error")){const n=e.split("\n").map(e=>e.split("@")).filter(([e,n])=>e.length>0&&"[native code]"!==n);return n[2]?.filter(e=>e.length>0).join("@")}{const n=e.split("\n"),r=n[3]?.trim();if(!r)return;const a=/at\s+(?<functionName>.*?)\s+\((?<fileName>.*?):(?<lineNumber>\d+):(?<columnNumber>\d+)\)/,t=r.match(a);if(t){const{functionName:e,fileName:n,lineNumber:r,columnNumber:a}=t.groups;return`${e}@${n}:${r}:${a}`}{const e=/at\s+(?<fileName>.*?):(?<lineNumber>\d+):(?<columnNumber>\d+)/,n=r.match(e);if(n){const{fileName:e,lineNumber:r,columnNumber:a}=n.groups;return`<anonymous>@${e}:${r}:${a}`}}}}}((new Error).stack),{file:o,line:i,keyValues:u}=a??{};await r("plugin:log|log",{level:e,message:n,location:t,file:o,line:i,keyValues:u})}async function u(e){return await o("log://log",n=>{const{level:r}=n.payload;let{message:a}=n.payload;a=a.replace(/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g,""),e({message:a,level:r})})}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WINDOW_CREATED="tauri://window-created",e.WEBVIEW_CREATED="tauri://webview-created",e.DRAG_ENTER="tauri://drag-enter",e.DRAG_OVER="tauri://drag-over",e.DRAG_DROP="tauri://drag-drop",e.DRAG_LEAVE="tauri://drag-leave"}(a||(a={})),e.LogLevel=void 0,(t=e.LogLevel||(e.LogLevel={}))[t.Trace=1]="Trace",t[t.Debug=2]="Debug",t[t.Info=3]="Info",t[t.Warn=4]="Warn",t[t.Error=5]="Error",e.attachConsole=async function(){return await u(({level:n,message:r})=>{switch(n){case e.LogLevel.Trace:console.log(r);break;case e.LogLevel.Debug:console.debug(r);break;case e.LogLevel.Info:console.info(r);break;case e.LogLevel.Warn:console.warn(r);break;case e.LogLevel.Error:console.error(r);break;default:throw new Error(`unknown log level ${n}`)}})},e.attachLogger=u,e.debug=async function(n,r){await i(e.LogLevel.Debug,n,r)},e.error=async function(n,r){await i(e.LogLevel.Error,n,r)},e.info=async function(n,r){await i(e.LogLevel.Info,n,r)},e.trace=async function(n,r){await i(e.LogLevel.Trace,n,r)},e.warn=async function(n,r){await i(e.LogLevel.Warn,n,r)},e}({});Object.defineProperty(window.__TAURI__,"log",{value:__TAURI_PLUGIN_LOG__})}
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,9 @@
 # Changelog

+## \[2.3.5]
+
+- [`ab037b70`](https://github.com/tauri-apps/plugins-workspace/commit/ab037b70d6fb54f1ad07d5fe21c41bd1997b34dd) ([#3339](https://github.com/tauri-apps/plugins-workspace/pull/3339) by [@crazy-genius](https://github.com/tauri-apps/plugins-workspace/../../crazy-genius)) Fixed syntax error in kotlin files potentially causing issues when trying to write to tags when no prior session existed.
+
 ## \[2.3.4]

 - [`b4348cee`](https://github.com/tauri-apps/plugins-workspace/commit/b4348cee926ee3d1db151bc831cdb9049bee717f) ([#3101](https://github.com/tauri-apps/plugins-workspace/pull/3101) by [@bclarke123](https://github.com/tauri-apps/plugins-workspace/../../bclarke123)) Update return value of `isAvailable` to match TypeScript function signature
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-nfc"
-version = "2.3.4"
+version = "2.3.5"
 description = "Read and write NFC tags on Android and iOS."
 edition = { workspace = true }
 authors = { workspace = true }
@@ -355,13 +355,13 @@ class NfcPlugin(private val activity: Activity) : Plugin(activity) {
                invoke.reject("connected tag not found, please wait for it to be available and then call write()")
            }
        } ?: run {
-            args.kind?.let { kind -> {
+            args.kind?.let { kind ->
                val filters = kind.filters()
                val techLists = kind.techLists()
                enableNFCInForeground(filters, techLists)
                session = Session(NfcAction.Write(message), invoke, true, null, filters, techLists)
                Logger.warn("NFC", "Write Mode Enabled")
-            }} ?: run {
+            } ?: run {
                invoke.reject("Missing `kind` for write")
            }

@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_NFC__=function(n){"use strict";async function e(n,e={},t){return window.__TAURI_INTERNALS__.invoke(n,e,t)}"function"==typeof SuppressedError&&SuppressedError;const t=[84],r=[85];var o,c;function a(n,e,t,r){return{format:n,kind:"string"==typeof e?Array.from((new TextEncoder).encode(e)):e,id:"string"==typeof t?Array.from((new TextEncoder).encode(t)):t,payload:"string"==typeof r?Array.from((new TextEncoder).encode(r)):r}}n.TechKind=void 0,(o=n.TechKind||(n.TechKind={}))[o.IsoDep=0]="IsoDep",o[o.MifareClassic=1]="MifareClassic",o[o.MifareUltralight=2]="MifareUltralight",o[o.Ndef=3]="Ndef",o[o.NdefFormatable=4]="NdefFormatable",o[o.NfcA=5]="NfcA",o[o.NfcB=6]="NfcB",o[o.NfcBarcode=7]="NfcBarcode",o[o.NfcF=8]="NfcF",o[o.NfcV=9]="NfcV",n.NFCTypeNameFormat=void 0,(c=n.NFCTypeNameFormat||(n.NFCTypeNameFormat={}))[c.Empty=0]="Empty",c[c.NfcWellKnown=1]="NfcWellKnown",c[c.Media=2]="Media",c[c.AbsoluteURI=3]="AbsoluteURI",c[c.NfcExternal=4]="NfcExternal",c[c.Unknown=5]="Unknown",c[c.Unchanged=6]="Unchanged";const i=["","http://www.","https://www.","http://","https://","tel:","mailto:","ftp://anonymous:anonymous@","ftp://ftp.","ftps://","sftp://","smb://","nfs://","ftp://","dav://","news:","telnet://","imap:","rtsp://","urn:","pop:","sip:","sips:","tftp:","btspp://","btl2cap://","btgoep://","tcpobex://","irdaobex://","file://","urn:epc:id:","urn:epc:tag:","urn:epc:pat:","urn:epc:raw:","urn:epc:","urn:nfc:"];function f(n){const{type:e,...t}=n;return{[e]:t}}return n.RTD_TEXT=t,n.RTD_URI=r,n.isAvailable=async function(){const{available:n}=await e("plugin:nfc|is_available");return n},n.record=a,n.scan=async function(n,t){return await e("plugin:nfc|scan",{kind:f(n),...t})},n.textRecord=function(e,r,o="en"){const c=Array.from((new TextEncoder).encode(o+e));return c.unshift(o.length),a(n.NFCTypeNameFormat.NfcWellKnown,t,r??[],c)},n.uriRecord=function(e,t){return a(n.NFCTypeNameFormat.NfcWellKnown,r,t??[],function(n){let e="";i.slice(1).forEach((function(t){0!==e.length&&"urn:"!==e||0!==n.indexOf(t)||(e=t)})),0===e.length&&(e="");const t=Array.from((new TextEncoder).encode(n.slice(e.length))),r=i.indexOf(e);return t.unshift(r),t}(e))},n.write=async function(n,t){const{kind:r,...o}=t??{};r&&(o.kind=f(r)),await e("plugin:nfc|write",{records:n,...o})},n}({});Object.defineProperty(window.__TAURI__,"nfc",{value:__TAURI_PLUGIN_NFC__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_NFC__=function(n){"use strict";async function e(n,e={},t){return window.__TAURI_INTERNALS__.invoke(n,e,t)}"function"==typeof SuppressedError&&SuppressedError;const t=[84],r=[85];var o,c;function a(n,e,t,r){return{format:n,kind:"string"==typeof e?Array.from((new TextEncoder).encode(e)):e,id:"string"==typeof t?Array.from((new TextEncoder).encode(t)):t,payload:"string"==typeof r?Array.from((new TextEncoder).encode(r)):r}}n.TechKind=void 0,(o=n.TechKind||(n.TechKind={}))[o.IsoDep=0]="IsoDep",o[o.MifareClassic=1]="MifareClassic",o[o.MifareUltralight=2]="MifareUltralight",o[o.Ndef=3]="Ndef",o[o.NdefFormatable=4]="NdefFormatable",o[o.NfcA=5]="NfcA",o[o.NfcB=6]="NfcB",o[o.NfcBarcode=7]="NfcBarcode",o[o.NfcF=8]="NfcF",o[o.NfcV=9]="NfcV",n.NFCTypeNameFormat=void 0,(c=n.NFCTypeNameFormat||(n.NFCTypeNameFormat={}))[c.Empty=0]="Empty",c[c.NfcWellKnown=1]="NfcWellKnown",c[c.Media=2]="Media",c[c.AbsoluteURI=3]="AbsoluteURI",c[c.NfcExternal=4]="NfcExternal",c[c.Unknown=5]="Unknown",c[c.Unchanged=6]="Unchanged";const i=["","http://www.","https://www.","http://","https://","tel:","mailto:","ftp://anonymous:anonymous@","ftp://ftp.","ftps://","sftp://","smb://","nfs://","ftp://","dav://","news:","telnet://","imap:","rtsp://","urn:","pop:","sip:","sips:","tftp:","btspp://","btl2cap://","btgoep://","tcpobex://","irdaobex://","file://","urn:epc:id:","urn:epc:tag:","urn:epc:pat:","urn:epc:raw:","urn:epc:","urn:nfc:"];function f(n){const{type:e,...t}=n;return{[e]:t}}return n.RTD_TEXT=t,n.RTD_URI=r,n.isAvailable=async function(){const{available:n}=await e("plugin:nfc|is_available");return n},n.record=a,n.scan=async function(n,t){return await e("plugin:nfc|scan",{kind:f(n),...t})},n.textRecord=function(e,r,o="en"){const c=Array.from((new TextEncoder).encode(o+e));return c.unshift(o.length),a(n.NFCTypeNameFormat.NfcWellKnown,t,r??[],c)},n.uriRecord=function(e,t){return a(n.NFCTypeNameFormat.NfcWellKnown,r,t??[],function(n){let e="";i.slice(1).forEach(function(t){0!==e.length&&"urn:"!==e||0!==n.indexOf(t)||(e=t)}),0===e.length&&(e="");const t=Array.from((new TextEncoder).encode(n.slice(e.length))),r=i.indexOf(e);return t.unshift(r),t}(e))},n.write=async function(n,t){const{kind:r,...o}=t??{};r&&(o.kind=f(r)),await e("plugin:nfc|write",{records:n,...o})},n}({});Object.defineProperty(window.__TAURI__,"nfc",{value:__TAURI_PLUGIN_NFC__})}
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-nfc",
-  "version": "2.3.4",
+  "version": "2.3.5",
  "license": "MIT OR Apache-2.0",
  "authors": [
    "Tauri Programme within The Commons Conservancy"
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -43,10 +43,5 @@ windows-version = { version = "0.1", optional = true }
 [target."cfg(any(target_os = \"macos\", windows, target_os = \"linux\", target_os = \"dragonfly\", target_os = \"freebsd\", target_os = \"openbsd\", target_os = \"netbsd\"))".dependencies]
 notify-rust = "4.11"

-[dev-dependencies]
-color-backtrace = "0.7"
-ctor = "0.2"
-maplit = "1"
-
 [features]
 windows7-compat = ["win7-notifications", "windows-version"]
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_NOTIFICATION__=function(i){"use strict";function t(i,t,n,e){if("function"==typeof t?i!==t||!e:!t.has(i))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===n?e:"a"===n?e.call(i):e?e.value:t.get(i)}function n(i,t,n,e,a){if("function"==typeof t||!t.has(i))throw new TypeError("Cannot write private member to an object whose class did not declare it");return t.set(i,n),n}var e,a,o,r;"function"==typeof SuppressedError&&SuppressedError;const s="__TAURI_TO_IPC_KEY__";class c{constructor(i){e.set(this,void 0),a.set(this,0),o.set(this,[]),r.set(this,void 0),n(this,e,i||(()=>{})),this.id=function(i,t=!1){return window.__TAURI_INTERNALS__.transformCallback(i,t)}((i=>{const s=i.index;if("end"in i)return void(s==t(this,a,"f")?this.cleanupCallback():n(this,r,s));const c=i.message;if(s==t(this,a,"f")){for(t(this,e,"f").call(this,c),n(this,a,t(this,a,"f")+1);t(this,a,"f")in t(this,o,"f");){const i=t(this,o,"f")[t(this,a,"f")];t(this,e,"f").call(this,i),delete t(this,o,"f")[t(this,a,"f")],n(this,a,t(this,a,"f")+1)}t(this,a,"f")===t(this,r,"f")&&this.cleanupCallback()}else t(this,o,"f")[s]=c}))}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(i){n(this,e,i)}get onmessage(){return t(this,e,"f")}[(e=new WeakMap,a=new WeakMap,o=new WeakMap,r=new WeakMap,s)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[s]()}}class l{constructor(i,t,n){this.plugin=i,this.event=t,this.channelId=n}async unregister(){return f(`plugin:${this.plugin}|remove_listener`,{event:this.event,channelId:this.channelId})}}async function u(i,t,n){const e=new c(n);try{return await f(`plugin:${i}|register_listener`,{event:t,handler:e}),new l(i,t,e.id)}catch{return await f(`plugin:${i}|registerListener`,{event:t,handler:e}),new l(i,t,e.id)}}async function f(i,t={},n){return window.__TAURI_INTERNALS__.invoke(i,t,n)}var h,d,w;i.ScheduleEvery=void 0,(h=i.ScheduleEvery||(i.ScheduleEvery={})).Year="year",h.Month="month",h.TwoWeeks="twoWeeks",h.Week="week",h.Day="day",h.Hour="hour",h.Minute="minute",h.Second="second";return i.Importance=void 0,(d=i.Importance||(i.Importance={}))[d.None=0]="None",d[d.Min=1]="Min",d[d.Low=2]="Low",d[d.Default=3]="Default",d[d.High=4]="High",i.Visibility=void 0,(w=i.Visibility||(i.Visibility={}))[w.Secret=-1]="Secret",w[w.Private=0]="Private",w[w.Public=1]="Public",i.Schedule=class{static at(i,t=!1,n=!1){return{at:{date:i,repeating:t,allowWhileIdle:n},interval:void 0,every:void 0}}static interval(i,t=!1){return{at:void 0,interval:{interval:i,allowWhileIdle:t},every:void 0}}static every(i,t,n=!1){return{at:void 0,interval:void 0,every:{interval:i,count:t,allowWhileIdle:n}}}},i.active=async function(){return await f("plugin:notification|get_active")},i.cancel=async function(i){await f("plugin:notification|cancel",{notifications:i})},i.cancelAll=async function(){await f("plugin:notification|cancel")},i.channels=async function(){return await f("plugin:notification|listChannels")},i.createChannel=async function(i){await f("plugin:notification|create_channel",{...i})},i.isPermissionGranted=async function(){return"default"!==window.Notification.permission?await Promise.resolve("granted"===window.Notification.permission):await f("plugin:notification|is_permission_granted")},i.onAction=async function(i){return await u("notification","actionPerformed",i)},i.onNotificationReceived=async function(i){return await u("notification","notification",i)},i.pending=async function(){return await f("plugin:notification|get_pending")},i.registerActionTypes=async function(i){await f("plugin:notification|register_action_types",{types:i})},i.removeActive=async function(i){await f("plugin:notification|remove_active",{notifications:i})},i.removeAllActive=async function(){await f("plugin:notification|remove_active")},i.removeChannel=async function(i){await f("plugin:notification|delete_channel",{id:i})},i.requestPermission=async function(){return await window.Notification.requestPermission()},i.sendNotification=function(i){"string"==typeof i?new window.Notification(i):new window.Notification(i.title,i)},i}({});Object.defineProperty(window.__TAURI__,"notification",{value:__TAURI_PLUGIN_NOTIFICATION__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_NOTIFICATION__=function(i){"use strict";function t(i,t,n,e){if("function"==typeof t?i!==t||!e:!t.has(i))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===n?e:"a"===n?e.call(i):e?e.value:t.get(i)}function n(i,t,n,e,a){if("function"==typeof t||!t.has(i))throw new TypeError("Cannot write private member to an object whose class did not declare it");return t.set(i,n),n}var e,a,o,r;"function"==typeof SuppressedError&&SuppressedError;const s="__TAURI_TO_IPC_KEY__";class c{constructor(i){e.set(this,void 0),a.set(this,0),o.set(this,[]),r.set(this,void 0),n(this,e,i||(()=>{})),this.id=function(i,t=!1){return window.__TAURI_INTERNALS__.transformCallback(i,t)}(i=>{const s=i.index;if("end"in i)return void(s==t(this,a,"f")?this.cleanupCallback():n(this,r,s));const c=i.message;if(s==t(this,a,"f")){for(t(this,e,"f").call(this,c),n(this,a,t(this,a,"f")+1);t(this,a,"f")in t(this,o,"f");){const i=t(this,o,"f")[t(this,a,"f")];t(this,e,"f").call(this,i),delete t(this,o,"f")[t(this,a,"f")],n(this,a,t(this,a,"f")+1)}t(this,a,"f")===t(this,r,"f")&&this.cleanupCallback()}else t(this,o,"f")[s]=c})}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(i){n(this,e,i)}get onmessage(){return t(this,e,"f")}[(e=new WeakMap,a=new WeakMap,o=new WeakMap,r=new WeakMap,s)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[s]()}}class l{constructor(i,t,n){this.plugin=i,this.event=t,this.channelId=n}async unregister(){return f(`plugin:${this.plugin}|remove_listener`,{event:this.event,channelId:this.channelId})}}async function u(i,t,n){const e=new c(n);try{return await f(`plugin:${i}|register_listener`,{event:t,handler:e}),new l(i,t,e.id)}catch{return await f(`plugin:${i}|registerListener`,{event:t,handler:e}),new l(i,t,e.id)}}async function f(i,t={},n){return window.__TAURI_INTERNALS__.invoke(i,t,n)}var h,d,w;i.ScheduleEvery=void 0,(h=i.ScheduleEvery||(i.ScheduleEvery={})).Year="year",h.Month="month",h.TwoWeeks="twoWeeks",h.Week="week",h.Day="day",h.Hour="hour",h.Minute="minute",h.Second="second";return i.Importance=void 0,(d=i.Importance||(i.Importance={}))[d.None=0]="None",d[d.Min=1]="Min",d[d.Low=2]="Low",d[d.Default=3]="Default",d[d.High=4]="High",i.Visibility=void 0,(w=i.Visibility||(i.Visibility={}))[w.Secret=-1]="Secret",w[w.Private=0]="Private",w[w.Public=1]="Public",i.Schedule=class{static at(i,t=!1,n=!1){return{at:{date:i,repeating:t,allowWhileIdle:n},interval:void 0,every:void 0}}static interval(i,t=!1){return{at:void 0,interval:{interval:i,allowWhileIdle:t},every:void 0}}static every(i,t,n=!1){return{at:void 0,interval:void 0,every:{interval:i,count:t,allowWhileIdle:n}}}},i.active=async function(){return await f("plugin:notification|get_active")},i.cancel=async function(i){await f("plugin:notification|cancel",{notifications:i})},i.cancelAll=async function(){await f("plugin:notification|cancel")},i.channels=async function(){return await f("plugin:notification|listChannels")},i.createChannel=async function(i){await f("plugin:notification|create_channel",{...i})},i.isPermissionGranted=async function(){return"default"!==window.Notification.permission?await Promise.resolve("granted"===window.Notification.permission):await f("plugin:notification|is_permission_granted")},i.onAction=async function(i){return await u("notification","actionPerformed",i)},i.onNotificationReceived=async function(i){return await u("notification","notification",i)},i.pending=async function(){return await f("plugin:notification|get_pending")},i.registerActionTypes=async function(i){await f("plugin:notification|register_action_types",{types:i})},i.removeActive=async function(i){await f("plugin:notification|remove_active",{notifications:i})},i.removeAllActive=async function(){await f("plugin:notification|remove_active")},i.removeChannel=async function(i){await f("plugin:notification|delete_channel",{id:i})},i.requestPermission=async function(){return await window.Notification.requestPermission()},i.sendNotification=function(i){"string"==typeof i?new window.Notification(i):new window.Notification(i.title,i)},i}({});Object.defineProperty(window.__TAURI__,"notification",{value:__TAURI_PLUGIN_NOTIFICATION__})}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1 +1 @@
-!function(){"use strict";async function i(i,n={},t){return window.__TAURI_INTERNALS__.invoke(i,n,t)}"function"==typeof SuppressedError&&SuppressedError,function(){let n=!1,t="default";function o(i){n=!0,window.Notification.permission=i,n=!1}window.Notification=function(n,t){const o=t||{};!async function(n){"object"==typeof n&&Object.freeze(n),await i("plugin:notification|notify",{options:"string"==typeof n?{title:n}:n})}(Object.assign(o,{title:n}))},window.Notification.requestPermission=async function(){return await i("plugin:notification|request_permission").then((i=>(o("prompt"===i||"prompt-with-rationale"===i?"default":i),i)))},Object.defineProperty(window.Notification,"permission",{enumerable:!0,get:()=>t,set:i=>{if(!n)throw new Error("Readonly property");t=i}}),async function(){return"default"!==window.Notification.permission||__TEMPLATE_windows__?await Promise.resolve("granted"===window.Notification.permission):await i("plugin:notification|is_permission_granted")}().then((function(i){o(null===i?"default":i?"granted":"denied")}))}()}();
+!function(){"use strict";async function i(i,n={},t){return window.__TAURI_INTERNALS__.invoke(i,n,t)}"function"==typeof SuppressedError&&SuppressedError,function(){let n=!1,t="default";function o(i){n=!0,window.Notification.permission=i,n=!1}window.Notification=function(n,t){const o=t||{};!async function(n){"object"==typeof n&&Object.freeze(n),await i("plugin:notification|notify",{options:"string"==typeof n?{title:n}:n})}(Object.assign(o,{title:n}))},window.Notification.requestPermission=async function(){return await i("plugin:notification|request_permission").then(i=>(o("prompt"===i||"prompt-with-rationale"===i?"default":i),i))},Object.defineProperty(window.Notification,"permission",{enumerable:!0,get:()=>t,set:i=>{if(!n)throw new Error("Readonly property");t=i}}),async function(){return"default"!==window.Notification.permission||__TEMPLATE_windows__?await Promise.resolve("granted"===window.Notification.permission):await i("plugin:notification|is_permission_granted")}().then(function(i){o(null===i?"default":i?"granted":"denied")})}()}();
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1 +1 @@
-!function(){"use strict";"function"==typeof SuppressedError&&SuppressedError,window.addEventListener("click",(function(e){if(e.defaultPrevented||0!==e.button||e.metaKey||e.altKey)return;const t=e.composedPath().find((e=>e instanceof Node&&"A"===e.nodeName.toUpperCase()));if(!t||!t.href||"_blank"!==t.target&&!e.ctrlKey&&!e.shiftKey)return;const n=new URL(t.href);["http:","https:","mailto:","tel:"].every((e=>n.protocol!==e))||(e.preventDefault(),async function(e,t={},n){window.__TAURI_INTERNALS__.invoke(e,t,n)}("plugin:opener|open_url",{url:n}))}))}();
+!function(){"use strict";"function"==typeof SuppressedError&&SuppressedError,window.addEventListener("click",function(e){if(e.defaultPrevented||0!==e.button||e.metaKey||e.altKey)return;const t=e.composedPath().find(e=>e instanceof Node&&"A"===e.nodeName.toUpperCase());if(!t||!t.href||"_blank"!==t.target&&!e.ctrlKey&&!e.shiftKey)return;const n=new URL(t.href);["http:","https:","mailto:","tel:"].every(e=>n.protocol!==e)||(e.preventDefault(),async function(e,t={},n){window.__TAURI_INTERNALS__.invoke(e,t,n)}("plugin:opener|open_url",{url:n}))})}();
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,11 @@
 # Changelog

+## \[2.3.6]
+
+### Dependencies
+
+- Upgraded to `fs@2.5.0`
+
 ## \[2.3.5]

 ### Dependencies
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-persisted-scope"
-version = "2.3.5"
+version = "2.3.6"
 description = "Save filesystem and asset scopes and restore them when the app is reopened."
 authors = { workspace = true }
 license = { workspace = true }
@@ -23,7 +23,7 @@ log = { workspace = true }
 thiserror = { workspace = true }
 aho-corasick = "1"
 bincode = "1"
-tauri-plugin-fs = { path = "../fs", version = "2.4.5" }
+tauri-plugin-fs = { path = "../fs", version = "2.5.0" }

 [features]
 protocol-asset = ["tauri/protocol-asset"]
@@ -25,6 +25,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1,5 +1,11 @@
 # Changelog

+## \[2.3.5]
+
+### bug
+
+- [`d4613ff0`](https://github.com/tauri-apps/plugins-workspace/commit/d4613ff0029ea65f5c6895c3a6f8f5668dd1b55e) ([#3234](https://github.com/tauri-apps/plugins-workspace/pull/3234)) Make sidecars work in tests. Executable resolution is aware of the "deps" directory.
+
 ## \[2.3.4]

 - [`31415eff`](https://github.com/tauri-apps/plugins-workspace/commit/31415effdf5a9ced19934a681cb044a732174088) ([#3183](https://github.com/tauri-apps/plugins-workspace/pull/3183) by [@Tunglies](https://github.com/tauri-apps/plugins-workspace/../../Tunglies)) Docs on example to Encoding usage in `Command::spawn`. No user facing changes.
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-shell"
-version = "2.3.4"
+version = "2.3.5"
 description = "Access the system shell. Allows you to spawn child processes and manage files and URLs using their default application."
 edition = { workspace = true }
 authors = { workspace = true }
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_SHELL__=function(e){"use strict";function t(e,t,s,i){if("function"==typeof t?e!==t||!i:!t.has(e))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===s?i:"a"===s?i.call(e):i?i.value:t.get(e)}function s(e,t,s,i,n){if("function"==typeof t||!t.has(e))throw new TypeError("Cannot write private member to an object whose class did not declare it");return t.set(e,s),s}var i,n,r,o;"function"==typeof SuppressedError&&SuppressedError;const a="__TAURI_TO_IPC_KEY__";class h{constructor(e){i.set(this,void 0),n.set(this,0),r.set(this,[]),o.set(this,void 0),s(this,i,e||(()=>{})),this.id=function(e,t=!1){return window.__TAURI_INTERNALS__.transformCallback(e,t)}((e=>{const a=e.index;if("end"in e)return void(a==t(this,n,"f")?this.cleanupCallback():s(this,o,a));const h=e.message;if(a==t(this,n,"f")){for(t(this,i,"f").call(this,h),s(this,n,t(this,n,"f")+1);t(this,n,"f")in t(this,r,"f");){const e=t(this,r,"f")[t(this,n,"f")];t(this,i,"f").call(this,e),delete t(this,r,"f")[t(this,n,"f")],s(this,n,t(this,n,"f")+1)}t(this,n,"f")===t(this,o,"f")&&this.cleanupCallback()}else t(this,r,"f")[a]=h}))}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(e){s(this,i,e)}get onmessage(){return t(this,i,"f")}[(i=new WeakMap,n=new WeakMap,r=new WeakMap,o=new WeakMap,a)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[a]()}}async function c(e,t={},s){return window.__TAURI_INTERNALS__.invoke(e,t,s)}class l{constructor(){this.eventListeners=Object.create(null)}addListener(e,t){return this.on(e,t)}removeListener(e,t){return this.off(e,t)}on(e,t){return e in this.eventListeners?this.eventListeners[e].push(t):this.eventListeners[e]=[t],this}once(e,t){const s=i=>{this.removeListener(e,s),t(i)};return this.addListener(e,s)}off(e,t){return e in this.eventListeners&&(this.eventListeners[e]=this.eventListeners[e].filter((e=>e!==t))),this}removeAllListeners(e){return e?delete this.eventListeners[e]:this.eventListeners=Object.create(null),this}emit(e,t){if(e in this.eventListeners){const s=this.eventListeners[e];for(const e of s)e(t);return!0}return!1}listenerCount(e){return e in this.eventListeners?this.eventListeners[e].length:0}prependListener(e,t){return e in this.eventListeners?this.eventListeners[e].unshift(t):this.eventListeners[e]=[t],this}prependOnceListener(e,t){const s=i=>{this.removeListener(e,s),t(i)};return this.prependListener(e,s)}}class u{constructor(e){this.pid=e}async write(e){await c("plugin:shell|stdin_write",{pid:this.pid,buffer:e})}async kill(){await c("plugin:shell|kill",{cmd:"killChild",pid:this.pid})}}class p extends l{constructor(e,t=[],s){super(),this.stdout=new l,this.stderr=new l,this.program=e,this.args="string"==typeof t?[t]:t,this.options=s??{}}static create(e,t=[],s){return new p(e,t,s)}static sidecar(e,t=[],s){const i=new p(e,t,s);return i.options.sidecar=!0,i}async spawn(){const e=this.program,t=this.args,s=this.options;"object"==typeof t&&Object.freeze(t);const i=new h;return i.onmessage=e=>{switch(e.event){case"Error":this.emit("error",e.payload);break;case"Terminated":this.emit("close",e.payload);break;case"Stdout":this.stdout.emit("data",e.payload);break;case"Stderr":this.stderr.emit("data",e.payload)}},await c("plugin:shell|spawn",{program:e,args:t,options:s,onEvent:i}).then((e=>new u(e)))}async execute(){const e=this.program,t=this.args,s=this.options;return"object"==typeof t&&Object.freeze(t),await c("plugin:shell|execute",{program:e,args:t,options:s})}}return e.Child=u,e.Command=p,e.EventEmitter=l,e.open=async function(e,t){await c("plugin:shell|open",{path:e,with:t})},e}({});Object.defineProperty(window.__TAURI__,"shell",{value:__TAURI_PLUGIN_SHELL__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_SHELL__=function(e){"use strict";function t(e,t,s,i){if("function"==typeof t?e!==t||!i:!t.has(e))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===s?i:"a"===s?i.call(e):i?i.value:t.get(e)}function s(e,t,s,i,n){if("function"==typeof t||!t.has(e))throw new TypeError("Cannot write private member to an object whose class did not declare it");return t.set(e,s),s}var i,n,r,o;"function"==typeof SuppressedError&&SuppressedError;const a="__TAURI_TO_IPC_KEY__";class h{constructor(e){i.set(this,void 0),n.set(this,0),r.set(this,[]),o.set(this,void 0),s(this,i,e||(()=>{})),this.id=function(e,t=!1){return window.__TAURI_INTERNALS__.transformCallback(e,t)}(e=>{const a=e.index;if("end"in e)return void(a==t(this,n,"f")?this.cleanupCallback():s(this,o,a));const h=e.message;if(a==t(this,n,"f")){for(t(this,i,"f").call(this,h),s(this,n,t(this,n,"f")+1);t(this,n,"f")in t(this,r,"f");){const e=t(this,r,"f")[t(this,n,"f")];t(this,i,"f").call(this,e),delete t(this,r,"f")[t(this,n,"f")],s(this,n,t(this,n,"f")+1)}t(this,n,"f")===t(this,o,"f")&&this.cleanupCallback()}else t(this,r,"f")[a]=h})}cleanupCallback(){window.__TAURI_INTERNALS__.unregisterCallback(this.id)}set onmessage(e){s(this,i,e)}get onmessage(){return t(this,i,"f")}[(i=new WeakMap,n=new WeakMap,r=new WeakMap,o=new WeakMap,a)](){return`__CHANNEL__:${this.id}`}toJSON(){return this[a]()}}async function c(e,t={},s){return window.__TAURI_INTERNALS__.invoke(e,t,s)}class l{constructor(){this.eventListeners=Object.create(null)}addListener(e,t){return this.on(e,t)}removeListener(e,t){return this.off(e,t)}on(e,t){return e in this.eventListeners?this.eventListeners[e].push(t):this.eventListeners[e]=[t],this}once(e,t){const s=i=>{this.removeListener(e,s),t(i)};return this.addListener(e,s)}off(e,t){return e in this.eventListeners&&(this.eventListeners[e]=this.eventListeners[e].filter(e=>e!==t)),this}removeAllListeners(e){return e?delete this.eventListeners[e]:this.eventListeners=Object.create(null),this}emit(e,t){if(e in this.eventListeners){const s=this.eventListeners[e];for(const e of s)e(t);return!0}return!1}listenerCount(e){return e in this.eventListeners?this.eventListeners[e].length:0}prependListener(e,t){return e in this.eventListeners?this.eventListeners[e].unshift(t):this.eventListeners[e]=[t],this}prependOnceListener(e,t){const s=i=>{this.removeListener(e,s),t(i)};return this.prependListener(e,s)}}class u{constructor(e){this.pid=e}async write(e){await c("plugin:shell|stdin_write",{pid:this.pid,buffer:e})}async kill(){await c("plugin:shell|kill",{cmd:"killChild",pid:this.pid})}}class p extends l{constructor(e,t=[],s){super(),this.stdout=new l,this.stderr=new l,this.program=e,this.args="string"==typeof t?[t]:t,this.options=s??{}}static create(e,t=[],s){return new p(e,t,s)}static sidecar(e,t=[],s){const i=new p(e,t,s);return i.options.sidecar=!0,i}async spawn(){const e=this.program,t=this.args,s=this.options;"object"==typeof t&&Object.freeze(t);const i=new h;return i.onmessage=e=>{switch(e.event){case"Error":this.emit("error",e.payload);break;case"Terminated":this.emit("close",e.payload);break;case"Stdout":this.stdout.emit("data",e.payload);break;case"Stderr":this.stderr.emit("data",e.payload)}},await c("plugin:shell|spawn",{program:e,args:t,options:s,onEvent:i}).then(e=>new u(e))}async execute(){const e=this.program,t=this.args,s=this.options;return"object"==typeof t&&Object.freeze(t),await c("plugin:shell|execute",{program:e,args:t,options:s})}}return e.Child=u,e.Command=p,e.EventEmitter=l,e.open=async function(e,t){await c("plugin:shell|open",{path:e,with:t})},e}({});Object.defineProperty(window.__TAURI__,"shell",{value:__TAURI_PLUGIN_SHELL__})}
@@ -1,6 +1,6 @@
 {
  "name": "@tauri-apps/plugin-shell",
-  "version": "2.3.4",
+  "version": "2.3.5",
  "license": "MIT OR Apache-2.0",
  "authors": [
    "Tauri Programme within The Commons Conservancy"
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "^2.8.0"
+    "@tauri-apps/api": "^2.10.1"
  }
 }
@@ -1 +1 @@
-!function(){"use strict";async function e(e,t={},n){return window.__TAURI_INTERNALS__.invoke(e,t,n)}function t(){document.querySelector("body")?.addEventListener("click",(function(t){let n=t.target;for(;n;){if(n.matches("a")){const r=n;""!==r.href&&["http://","https://","mailto:","tel:"].some((e=>r.href.startsWith(e)))&&"_blank"===r.target&&(e("plugin:shell|open",{path:r.href}),t.preventDefault());break}n=n.parentElement}}))}"function"==typeof SuppressedError&&SuppressedError,"complete"===document.readyState||"interactive"===document.readyState?t():window.addEventListener("DOMContentLoaded",t,!0)}();
+!function(){"use strict";async function e(e,t={},n){return window.__TAURI_INTERNALS__.invoke(e,t,n)}function t(){document.querySelector("body")?.addEventListener("click",function(t){let n=t.target;for(;n;){if(n.matches("a")){const r=n;""!==r.href&&["http://","https://","mailto:","tel:"].some(e=>r.href.startsWith(e))&&"_blank"===r.target&&(e("plugin:shell|open",{path:r.href}),t.preventDefault());break}n=n.parentElement}})}"function"==typeof SuppressedError&&SuppressedError,"complete"===document.readyState||"interactive"===document.readyState?t():window.addEventListener("DOMContentLoaded",t,!0)}();
@@ -118,27 +118,38 @@ pub struct Output {
 }

 fn relative_command_path(command: &Path) -> crate::Result<PathBuf> {
-    match platform::current_exe()?.parent() {
-        #[cfg(windows)]
-        Some(exe_dir) => {
-            let mut command_path = exe_dir.join(command);
-            let already_exe = command_path.extension().is_some_and(|ext| ext == "exe");
-            if !already_exe {
-                // do not use with_extension to retain dots in the command filename
-                command_path.as_mut_os_string().push(".exe");
-            }
-            Ok(command_path)
+    let exe_path = platform::current_exe()?;
+
+    let exe_dir = exe_path
+        .parent()
+        .ok_or(crate::Error::CurrentExeHasNoParent)?;
+
+    // If a test is being run, the executable is in the "deps" directory, so we need to go up one level.
+    let base_dir = if exe_dir.ends_with("deps") {
+        exe_dir.parent().unwrap_or(exe_dir)
+    } else {
+        exe_dir
+    };
+
+    let mut command_path = base_dir.join(command);
+
+    #[cfg(windows)]
+    {
+        let already_exe = command_path.extension().is_some_and(|ext| ext == "exe");
+        if !already_exe {
+            // do not use with_extension to retain dots in the command filename
+            command_path.as_mut_os_string().push(".exe");
        }
-        #[cfg(not(windows))]
-        Some(exe_dir) => {
-            let mut command_path = exe_dir.join(command);
-            if command_path.extension().is_some_and(|ext| ext == "exe") {
-                command_path.set_extension("");
-            }
-            Ok(command_path)
-        }
-        None => Err(crate::Error::CurrentExeHasNoParent),
    }
+
+    #[cfg(not(windows))]
+    {
+        if command_path.extension().is_some_and(|ext| ext == "exe") {
+            command_path.set_extension("");
+        }
+    }
+
+    Ok(command_path)
 }

 impl From<Command> for StdCommand {
@@ -508,6 +519,8 @@ mod tests {
            .unwrap()
            .parent()
            .unwrap()
+            .parent() // Go up once more to get out of the "deps" directory
+            .unwrap()
            .to_owned();
        assert_eq!(
            relative_command_path(Path::new("Tauri.Example")).unwrap(),
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
github-actions[bot]	d6a3898001	Publish New Versions (v2) (#3268 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-04 18:47:18 +02:00
Tony	2e5bcdf202	chore(deps): fix audits (#3373 )	2026-03-31 18:28:05 +08:00
Fabian-Lars	4374b4fc1a	chore(notification): remove unused dev-deps (#3372 )	2026-03-31 10:33:38 +02:00
Tony	f75d21db33	chore(deps): remove used of tauri-utils build feature (#3360 )	2026-03-25 22:22:30 +08:00
renovate[bot]	4b95f5e079	chore(deps): update dependency eslint to v10.1.0 (#3357 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-23 22:00:32 +01:00
dependabot[bot]	99c3e37b54	chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (#3352 ) Bumps [tar](https://github.com/alexcrichton/tar-rs) from 0.4.41 to 0.4.45. - [Commits](https://github.com/alexcrichton/tar-rs/compare/0.4.41...0.4.45) --- updated-dependencies: - dependency-name: tar dependency-version: 0.4.45 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-21 11:07:40 +08:00
renovate[bot]	eaac19a5b7	chore(deps): update rust crate tar to v0.4.45 [security] (#3353 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-21 10:07:39 +08:00
renovate[bot]	5183e314cb	chore(deps): update dependency typescript-eslint to v8.57.1 (#3344 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-20 20:32:54 +08:00
renovate[bot]	2c0883e64e	chore(deps): update dependency vite to v8 (#3346 ) * chore(deps): update dependency vite to v8 * `pnpm update --recursive` * Regenerate api-iife --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tony <legendmastertony@gmail.com>	2026-03-20 20:05:30 +08:00
Josh	024ec0c29c	fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix #3207 ) (#3214 )	2026-03-12 23:02:08 +01:00
FabianLars	35aad24773	chore(deps): update quinn-proto in Cargo.lock, closes #3341	2026-03-10 14:11:28 +01:00
Minkin Aleksei	ab037b70d6	fix(nfc): remove extra lambda brackets (fix #3338 ) (#3339 ) Co-authored-by: Minkin Aleksei <minkinaleksei@minkins-dev-center.local> Co-authored-by: Fabian-Lars <30730186+FabianLars@users.noreply.github.com>	2026-03-10 10:55:47 +01:00
renovate[bot]	1198ad4fb0	chore(deps): update dependency eslint to v10.0.3 (#3342 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-10 09:47:29 +01:00
Tony	ea033fe3b8	Add AI tool policy to contributing guide (#3336 )	2026-03-09 19:35:41 +08:00
Fabian-Lars	2e432f70c9	chore(deps): remove covector from package.json (#3334 )	2026-03-08 11:39:12 +01:00
renovate[bot]	b19dcd25cb	chore(deps): update dependency @rollup/plugin-terser to v1 (#3333 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-08 10:52:07 +01:00
renovate[bot]	995e76436f	chore(deps): update dependency @tauri-apps/cli to v2.10.1 (#3332 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-07 21:56:47 +08:00
Mike	1dc3612862	fix(sql): add SQL support for Postgres `NUMERIC` and custom data types (fix: #3158 ) (#3275 )	2026-03-05 13:31:20 +01:00
Lucas Fernandes Nogueira	f5f68063e4	feat(fs): access security scoped resources on iOS (#3185 ) Co-authored-by: FabianLars <30730186+FabianLars@users.noreply.github.com>	2026-03-04 13:59:03 +01:00
Tony	36d3d19247	fix(ci): bump rustsec/audit-check to v2 (#3329 )	2026-03-04 18:28:32 +08:00
hrzlgnm	31ab6f8d24	fix(updater): preserve file extension of updater package (fix: #3283 ) (#3285 ) * fix: preserve file extension of updated package (fix: #3283) Otherwise users may get confused when seing a sudo dialog which suggests a `rpm` package is installed using `dpkg -i` * pass on package extension more thoroughly * add changes file Update the updater package to preserve file extension, clarifying installation prompts for users. * Apply suggestion from @hrzlgnm * Apply suggestion from @hrzlgnm * Apply suggestion from @Legend-Master * More rpm and log `pkg_path` instead --------- Co-authored-by: Tony <68118705+Legend-Master@users.noreply.github.com> Co-authored-by: Tony <legendmastertony@gmail.com>	2026-03-03 13:53:48 +08:00
renovate[bot]	21ae430ea3	chore(deps): update rust crate cookie_store to 0.22.0 (#3308 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: FabianLars <30730186+FabianLars@users.noreply.github.com>	2026-03-02 17:36:16 +01:00
Lucas Fernandes Nogueira	015e817cf2	feat(deep-link): validate new intent URLs against configured deep links (#3186 )	2026-03-02 14:33:21 +01:00
dependabot[bot]	2a6d4b42bb	chore(deps): bump time in fixture (#3261 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-02 09:34:50 +01:00
Tony	550d137c64	chore(deps): disable renovate bot on v1 (#3305 )	2026-03-02 16:29:31 +08:00
Tony	3f21f39584	refactor(dialog): handle `okLabel` in js side (#3295 ) * refactor(dialog): handle `okLabel` in js side * Allow unused instead of `cfg(desktop)`	2026-03-01 23:22:25 +08:00
renovate[bot]	759c22758e	chore(deps): update eslint monorepo to v10 (v2) (#3293 ) * chore(deps): update eslint monorepo to v9.39.3 * Update to eslint 10	2026-03-01 11:25:21 +08:00
renovate[bot]	6816dd1960	chore(deps): update dependency rollup to v4.59.0 [security] (v2) (#3291 ) * chore(deps): update dependency rollup to v4.59.0 [security] * Update svelte * pnpm dedupe --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tony <legendmastertony@gmail.com>	2026-03-01 11:11:05 +08:00
Tony	24154472a6	refactor(dialog): reuse `message` command for confirm (#3287 ) * chore(dialog): reuse `message` command for confirm * Add change file * Remove ask and confirm from default permissions * Format * Remove extra `toString` * Point `allow-confirm` to `allow-message`	2026-03-01 10:55:33 +08:00
Thibault Tisserand	2574ec89e7	refactor(store-example): replace load_from_store with TryFrom impl in example (#3277 )	2026-02-19 00:22:25 +01:00
Niklas Volcz	2971289252	fix(http): correct Response header initialization to support cloning (fix #14892 ) (#3252 ) Previously, headers were patched onto the Response object after construction, which bypassed the internal header list and caused `response.clone().headers` to be empty. This change passes the headers directly to the Response constructor, ensuring they are properly stored and clonable.	2026-02-16 16:35:09 +02:00
aiueo13	6c3da6d290	fix(fs): use correct line detection for encodings in `readTextFileLines` (#3273 ) Co-authored-by: OkaYu <aiueo13>	2026-02-13 03:41:43 +02:00
Seiji Okuda	e97a4dedab	feat(fs): #3243 add encoding option to readTextFile functions (#3244 ) * feat(fs): #3243 add encoding option to readFile and readTextFile functions * feat(fs): add encoding option to ReadFileOptions and update readTextFileLines functions * add change file	2026-02-09 16:08:26 +02:00
github-actions[bot]	05045f9a72	publish new versions (#3249 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-05 18:13:33 +01:00
Fabian-Lars	4f53e36a50	fix(single-instance): append version at the end	2026-02-05 18:08:35 +01:00
Lucas Fernandes Nogueira	8374e997b8	fix(deep-link): runtime register on Linux when app path has spaces (#3258 )	2026-02-05 12:30:29 -03:00
Lucas Nogueira	35aa52f45e	fix(single-instance): dbus_path should start with `/`, can't include `-`	2026-02-05 10:28:58 -03:00
renovate[bot]	bbc177150f	chore(deps): update dependency prettier to v3.8.1 (#3235 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-04 23:37:55 +08:00
renovate[bot]	e6e2edca11	chore(deps): update dependency typescript-eslint to v8.54.0 (#3232 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-04 23:08:54 +08:00
renovate[bot]	7ecd19da51	chore(deps): update dependency rollup to v4.57.1 (#3230 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-04 23:08:24 +08:00
dependabot[bot]	a0b6c8ff3b	chore(deps): bump bytes (#3248 ) Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.7.1 to 1.11.1. - [Release notes](https://github.com/tokio-rs/bytes/releases) - [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/bytes/compare/v1.7.1...v1.11.1) --- updated-dependencies: - dependency-name: bytes dependency-version: 1.11.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 23:07:49 +08:00
renovate[bot]	c12ea9306a	chore(deps): update rust crate bytes to v1.11.1 [security] (#3247 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-03 23:53:44 +01:00
Demir Yerli	98e2c11eef	fix(single-instance): unconventional dbus names (fixes #3184 ) (#3194 ) Co-authored-by: FabianLars <github@fabianlars.de> Co-authored-by: Amr Bashir <github@amrbashir.me>	2026-02-03 23:36:48 +01:00
github-actions[bot]	50b159f668	Publish New Versions (v2) (#3211 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-03 12:18:37 +01:00
Fabian-Lars	305c4f6b4e	ci: add workflow_dipatch trigger to integration tests	2026-02-03 10:55:10 +01:00
Lucas Fernandes Nogueira	89f3e17952	chore: bump tauri to 2.10 (#3246 ) * chore: bump tauri to 2.10 * pnpm i * audit fix	2026-02-02 21:48:08 -03:00
Ale Sanchez	d4613ff002	fix(shell): Make sidecars work in tests (fix #13767 ) (#3234 )	2026-01-26 17:12:42 +01:00
Tony	69a9d5771c	chore(updater): use `keep` from tempfile 3.20 (#3229 )	2026-01-22 11:40:43 +08:00
Del	61e9b0ab64	fix(http): ensure body resources are released on stream cancellation (#3228 ) Co-authored-by: Amr Bashir <github@amrbashir.me>	2026-01-22 05:20:29 +02:00
dependabot[bot]	25ad21beff	chore(deps): bump diff from 5.2.0 to 5.2.2 (#3226 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: FabianLars <github@fabianlars.de>	2026-01-20 20:30:35 +01:00
Madhusudhan	2dc3f3f039	fix(sql): uuid columns returning null in postgres query results (#2039 ) (#3144 ) Co-authored-by: Fabian-Lars <github@fabianlars.de>	2026-01-19 17:30:28 +01:00
Lucas Fernandes Nogueira	c27af9128d	fix(barcode-scanner): check if iOS platform supports scanning (#3222 )	2026-01-19 13:16:31 -03:00
Lucas Fernandes Nogueira	b60dd88702	fix(barcode-scanner): start capture session on a separate thread (#3223 ) fixes the given warning: Thread Performance Checker: -[AVCaptureSession startRunning] should be called from background thread. Calling it on the main thread can lead to UI unresponsiveness which might cause a UI freeze	2026-01-19 13:16:16 -03:00
renovate[bot]	a97033bcd9	chore(deps): update dependency rollup to v4.55.1 (#3201 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-19 16:44:07 +01:00
miaoshengkun	4375c98bed	feat(updater): add no_proxy config to disable system proxy (#3073 ) Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Fabian-Lars <github@fabianlars.de>	2026-01-19 16:17:37 +01:00
Fabian-Lars	82fbb0c790	fix(barcode-scanner): early return scanner if missing permissions (#3221 )	2026-01-19 10:21:33 -03:00
Tony	de6bf68585	docs(store): fix outdated fn link (#3220 )	2026-01-19 12:21:55 +01:00
renovate[bot]	734c627084	chore(deps): update dependency prettier to v3.8.0 (#3217 )	2026-01-18 10:54:16 +08:00
Tony	05c5da072b	chore(deps): update reqwest to 0.13 for updater (#3213 )	2026-01-16 18:37:20 +08:00
renovate[bot]	0d126ff0ad	chore(deps): update dependency typescript-eslint to v8.53.0 (v2) (#3189 ) * chore(deps): update dependency typescript-eslint to v8.53.0 * Update api-iife.js	2026-01-16 18:36:41 +08:00
FabianLars	f122ee98c6	Revert "temp: delete updater changefiles" This reverts commit `82c404635b`.	2026-01-14 20:48:59 +01:00
github-actions[bot]	2308f2299d	publish new versions (#3203 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-01-14 20:48:22 +01:00
FabianLars	82c404635b	temp: delete updater changefiles	2026-01-14 20:30:54 +01:00
Fabian-Lars	b1dbee2c55	fix(http): manually set origin header to tauri://localhost (#3210 )	2026-01-14 20:26:17 +01:00
Andrew de Waal	d7a0bb325d	feat(dialog) - Support fileAccessMode for open dialog (#3030 ) (#3136 ) * feat(dialog) - Support fileAccessMode for open dialog (#3030) On iOS, when trying to access a file that exists outside of the app sandbox, one of 2 things need to happen to be able to perform any operations on said file: * A copy of the file needs to be made to the internal app sandbox * The method startAccessingSecurityScopedResource needs to be called. Previously, a copy of the file was always being made when a file was selected through the picker dialog. While this did ensure there were no file access exceptions when reading from the file, it does not scale well for large files. To resolve this, we now support `fileAccessMode`, which allows a file handle to be returned without copying the file to the app sandbox. This MR only supports this change for iOS; MacOS has a different set of needs for security scoped resources. See discussion in #3716 for more discussion of the difference between iOS and MacOS. See MR #3185 to see how these scoped files will be accessible using security scoping. * fmt, clippy * use enum --------- Co-authored-by: Lucas Nogueira <lucas@tauri.app>	2026-01-14 08:35:06 -03:00
FabianLars	f3d75f7abb	Revert "temp: remove updater changefiles" This reverts commit `9a2c98f450`.	2026-01-08 15:54:33 +01:00