Security: Mitigate GTK3 advisory chain from Tauri Linux runtime #12
Description
Tracking unmaintained GTK3 advisories currently pulled transitively by Tauri Linux runtime crates.
Advisories in this track:
- RUSTSEC-2024-0411
- RUSTSEC-2024-0412
- RUSTSEC-2024-0413
- RUSTSEC-2024-0415
- RUSTSEC-2024-0416
- RUSTSEC-2024-0418
- RUSTSEC-2024-0419
- RUSTSEC-2024-0420
- RUSTSEC-2024-0370 (proc-macro-error via GTK stack)
Current dependency chain evidence:
- tauri -> tauri-runtime-wry / wry -> webkit2gtk / gtk (Linux path)
Planned mitigation path:
- Continue Tauri runtime upgrade watch for GTK4/non-GTK3 transitions.
- Evaluate explicit Linux runtime policy (supported vs. feature-pruned path) with product owner.
- Remove waivers as dependencies are retired.
Parent issue: #11