chore(deps): bump sha2 from 0.10.9 to 0.11.0 in /src-tauri in the dependencies-major group

[dependabot]

Bumps the dependencies-major group in /src-tauri with 1 update: sha2.

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[quiet-node]

Holding this one. sha2 0.11.0 is a breaking part of the RustCrypto digest 0.11 API change and won't compile against our code:

• Sha256: std::io::Write is no longer satisfied → breaks io::copy(&mut file, &mut hasher) in the model-download verify path (src-tauri/src/models/storage.rs).
• the finalize() output is now hybrid_array::Array, which doesn't impl LowerHex → breaks format!("{:x}", …) at storage.rs:343, storage.rs:168, and download.rs:457.

Migrating would mean adding a hex-encode dependency and reworking the hashing around digest 0.11's gated Write impl, inside the security-sensitive download integrity-check path: real risk for zero functional gain (0.10.9 carries no advisory and nothing in the tree requires 0.11). Closing rather than carrying a permanently-red PR; Dependabot will re-propose if a genuine sha2 advisory ever lands.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml