diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json
index 783de89e2..d80ff823c 100644
--- a/crates/tauri-cli/config.schema.json
+++ b/crates/tauri-cli/config.schema.json
@@ -1576,7 +1576,7 @@
       ]
     },
     "HeaderConfig": {
-      "description": "A struct, where the keys are some specific http header names.\n If the values to those keys are defined, then they will be send as part of a response message.\n This does not include error messages and ipc messages\n\n ## Example configuration\n ```javascript\n {\n  //..\n   app:{\n     //..\n     security: {\n       headers: {\n         \"Cross-Origin-Opener-Policy\": \"same-origin\",\n         \"Cross-Origin-Embedder-Policy\": \"require-corp\",\n         \"Timing-Allow-Origin\": [\n           \"https://developer.mozilla.org\",\n           \"https://example.com\",\n         ],\n         \"Access-Control-Expose-Headers\": \"Tauri-Custom-Header\",\n         \"Tauri-Custom-Header\": {\n           \"key1\": \"'value1' 'value2'\",\n           \"key2\": \"'value3'\"\n         }\n       },\n       csp: \"default-src 'self'; connect-src ipc: http://ipc.localhost\",\n     }\n     //..\n   }\n  //..\n }\n ```\n In this example `Cross-Origin-Opener-Policy` and `Cross-Origin-Embedder-Policy` are set to allow for the use of [`SharedArrayBuffer`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer).\n The result is, that those headers are then set on every response sent via the `get_response` function in crates/tauri/src/protocol/tauri.rs.\n The Content-Security-Policy header is defined separately, because it is also handled separately.\n\n For the helloworld example, this config translates into those response headers:\n ```http\n access-control-allow-origin:  http://tauri.localhost\n access-control-expose-headers: Tauri-Custom-Header\n content-security-policy: default-src 'self'; connect-src ipc: http://ipc.localhost; script-src 'self' 'sha256-Wjjrs6qinmnr+tOry8x8PPwI77eGpUFR3EEGZktjJNs='\n content-type: text/html\n cross-origin-embedder-policy: require-corp\n cross-origin-opener-policy: same-origin\n tauri-custom-header: key1 'value1' 'value2'; key2 'value3'\n timing-allow-origin: https://developer.mozilla.org, https://example.com\n ```\n Since the resulting header values are always 'string-like'. So depending on the what data type the HeaderSource is, they need to be converted.\n  - `String`(JS/Rust): stay the same for the resulting header value\n  - `Array`(JS)/`Vec\\<String\\>`(Rust): Item are joined by \", \" for the resulting header value\n  - `Object`(JS)/ `Hashmap\\<String,String\\>`(Rust): Items are composed from: key + space + value. Item are then joined by \"; \" for the resulting header value",
+      "description": "A struct, where the keys are some specific http header names.\n\n If the values to those keys are defined, then they will be send as part of a response message.\n This does not include error messages and ipc messages\n\n ## Example configuration\n ```javascript\n {\n  //..\n   app:{\n     //..\n     security: {\n       headers: {\n         \"Cross-Origin-Opener-Policy\": \"same-origin\",\n         \"Cross-Origin-Embedder-Policy\": \"require-corp\",\n         \"Timing-Allow-Origin\": [\n           \"https://developer.mozilla.org\",\n           \"https://example.com\",\n         ],\n         \"Access-Control-Expose-Headers\": \"Tauri-Custom-Header\",\n         \"Tauri-Custom-Header\": {\n           \"key1\": \"'value1' 'value2'\",\n           \"key2\": \"'value3'\"\n         }\n       },\n       csp: \"default-src 'self'; connect-src ipc: http://ipc.localhost\",\n     }\n     //..\n   }\n  //..\n }\n ```\n In this example `Cross-Origin-Opener-Policy` and `Cross-Origin-Embedder-Policy` are set to allow for the use of [`SharedArrayBuffer`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer).\n The result is, that those headers are then set on every response sent via the `get_response` function in crates/tauri/src/protocol/tauri.rs.\n The Content-Security-Policy header is defined separately, because it is also handled separately.\n\n For the helloworld example, this config translates into those response headers:\n ```http\n access-control-allow-origin:  http://tauri.localhost\n access-control-expose-headers: Tauri-Custom-Header\n content-security-policy: default-src 'self'; connect-src ipc: http://ipc.localhost; script-src 'self' 'sha256-Wjjrs6qinmnr+tOry8x8PPwI77eGpUFR3EEGZktjJNs='\n content-type: text/html\n cross-origin-embedder-policy: require-corp\n cross-origin-opener-policy: same-origin\n tauri-custom-header: key1 'value1' 'value2'; key2 'value3'\n timing-allow-origin: https://developer.mozilla.org, https://example.com\n ```\n Since the resulting header values are always 'string-like'. So depending on the what data type the HeaderSource is, they need to be converted.\n  - `String`(JS/Rust): stay the same for the resulting header value\n  - `Array`(JS)/`Vec\\<String\\>`(Rust): Item are joined by \", \" for the resulting header value\n  - `Object`(JS)/ `Hashmap\\<String,String\\>`(Rust): Items are composed from: key + space + value. Item are then joined by \"; \" for the resulting header value",
       "type": "object",
       "properties": {
         "Access-Control-Allow-Credentials": {
diff --git a/crates/tauri-codegen/src/vendor/blake3_reference.rs b/crates/tauri-codegen/src/vendor/blake3_reference.rs
index c783a81e5..0cc14fb82 100644
--- a/crates/tauri-codegen/src/vendor/blake3_reference.rs
+++ b/crates/tauri-codegen/src/vendor/blake3_reference.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: MIT
 
 //! This is a lightly modified version of the BLAKE3 reference implementation.
+//!
 //! The changes applied are to remove unused item warnings due to using it
 //! vendored along with some minor clippy suggestions. No logic changes. I
 //! suggest diffing against the original to find all the changes.
diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json
index 783de89e2..d80ff823c 100644
--- a/crates/tauri-schema-generator/schemas/config.schema.json
+++ b/crates/tauri-schema-generator/schemas/config.schema.json
@@ -1576,7 +1576,7 @@
       ]
     },
     "HeaderConfig": {
-      "description": "A struct, where the keys are some specific http header names.\n If the values to those keys are defined, then they will be send as part of a response message.\n This does not include error messages and ipc messages\n\n ## Example configuration\n ```javascript\n {\n  //..\n   app:{\n     //..\n     security: {\n       headers: {\n         \"Cross-Origin-Opener-Policy\": \"same-origin\",\n         \"Cross-Origin-Embedder-Policy\": \"require-corp\",\n         \"Timing-Allow-Origin\": [\n           \"https://developer.mozilla.org\",\n           \"https://example.com\",\n         ],\n         \"Access-Control-Expose-Headers\": \"Tauri-Custom-Header\",\n         \"Tauri-Custom-Header\": {\n           \"key1\": \"'value1' 'value2'\",\n           \"key2\": \"'value3'\"\n         }\n       },\n       csp: \"default-src 'self'; connect-src ipc: http://ipc.localhost\",\n     }\n     //..\n   }\n  //..\n }\n ```\n In this example `Cross-Origin-Opener-Policy` and `Cross-Origin-Embedder-Policy` are set to allow for the use of [`SharedArrayBuffer`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer).\n The result is, that those headers are then set on every response sent via the `get_response` function in crates/tauri/src/protocol/tauri.rs.\n The Content-Security-Policy header is defined separately, because it is also handled separately.\n\n For the helloworld example, this config translates into those response headers:\n ```http\n access-control-allow-origin:  http://tauri.localhost\n access-control-expose-headers: Tauri-Custom-Header\n content-security-policy: default-src 'self'; connect-src ipc: http://ipc.localhost; script-src 'self' 'sha256-Wjjrs6qinmnr+tOry8x8PPwI77eGpUFR3EEGZktjJNs='\n content-type: text/html\n cross-origin-embedder-policy: require-corp\n cross-origin-opener-policy: same-origin\n tauri-custom-header: key1 'value1' 'value2'; key2 'value3'\n timing-allow-origin: https://developer.mozilla.org, https://example.com\n ```\n Since the resulting header values are always 'string-like'. So depending on the what data type the HeaderSource is, they need to be converted.\n  - `String`(JS/Rust): stay the same for the resulting header value\n  - `Array`(JS)/`Vec\\<String\\>`(Rust): Item are joined by \", \" for the resulting header value\n  - `Object`(JS)/ `Hashmap\\<String,String\\>`(Rust): Items are composed from: key + space + value. Item are then joined by \"; \" for the resulting header value",
+      "description": "A struct, where the keys are some specific http header names.\n\n If the values to those keys are defined, then they will be send as part of a response message.\n This does not include error messages and ipc messages\n\n ## Example configuration\n ```javascript\n {\n  //..\n   app:{\n     //..\n     security: {\n       headers: {\n         \"Cross-Origin-Opener-Policy\": \"same-origin\",\n         \"Cross-Origin-Embedder-Policy\": \"require-corp\",\n         \"Timing-Allow-Origin\": [\n           \"https://developer.mozilla.org\",\n           \"https://example.com\",\n         ],\n         \"Access-Control-Expose-Headers\": \"Tauri-Custom-Header\",\n         \"Tauri-Custom-Header\": {\n           \"key1\": \"'value1' 'value2'\",\n           \"key2\": \"'value3'\"\n         }\n       },\n       csp: \"default-src 'self'; connect-src ipc: http://ipc.localhost\",\n     }\n     //..\n   }\n  //..\n }\n ```\n In this example `Cross-Origin-Opener-Policy` and `Cross-Origin-Embedder-Policy` are set to allow for the use of [`SharedArrayBuffer`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer).\n The result is, that those headers are then set on every response sent via the `get_response` function in crates/tauri/src/protocol/tauri.rs.\n The Content-Security-Policy header is defined separately, because it is also handled separately.\n\n For the helloworld example, this config translates into those response headers:\n ```http\n access-control-allow-origin:  http://tauri.localhost\n access-control-expose-headers: Tauri-Custom-Header\n content-security-policy: default-src 'self'; connect-src ipc: http://ipc.localhost; script-src 'self' 'sha256-Wjjrs6qinmnr+tOry8x8PPwI77eGpUFR3EEGZktjJNs='\n content-type: text/html\n cross-origin-embedder-policy: require-corp\n cross-origin-opener-policy: same-origin\n tauri-custom-header: key1 'value1' 'value2'; key2 'value3'\n timing-allow-origin: https://developer.mozilla.org, https://example.com\n ```\n Since the resulting header values are always 'string-like'. So depending on the what data type the HeaderSource is, they need to be converted.\n  - `String`(JS/Rust): stay the same for the resulting header value\n  - `Array`(JS)/`Vec\\<String\\>`(Rust): Item are joined by \", \" for the resulting header value\n  - `Object`(JS)/ `Hashmap\\<String,String\\>`(Rust): Items are composed from: key + space + value. Item are then joined by \"; \" for the resulting header value",
       "type": "object",
       "properties": {
         "Access-Control-Allow-Credentials": {
diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs
index 0ecf015b7..ac18901f7 100644
--- a/crates/tauri-utils/src/config.rs
+++ b/crates/tauri-utils/src/config.rs
@@ -2200,6 +2200,7 @@ impl HeaderAddition for Builder {
 }
 
 /// A struct, where the keys are some specific http header names.
+///
 /// If the values to those keys are defined, then they will be send as part of a response message.
 /// This does not include error messages and ipc messages
 ///
diff --git a/crates/tauri/src/image/mod.rs b/crates/tauri/src/image/mod.rs
index ad39be4a5..643125f18 100644
--- a/crates/tauri/src/image/mod.rs
+++ b/crates/tauri/src/image/mod.rs
@@ -132,6 +132,7 @@ impl TryFrom<Image<'_>> for tray_icon::Icon {
 }
 
 /// An image type that accepts file paths, raw bytes, previously loaded images and image objects.
+///
 /// This type is meant to be used along the [transformImage](https://v2.tauri.app/reference/javascript/api/namespaceimage/#transformimage) API.
 ///
 /// # Stability
diff --git a/crates/tauri/src/ipc/protocol.rs b/crates/tauri/src/ipc/protocol.rs
index ecea21dd9..7e01f28fb 100644
--- a/crates/tauri/src/ipc/protocol.rs
+++ b/crates/tauri/src/ipc/protocol.rs
@@ -589,7 +589,7 @@ mod tests {
     let invoke_key = "1234ahdsjkl123";
     let callback = 12378123;
     let error = 6243;
-    let headers = HeaderMap::from_iter(vec![
+    let mut headers = HeaderMap::from_iter(vec![
       (
         CONTENT_TYPE,
         HeaderValue::from_str(mime::APPLICATION_OCTET_STREAM.as_ref()).unwrap(),
@@ -629,7 +629,6 @@ mod tests {
       "anotherKey": "asda",
     });
 
-    let mut headers = headers;
     headers.insert(
       CONTENT_TYPE,
       HeaderValue::from_str(mime::APPLICATION_JSON.as_ref()).unwrap(),
diff --git a/crates/tauri/src/manager/mod.rs b/crates/tauri/src/manager/mod.rs
index 8b8c93ac0..582fe3f20 100644
--- a/crates/tauri/src/manager/mod.rs
+++ b/crates/tauri/src/manager/mod.rs
@@ -48,7 +48,6 @@ struct CspHashStrings {
 
 /// Sets the CSP value to the asset HTML if needed (on Linux).
 /// Returns the CSP string for access on the response header (on Windows and macOS).
-#[allow(clippy::borrowed_box)]
 pub(crate) fn set_csp<R: Runtime>(
   asset: &mut String,
   assets: &impl std::borrow::Borrow<dyn Assets<R>>,
diff --git a/crates/tauri/src/process.rs b/crates/tauri/src/process.rs
index 4206df174..d041500fc 100644
--- a/crates/tauri/src/process.rs
+++ b/crates/tauri/src/process.rs
@@ -96,14 +96,14 @@ fn restart_macos_app(current_binary: &std::path::Path, env: &Env) {
   use std::process::{exit, Command};
 
   if let Some(macos_directory) = current_binary.parent() {
-    if macos_directory.components().last()
+    if macos_directory.components().next_back()
       != Some(std::path::Component::Normal(std::ffi::OsStr::new("MacOS")))
     {
       return;
     }
 
     if let Some(contents_directory) = macos_directory.parent() {
-      if contents_directory.components().last()
+      if contents_directory.components().next_back()
         != Some(std::path::Component::Normal(std::ffi::OsStr::new(
           "Contents",
         )))
diff --git a/crates/tauri/src/resources/mod.rs b/crates/tauri/src/resources/mod.rs
index 72498503c..d4dce68ce 100644
--- a/crates/tauri/src/resources/mod.rs
+++ b/crates/tauri/src/resources/mod.rs
@@ -15,6 +15,7 @@ use std::{
 };
 
 /// Resources are Rust objects that are stored in [ResourceTable] and managed by tauri.
+///
 /// They are identified in JS by a numeric ID (the resource ID, or rid).
 /// Resources can be created in commands. Resources can also be retrieved in commands by
 /// their rid. Resources are thread-safe.
diff --git a/examples/api/src-tauri/src/lib.rs b/examples/api/src-tauri/src/lib.rs
index e7e9891d9..b057ea34c 100644
--- a/examples/api/src-tauri/src/lib.rs
+++ b/examples/api/src-tauri/src/lib.rs
@@ -91,6 +91,8 @@ pub fn run_app<R: Runtime, F: FnOnce(&App<R>) + Send + 'static>(
         }),
       });
       log::info!("got response: {:?}", response);
+      // when #[cfg(desktop)], Rust will detect pattern as irrefutable
+      #[allow(irrefutable_let_patterns)]
       if let Ok(res) = response {
         assert_eq!(res.value, value);
       }