deps: bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates in the / directory:

Package	From	To
flate2	1.1.5	1.1.9
clap	4.5.53	4.6.1
tracing	0.1.43	0.1.44
tracing-subscriber	0.3.22	0.3.23
rayon	1.11.0	1.12.0
regex	1.12.2	1.12.3
tree-sitter	0.26.3	0.26.9

Updates flate2 from 1.1.5 to 1.1.9

Release notes

Sourced from flate2's releases.

1.1.8

What's Changed

• Document feature flags using document-features crate by @​Copilot in rust-lang/flate2-rs#519
• Complete the zlib-rs support without the need for C-bindings by @​Byron in rust-lang/flate2-rs#524
• test zlib API for all compatible backends by @​Byron in rust-lang/flate2-rs#525

New Contributors

• @​Copilot made their first contribution in rust-lang/flate2-rs#519

Full Changelog: rust-lang/flate2-rs@1.1.7...1.1.8

1.1.7 - depend on zlib-rs directly and remove libz-rs-sys

What's Changed

• chore: make some documents clearer by @​reddaisyy in rust-lang/flate2-rs#510
• Explain rationale for choosing bufread,read,write modules by @​jongiddy in rust-lang/flate2-rs#512
• use Decompress::reset() instead of recreating in DeflateDecoder by @​amirshukayev in rust-lang/flate2-rs#514
• use zlib_rs api by @​folkertdev in rust-lang/flate2-rs#513

New Contributors

• @​reddaisyy made their first contribution in rust-lang/flate2-rs#510
• @​amirshukayev made their first contribution in rust-lang/flate2-rs#514

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

1.1.6 - YANKED

It caused rust-lang/flate2-rs#515.

What's Changed

• chore: make some documents clearer by @​reddaisyy in rust-lang/flate2-rs#510
• Explain rationale for choosing bufread,read,write modules by @​jongiddy in rust-lang/flate2-rs#512
• use Decompress::reset() instead of recreating in DeflateDecoder by @​amirshukayev in rust-lang/flate2-rs#514
• use zlib_rs api by @​folkertdev in rust-lang/flate2-rs#513

New Contributors

• @​reddaisyy made their first contribution in rust-lang/flate2-rs#510
• @​amirshukayev made their first contribution in rust-lang/flate2-rs#514

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

Commits

• 19ddb18 Merge pull request #529 from folkertdev/update-zlib-rs-0.6.0
• c956e12 upgrade zlib-rs to version 0.6.0
• 21d5eeb Merge pull request #528 from wgyt/wgyt/patch
• 54f8484 update LICENSE-MIT
• f4924fe Merge pull request #527 from jongiddy/crc-tests
• 8b9b7a6 Add tests to check data CRC
• fd17c74 Merge pull request #526 from folkertdev/zlib-rs-crc32
• aef26ac check that zlib-rs no longer compiles crc32fast
• 5ec7647 make crc32fast an optional dependency
• c584e97 use zlib-rs for crc32 (when available)
• Additional commits viewable in compare view

Updates clap from 4.5.53 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

... (truncated)

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

... (truncated)

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates tracing from 0.1.43 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

• Fix record_all panic (#3432)

Changed

• tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

Commits

• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• See full diff in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates rayon from 1.11.0 to 1.12.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.12.0 (2026-04-13)

• Fixed a bug in parallel Range<char> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid char values.
• The new method ParallelSlice::par_array_windows works like par_windows but with a constant length, producing &[T; N] items.

Commits

• 7449d7d Merge #1093
• b3d9e3f Release rayon 1.8.0 and rayon-core 1.12.0
• 3fe51e5 Fix clippy::let_and_return
• 082f215 Merge #1087
• ea0c06d core: registry: Factor out "wait till out of work" part of the main loop.
• 75524e2 Merge #1063
• 01d2800 Ignore the multi-threaded test on emscripten/wasm
• 40b59c0 core: Make use_current_thread error rather than panic when already in the pool.
• f4db4d7 core: tests: Add some basic tests for ThreadPoolBuilder::use_current_thread.
• 87274ad core: registry: Add some more documentation for ThreadPoolBuilder::use_curren...
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates tree-sitter from 0.26.3 to 0.26.9

Release notes

Sourced from tree-sitter's releases.

v0.26.9

What's Changed

• ci(actions): bump actions/cache to v5 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5482
• build(deps): bump wasmtime-c-api to v36.0.7 by @​WillLillis in tree-sitter/tree-sitter#5514
• fix(loader): allow filenames with dots by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5538
• fix(rust): fix new clippy lints by @​WillLillis in tree-sitter/tree-sitter#5539
• test: bump c test fixture to v0.24.2 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5542
• fix(generate): pass default optimization level in generate_parser_for_grammar by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5543
• feat(dist): enable install via cargo binstall (#5533) by @​clason in tree-sitter/tree-sitter#5544
• Prevent a buffer over-read when parsing 4-byte UTF-16 characters. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5549
• fix(query): overflow in capture pool ids + some perf by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5555
• docs: note zero point unbounded behavior in query functions by @​WillLillis in tree-sitter/tree-sitter#5563
• build(deps): bump wasmtime-c-api to v36.0.8 by @​clason in tree-sitter/tree-sitter#5574
• fix(cli): account for process versions > 5 in the parse command's pretty debug output. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5577
• fix(generate): improve error message for nonterminals used in immediate token rule by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5583
• fix(generate): rewrite parse_grammar with forward DFS by @​WillLillis in tree-sitter/tree-sitter#5584
• fix(wasm): load supertype tables for ABI 15 grammars by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5606
• build(deps): bump wasmtime-c-api to v36.0.9 by @​clason in tree-sitter/tree-sitter#5611
• Validate Wasm language memory reads by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5613
• release v0.26.9 by @​clason in tree-sitter/tree-sitter#5612

Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

v0.26.8

What's Changed

• fix(generate): allow disabling qjs-rt feature from CLI by @​WillLillis in tree-sitter/tree-sitter#5448
• fix(lib): document invariants that must be upheld for TSInputEdit by @​WillLillis in tree-sitter/tree-sitter#5452
• fix(cli): correct typo in parse command's help text by @​WillLillis in tree-sitter/tree-sitter#5465
• perf(cli): misc. improvements by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5476
• Fix wasm loading of languages w/ multiple reserved word sets by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5477
• generate: avoid panicking when a supertype only has hidden external token children by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5478
• release v0.26.8 by @​clason in tree-sitter/tree-sitter#5479

Full Changelog: tree-sitter/tree-sitter@v0.26.7...v0.26.8

v0.26.7

Notable Changes

• A regression in v0.26.6 with quantified alternations was fixed.
• Release artifacts for the tree-sitter CLI are now published as zip archives (in addition to gzipped executables, which are planned for removal in a future minor release).

What's Changed

• fix: skip missing Makefile in version command by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5386
• fix(wasm): pass target triple to clang (#5385) by @​clason in tree-sitter/tree-sitter#5390
• chore(parser): return NULL, not false, for incomplete parse by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5398
• fix(loader): link with libc on OpenBSD to compile parser by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5399
• refactor(query): remove alternative_is_immediate by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5412
• fix(query): don't add copies for quantifier steps outside alternations by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5414

... (truncated)

Commits

• 7f53486 release v0.26.9
• 77b96de fix(wasm): validate memory reads (#5569) (#5613)
• a082228 build(deps): bump wasmtime-c-api to v36.0.9
• 7aea015 fix(wasm): load supertype tables for ABI 15 grammars (#5605) (#5606)
• 2cad8b8 fix(generate): consider reserved words when removing unused rules
• ddbe469 fix(generate): rewrite parse_grammar with forward DFS
• 17f9796 fix(generate): improve error message for nonterminals used in immediate token...
• 17e4bf9 fix(cli): account for process versions > 5 in the parse command's pretty
• ec120d0 build(deps): bump wasmtime-c-api to v36.0.8
• 7c3d842 docs: note zero point unbounded behavior in query functions
• Additional commits viewable in compare view

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0c75f2e.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

extractor/Cargo.toml

Package	Version	License	Issue Type
clap	>= 4.6.0, < 5.0.0	Null	Unknown License
rayon	>= 1.12.0, < 2.0.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
cargo/anstream	1.0.0	🟢 6.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/anstyle	1.0.14	🟢 6.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/anstyle-parse	1.0.0	🟢 6.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/clap	4.6.1	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap_builder	4.6.0	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap_derive	4.6.1	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap_lex	1.1.0	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/flate2	1.1.9	🟢 6.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 6 7 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/proc-macro2	1.0.106	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/quote	1.0.45	🟢 4.5	Details Check Score Reason Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review ⚠️ 1 Found 4/23 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/rayon	1.12.0	🟢 4.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 1/8 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/regex	1.12.3	🟢 5.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/syn	2.0.117	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 2/25 approved changesets -- score normalized to 0 Maintained 🟢 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tracing	0.1.44	🟢 6.1	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tracing-core	0.1.36	🟢 6.1	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tracing-subscriber	0.3.23	🟢 6.1	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tree-sitter	0.26.9	🟢 5.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap	>= 4.6.0, < 5.0.0	Unknown	Unknown
cargo/rayon	>= 1.12.0, < 2.0.0	Unknown	Unknown

Scanned Files

• Cargo.lock
• extractor/Cargo.toml