Skip to content

deps: bump the production-dependencies group across 1 directory with 3 updates#259

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/main/production-dependencies-f9b13fa3ae
Open

deps: bump the production-dependencies group across 1 directory with 3 updates#259
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/main/production-dependencies-f9b13fa3ae

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 20, 2026

Bumps the production-dependencies group with 3 updates in the / directory: flate2, rayon and tree-sitter.

Updates flate2 from 1.1.5 to 1.1.9

Release notes

Sourced from flate2's releases.

1.1.8

What's Changed

New Contributors

Full Changelog: rust-lang/flate2-rs@1.1.7...1.1.8

1.1.7 - depend on zlib-rs directly and remove libz-rs-sys

What's Changed

New Contributors

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

1.1.6 - YANKED

It caused rust-lang/flate2-rs#515.

What's Changed

New Contributors

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

Commits
  • 19ddb18 Merge pull request #529 from folkertdev/update-zlib-rs-0.6.0
  • c956e12 upgrade zlib-rs to version 0.6.0
  • 21d5eeb Merge pull request #528 from wgyt/wgyt/patch
  • 54f8484 update LICENSE-MIT
  • f4924fe Merge pull request #527 from jongiddy/crc-tests
  • 8b9b7a6 Add tests to check data CRC
  • fd17c74 Merge pull request #526 from folkertdev/zlib-rs-crc32
  • aef26ac check that zlib-rs no longer compiles crc32fast
  • 5ec7647 make crc32fast an optional dependency
  • c584e97 use zlib-rs for crc32 (when available)
  • Additional commits viewable in compare view

Updates rayon from 1.11.0 to 1.12.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.12.0 (2026-04-13)

  • Fixed a bug in parallel Range<char> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid char values.
  • The new method ParallelSlice::par_array_windows works like par_windows but with a constant length, producing &[T; N] items.
Commits
  • 7449d7d Merge #1093
  • b3d9e3f Release rayon 1.8.0 and rayon-core 1.12.0
  • 3fe51e5 Fix clippy::let_and_return
  • 082f215 Merge #1087
  • ea0c06d core: registry: Factor out "wait till out of work" part of the main loop.
  • 75524e2 Merge #1063
  • 01d2800 Ignore the multi-threaded test on emscripten/wasm
  • 40b59c0 core: Make use_current_thread error rather than panic when already in the pool.
  • f4db4d7 core: tests: Add some basic tests for ThreadPoolBuilder::use_current_thread.
  • 87274ad core: registry: Add some more documentation for ThreadPoolBuilder::use_curren...
  • Additional commits viewable in compare view

Updates tree-sitter from 0.26.3 to 0.26.8

Release notes

Sourced from tree-sitter's releases.

v0.26.8

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.7...v0.26.8

v0.26.7

Notable Changes

  • A regression in v0.26.6 with quantified alternations was fixed.
  • Release artifacts for the tree-sitter CLI are now published as zip archives (in addition to gzipped executables, which are planned for removal in a future minor release).

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.6...v0.26.7

v0.26.6

What's Changed

... (truncated)

Commits
  • cd5b087 release v0.26.8
  • c0d1444 generate: avoid panicking when a supertype only has hidden external token chi...
  • 0b04fd0 Fix wasm loading of languages w/ multiple reserved word sets (#5475)
  • 05cf9a1 perf(cli): minor allocation and write call reductions
  • bab4851 perf(cli): buffer stdout in parse and query output
  • e28cb5a fix(cli): correct typo in parse command's help text
  • 3839f6f fix(lib): document invariants that must be upheld for TSInputEdit
  • 001a926 fix(generate): allow disabling qjs-rt feature from CLI
  • 6f2e8a6 release v0.26.7
  • 0ae6158 ci(release): publish zip archives
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the production-dependencies group across 1 directory with …
ab3dcc6 
…3 updates

Bumps the production-dependencies group with 3 updates in the / directory: [flate2](https://github.com/rust-lang/flate2-rs), [rayon](https://github.com/rayon-rs/rayon) and [tree-sitter](https://github.com/tree-sitter/tree-sitter).


Updates `flate2` from 1.1.5 to 1.1.9
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](rust-lang/flate2-rs@1.1.5...1.1.9)

Updates `rayon` from 1.11.0 to 1.12.0
- [Changelog](https://github.com/rayon-rs/rayon/blob/main/RELEASES.md)
- [Commits](rayon-rs/rayon@rayon-core-v1.11.0...rayon-core-v1.12.0)

Updates `tree-sitter` from 0.26.3 to 0.26.8
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](tree-sitter/tree-sitter@v0.26.3...v0.26.8)

---
updated-dependencies:
- dependency-name: flate2
  dependency-version: 1.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: rayon
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: tree-sitter
  dependency-version: 0.26.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 20, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 20, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

extractor/Cargo.toml

PackageVersionLicenseIssue Type
rayon>= 1.12.0, < 2.0.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
cargo/flate2 1.1.9 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1018 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/rayon 1.12.0 🟢 4.6
Details
CheckScoreReason
Code-Review🟢 3Found 3/8 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1024 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/tree-sitter 0.26.8 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/rayon >= 1.12.0, < 2.0.0 UnknownUnknown

Scanned Files

  • Cargo.lock
  • extractor/Cargo.toml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file extractor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants