Skip to content

build(deps): bump the extractor group across 1 directory with 7 updates #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the extractor group across 1 directory with 7 updates #31

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 29, 2025
edited
Loading

Bumps the extractor group with 7 updates in the / directory:

Package From To
anyhow 1.0.99 1.0.100
thiserror 2.0.16 2.0.17
ghactions 0.16.5 0.18.1
ghactions-core 0.16.5 0.18.1
ghastoolkit 0.11.5 0.12.0
octocrab 0.44.1 0.45.0
serde_json 1.0.143 1.0.145

Updates anyhow from 1.0.99 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

  • Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)
Commits
  • 18c2598 Release 1.0.100
  • f271988 Merge pull request #426 from dtolnay/clippyfmt
  • 52f2115 Mark macros with clippy::format_args
  • da5fd9d Raise minimum tested compiler to rust 1.76
  • 211e409 Opt in to generate-macro-expansion when building on docs.rs
  • b48fc02 Enforce trybuild >= 1.0.108
  • d5f59fb Update ui test suite to nightly-2025-09-07
  • 238415d Update ui test suite to nightly-2025-08-24
  • 3bab070 Update actions/checkout@v4 -> v5
  • 4249254 Order cap-lints flag in the same order as thiserror build script
  • See full diff in compare view

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

  • Use differently named __private module per patch release (#434)
Commits
  • 72ae716 Release 2.0.17
  • 599fdce Merge pull request #434 from dtolnay/private
  • 9ec05f6 Use differently named __private module per patch release
  • d2c492b Raise minimum tested compiler to rust 1.76
  • fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
  • 819fe29 Update ui test suite to nightly-2025-09-12
  • 259f48c Enforce trybuild >= 1.0.108
  • 470e6a6 Update ui test suite to nightly-2025-08-24
  • 544e191 Update actions/checkout@v4 -> v5
  • cbc1eba Delete duplicate cap-lints flag from build script
  • See full diff in compare view

Updates ghactions from 0.16.5 to 0.18.1

Release notes

Sourced from ghactions's releases.

v0.18.1

What's Changed

Full Changelog: 42ByteLabs/ghactions@0.18.0...0.18.1

v0.18.0

What's Changed

Full Changelog: 42ByteLabs/ghactions@0.17.0...0.18.0

v0.17.0

What's Changed

New Contributors

Full Changelog: 42ByteLabs/ghactions@0.16.5...0.17.0

Changelog

Sourced from ghactions's changelog.

name: "ghactions" repository: "42ByteLabs/ghactions" version: 0.18.1

ecosystems:

  • Docs
  • Rust

locations:

  • name: "Cargo - Workmembers" paths:
    • "Cargo.toml"
    • "**/Cargo.toml" patterns:
    • 'ghactions = {.version\s=\s*"^{version}".*}'
    • 'ghactions-core = {.version\s=\s*"^{version}".*}'
    • 'ghactions-derive = {.version\s=\s*"^{version}".*}'
Commits
  • 52d1e31 Merge pull request #230 from 42ByteLabs/v0_18_1
  • 228e050 feat(version): v0.18.1
  • a7d2550 Merge pull request #229 from 42ByteLabs/dependabot/cargo/production-dependenc...
  • b4472e6 build(deps): bump the production-dependencies group with 3 updates
  • 5d89d47 Merge pull request #228 from 42ByteLabs/v0_18_0
  • 536d3fe feat(version): v0.18.0
  • ff0d662 Merge pull request #227 from 42ByteLabs/toolcache-tokio-patch
  • 9363402 fix(toolcache): Update and fix tokio process issue + clippy warning
  • be43502 Merge pull request #226 from 42ByteLabs/toolcache-crate
  • 117f618 feat(toolcache): Update to remove clippy warnings
  • Additional commits viewable in compare view

Updates ghactions-core from 0.16.5 to 0.18.1

Release notes

Sourced from ghactions-core's releases.

v0.18.1

What's Changed

Full Changelog: 42ByteLabs/ghactions@0.18.0...0.18.1

v0.18.0

What's Changed

Full Changelog: 42ByteLabs/ghactions@0.17.0...0.18.0

v0.17.0

What's Changed

New Contributors

Full Changelog: 42ByteLabs/ghactions@0.16.5...0.17.0

Changelog

Sourced from ghactions-core's changelog.

name: "ghactions" repository: "42ByteLabs/ghactions" version: 0.18.1

ecosystems:

  • Docs
  • Rust

locations:

  • name: "Cargo - Workmembers" paths:
    • "Cargo.toml"
    • "**/Cargo.toml" patterns:
    • 'ghactions = {.version\s=\s*"^{version}".*}'
    • 'ghactions-core = {.version\s=\s*"^{version}".*}'
    • 'ghactions-derive = {.version\s=\s*"^{version}".*}'
Commits
  • 52d1e31 Merge pull request #230 from 42ByteLabs/v0_18_1
  • 228e050 feat(version): v0.18.1
  • a7d2550 Merge pull request #229 from 42ByteLabs/dependabot/cargo/production-dependenc...
  • b4472e6 build(deps): bump the production-dependencies group with 3 updates
  • 5d89d47 Merge pull request #228 from 42ByteLabs/v0_18_0
  • 536d3fe feat(version): v0.18.0
  • ff0d662 Merge pull request #227 from 42ByteLabs/toolcache-tokio-patch
  • 9363402 fix(toolcache): Update and fix tokio process issue + clippy warning
  • be43502 Merge pull request #226 from 42ByteLabs/toolcache-crate
  • 117f618 feat(toolcache): Update to remove clippy warnings
  • Additional commits viewable in compare view

Updates ghastoolkit from 0.11.5 to 0.12.0

Release notes

Sourced from ghastoolkit's releases.

v0.12.0

What's Changed

Full Changelog: GeekMasher/ghastoolkit-rs@0.11.5...0.12.0

Changelog

Sourced from ghastoolkit's changelog.

name: "ghastoolkit" repository: "geekmasher/ghastoolkit" version: "0.12.0"

ecosystems:

  • Docs
  • Rust
Commits
  • f990266 Merge pull request #92 from GeekMasher/v0_12_0
  • 8939283 fix(cargo): Update CLI dep
  • ffd49a0 fix(version): v0.12.0
  • 851cb75 Merge pull request #91 from GeekMasher/dependabot/cargo/production-dependenci...
  • 72015b6 build(deps): bump the production-dependencies group with 2 updates
  • See full diff in compare view

Updates octocrab from 0.44.1 to 0.45.0

Release notes

Sourced from octocrab's releases.

v0.45.0

Added

  • add redelivery field for hook deliveries (#797)
  • added PATCH /user (#792)

Fixed

  • [breaking] change some fields to optional types in CheckSuite struct (#784)

Other

  • :repos::Commit -> models::commits::Commit (#781)
  • cargo clippy --fix (#783)
  • cargo clippy --fix (#774)
Changelog

Sourced from octocrab's changelog.

0.45.0 - 2025-09-14

Added

  • add redelivery field for hook deliveries (#797)
  • added PATCH /user (#792)

Fixed

  • [breaking] change some fields to optional types in CheckSuite struct (#784)

Other

  • :repos::Commit -> models::commits::Commit (#781)
  • cargo clippy --fix (#783)
  • cargo clippy --fix (#774)
Commits

Updates serde_json from 1.0.143 to 1.0.145

Release notes

Sourced from serde_json's releases.

v1.0.145

  • Raise serde version requirement to >=1.0.220

v1.0.144

  • Switch serde dependency to serde_core (#1285)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the extractor group across 1 directory with 7 updates
d9f5efb 
Bumps the extractor group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.99` | `1.0.100` |
| [thiserror](https://github.com/dtolnay/thiserror) | `2.0.16` | `2.0.17` |
| [ghactions](https://github.com/42ByteLabs/ghactions) | `0.16.5` | `0.18.1` |
| [ghactions-core](https://github.com/42ByteLabs/ghactions) | `0.16.5` | `0.18.1` |
| [ghastoolkit](https://github.com/GeekMasher/ghastoolkit-rs) | `0.11.5` | `0.12.0` |
| [octocrab](https://github.com/XAMPPRocky/octocrab) | `0.44.1` | `0.45.0` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.143` | `1.0.145` |



Updates `anyhow` from 1.0.99 to 1.0.100
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](dtolnay/anyhow@1.0.99...1.0.100)

Updates `thiserror` from 2.0.16 to 2.0.17
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@2.0.16...2.0.17)

Updates `ghactions` from 0.16.5 to 0.18.1
- [Release notes](https://github.com/42ByteLabs/ghactions/releases)
- [Changelog](https://github.com/42ByteLabs/ghactions/blob/main/.release.yml)
- [Commits](42ByteLabs/ghactions@0.16.5...0.18.1)

Updates `ghactions-core` from 0.16.5 to 0.18.1
- [Release notes](https://github.com/42ByteLabs/ghactions/releases)
- [Changelog](https://github.com/42ByteLabs/ghactions/blob/main/.release.yml)
- [Commits](42ByteLabs/ghactions@0.16.5...0.18.1)

Updates `ghastoolkit` from 0.11.5 to 0.12.0
- [Release notes](https://github.com/GeekMasher/ghastoolkit-rs/releases)
- [Changelog](https://github.com/GeekMasher/ghastoolkit-rs/blob/main/.release.yml)
- [Commits](GeekMasher/ghastoolkit-rs@0.11.5...0.12.0)

Updates `octocrab` from 0.44.1 to 0.45.0
- [Release notes](https://github.com/XAMPPRocky/octocrab/releases)
- [Changelog](https://github.com/XAMPPRocky/octocrab/blob/main/CHANGELOG.md)
- [Commits](XAMPPRocky/octocrab@v0.44.1...v0.45.0)

Updates `serde_json` from 1.0.143 to 1.0.145
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.143...v1.0.145)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-version: 1.0.100
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor
- dependency-name: thiserror
  dependency-version: 2.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor
- dependency-name: ghactions
  dependency-version: 0.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor
- dependency-name: ghactions-core
  dependency-version: 0.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor
- dependency-name: ghastoolkit
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor
- dependency-name: octocrab
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor
- dependency-name: serde_json
  dependency-version: 1.0.145
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Sep 29, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 29, 2025 04:51
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Sep 29, 2025
@github-actions GitHub Actions
Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA d9f5efb.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

Cargo.toml

PackageVersionLicenseIssue Type
octocrab>= 0.45.0, < 0.46.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
cargo/anyhow 1.0.100 🟢 5.5
Details
CheckScoreReason
Maintained🟢 1010 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/26 approved changesets -- score normalized to 0
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 3security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/ghactions 0.18.1 UnknownUnknown
cargo/ghactions-core 0.18.1 UnknownUnknown
cargo/ghactions-derive 0.18.1 UnknownUnknown
cargo/ghactions-toolcache 0.18.1 UnknownUnknown
cargo/ghastoolkit 0.12.0 UnknownUnknown
cargo/octocrab 0.45.0 UnknownUnknown
cargo/serde 1.0.228 🟢 5.8
Details
CheckScoreReason
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 77 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/serde_core 1.0.228 🟢 5.8
Details
CheckScoreReason
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 77 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/serde_derive 1.0.228 🟢 5.8
Details
CheckScoreReason
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 77 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/serde_json 1.0.145 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1019 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 6/22 approved changesets -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/thiserror 2.0.17 🟢 5.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 1/24 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1025 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 3security policy file detected
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/thiserror-impl 2.0.17 🟢 5.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 1/24 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1025 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 3security policy file detected
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/ghactions >= 0.18.1, < 0.19.0 UnknownUnknown
cargo/ghactions-core >= 0.18.1, < 0.19.0 UnknownUnknown
cargo/ghastoolkit >= 0.12.0, < 0.13.0 UnknownUnknown
cargo/octocrab >= 0.45.0, < 0.46.0 UnknownUnknown

Scanned Files

  • Cargo.lock
  • Cargo.toml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

@aegilops aegilops Awaiting requested review from aegilops aegilops is a code owner automatically assigned from advanced-security/oss-maintainers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants