search

advanced-security / codeql-extractor-iac

CodeQL Extractor, Library, and Queries for Infrastructure as Code
MIT License
41 stars 5 forks source link

Bump the extractor group with 3 updates #125

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps the extractor group with 3 updates: clap, rayon and regex.

Updates clap from 4.4.16 to 4.5.1

Release notes

Sourced from clap's releases.

v4.5.1

[4.5.1] - 2024-02-16

Fixes

  • (error) Include suggestion to add -- even if there is a "did you mean" so long as last or trailing_var_arg is used

v4.5.0

No release notes provided.

v4.4.18

[4.4.18] - 2024-01-16

Fixes

  • (error) When lacking usage feature, ensure the list of required arguments is unique

v4.4.17

[4.4.17] - 2024-01-15

Fixes

  • Fix panic! when mixing args_conflicts_with_subcommands with ArgGroup (which is implicit with derive) introduced in 4.4.15
Changelog

Sourced from clap's changelog.

[4.5.1] - 2024-02-16

Fixes

  • (error) Include suggestion to add -- even if there is a "did you mean" so long as last or trailing_var_arg is used

[4.5.0] - 2024-02-08

Compatibility

  • Update MSRV to 1.74

[4.4.18] - 2024-01-16

Fixes

  • (error) When lacking usage feature, ensure the list of required arguments is unique

[4.4.17] - 2024-01-15

Fixes

  • Fix panic! when mixing args_conflicts_with_subcommands with ArgGroup (which is implicit with derive) introduced in 4.4.15
Commits
  • 0c01b55 chore: Release
  • 08e0b5b docs: Update changelog
  • f2c4e6e Merge pull request #5359 from poliorcetics/ab/push-szymvyzpmnqx
  • e782775 fix(complete): Handle newlines in command/arg descriptions
  • fba7c85 test(complete): Show newline issue
  • 8a7a13a chore: Release
  • 7b3a3e1 docs: Update changelog
  • 7b624ca Merge pull request #5356 from epage/escape
  • 446328a fix(error): Include -- in more cases
  • 7de6df8 test(error): Show existing last behavior
  • Additional commits viewable in compare view


Updates rayon from 1.8.0 to 1.9.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.9.0 (2024-02-27)

  • The new methods IndexedParallelIterator::by_exponential_blocks and by_uniform_blocks allow processing items in smaller groups at a time.
  • The new iter::walk_tree, walk_tree_prefix, and walk_tree_postfix functions enable custom parallel iteration over tree-like structures.
  • The new method ParallelIterator::collect_vec_list returns items as a linked list of vectors, which is an efficient mode of parallel collection used by many of the internal implementations of collect.
  • The new methods ParallelSliceMut::par_split_inclusive_mut, ParallelSlice::par_split_inclusive, and ParallelString::par_split_inclusive all work like a normal split but keeping the separator as part of the left slice.
  • The new ParallelString::par_split_ascii_whitespace splits only on ASCII whitespace, which is faster than including Unicode multi-byte whitespace.
  • OsString now implements FromParallelIterator<_> and ParallelExtend<_> for a few item types similar to the standard FromIterator and Extend.
  • The internal Pattern trait for string methods is now implemented for [char; N] and &[char; N], matching any of the given characters.

Release rayon 1.8.1 / rayon-core 1.12.1 (2024-01-17)

  • The new "web_spin_lock" crate feature makes mutexes spin on the main browser thread in WebAssembly, rather than suffer an error about forbidden atomics.wait if they were to block in that context. Thanks @​RReverser!
Commits


Updates regex from 1.10.2 to 1.10.3

Changelog

Sourced from regex's changelog.

1.10.3 (2024-01-21)

This is a new patch release that fixes the feature configuration of optional dependencies, and fixes an unsound use of bounds check elision.

Bug fixes:

Commits
  • 0c09903 1.10.3
  • 653bb59 deps: bump regex-automata to 0.4.4
  • e7b5401 regex-automata-0.4.4
  • 1bc667d changelog: 1.10.3
  • fbd2537 safety: guard in Input::new against incorrect AsRef implementations
  • 027eebd cargo: set 'default-features = false' for memchr and aho-corasick
  • dc0a9d2 ci: small clean-ups
  • a3d5975 doc: fix link in Index<&str> impl docs
  • 4f5992f doc: tweak Captures documentation
  • 837fd85 regex-cli-0.2.0
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 8 months ago

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

Cargo.lock
  • clap@4.5.1
  • clap_builder@4.5.1
  • clap_derive@4.5.0
  • clap_lex@0.7.0
  • proc-macro2@1.0.78
  • rayon@1.9.0
  • rayon-core@1.12.1
  • regex@1.10.3
  • regex-automata@0.4.5
  • strsim@0.11.0
  • clap@4.4.16
  • clap_builder@4.4.16
  • clap_derive@4.4.7
  • clap_lex@0.6.0
  • proc-macro2@1.0.67
  • rayon@1.8.0
  • rayon-core@1.12.0
  • regex@1.10.2
  • regex-automata@0.4.3
  • strsim@0.10.0
extractor/Cargo.toml
  • clap@>= 4.5.0, < 5.0.0
  • rayon@>= 1.9.0, < 2.0.0
  • regex@>= 1.10.3, < 2.0.0
  • clap@>= 4.4.0, < 5.0.0
  • rayon@>= 1.8.0, < 2.0.0
  • regex@>= 1.10.2, < 2.0.0
GeekMasher commented 8 months ago

@dependabot rebase

dependabot[bot] commented 8 months ago

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.