Bumps the extractor group with 2 updates in the / directory: flate2 and tree-sitter.

Updates flate2 from 1.0.28 to 1.0.30

Release notes

1.0.29 - with new zlib-rs feature (~zlib-ng in Rust)

With the new zlib-rs feature, a new backend is enabled that brings in a SIMD-accelerated Rust implementation.

What's Changed

Fix build for beta and nightly by @JakubOnderka in rust-lang/flate2-rs#388

Store StreamWrapper::inner as a raw pointer by @icmccorm in rust-lang/flate2-rs#394

Avoid redudant imports by @Byron in rust-lang/flate2-rs#398

add zlib-rs support via the libz-rs-sys C api for zlib-rs by @folkertdev in rust-lang/flate2-rs#400

Add tests to show BufRead can be used after decoding by @jongiddy in rust-lang/flate2-rs#402

release version 1.0.29: support for zlib-rs by @folkertdev in rust-lang/flate2-rs#403

New Contributors

@JakubOnderka made their first contribution in rust-lang/flate2-rs#388

@icmccorm made their first contribution in rust-lang/flate2-rs#394

@folkertdev made their first contribution in rust-lang/flate2-rs#400

Full Changelog: https://github.com/rust-lang/flate2-rs/compare/1.0.28...1.0.29

Commits

d3bea90 Merge pull request #405 from Byron/fix-CI
5048843 Merge pull request #407 from striezel-stash/actions-checkout-v4
42c86ce Merge pull request #406 from striezel-stash/fix-some-typos
f7b99e9 Update actions/checkout in GitHub Actions workflows to v4
563f1c4 Fix typos
1126a4a prepare bugfix release to make docs work again
bc1b3e9 CI verifies that docs can be built (#404)
5ce4154 fix CI by assuring builds work with --all-features enabled (#404)
9a25bc0 Merge pull request #403 from folkertdev/bump-version-zlib-rs
e9c87c0 zlib-rs support version bump
Additional commits viewable in compare view

Updates tree-sitter from 0.22.5 to 0.22.6

Release notes

Sourced from tree-sitter's releases.

v0.22.6

[0.22.6] — 2024-05-05

Features

Improve handling of serialization buffer overflows (tree-sitter/tree-sitter#3318)

Reverse iteration through node parents (tree-sitter/tree-sitter#3214)

cli: Support NO_COLOR (tree-sitter/tree-sitter#3299)

cli: Add test listing and allow users to parse a specific test number (tree-sitter/tree-sitter#3067)

grammar: Add "inherits" field if available (tree-sitter/tree-sitter#3295)

Bug Fixes

Correctly load field data from wasm languages

Improve error message when the tree-sitter field is malformed

Don't error out on package.json lookup errors if --no-bindings is passed (tree-sitter/tree-sitter#3323)

cli: Keep default cc flags in build

cli: Properly account for multi-grammar repos when using docker to build a wasm parser (tree-sitter/tree-sitter#3337)

generate: Don't check arbitrarily named dirs

generate: Take AsRef<Path> for the path parameter to avoid clones (tree-sitter/tree-sitter#3322)

highlight: Correct signature of ts_highlighter_add_language

lib: Do not return field names for extras (tree-sitter/tree-sitter#3330)

lib: Advance the lookahead end byte by 4 when there's an invalid code point (tree-sitter/tree-sitter#3305)

rust: Update README example (tree-sitter/tree-sitter#3307)

rust: Use unix + wasi cfg instead of not windows for fd (tree-sitter/tree-sitter#3304)

test: Allow newlines in between test name and attribute

wasm: Correct childrenFromFieldXXX method signatures (tree-sitter/tree-sitter#3301)

xtask: Always bump every crate in tandem

zig: Make usable as a zig dependency (tree-sitter/tree-sitter#3315)

Documentation

Mention build command variables

Swap \s for \\s in query example

highlight: Typo (tree-sitter/tree-sitter#3290)

Refactor

tests: Migrate remaining grammar.json tests to grammar.js (tree-sitter/tree-sitter#3325)

Build System and CI

Add nightly rustfmt to workflow for linting (tree-sitter/tree-sitter#3333)

Fix address sanitizer step (tree-sitter/tree-sitter#3188)

deps: Bump cc from 1.0.92 to 1.0.94 in the cargo group (tree-sitter/tree-sitter#3298)

deps: Bump the cargo group with 6 updates (tree-sitter/tree-sitter#3313)

xtask: Bump build.zig.zon version when bumping versions

Changelog

Sourced from tree-sitter's changelog.

[0.22.6] — 2024-05-05

Features

Improve handling of serialization buffer overflows (tree-sitter/tree-sitter#3318)

Reverse iteration through node parents (tree-sitter/tree-sitter#3214)

cli: Support NO_COLOR (tree-sitter/tree-sitter#3299)

cli: Add test listing and allow users to parse a specific test number (tree-sitter/tree-sitter#3067)

grammar: Add "inherits" field if available (tree-sitter/tree-sitter#3295)

Bug Fixes

Correctly load field data from wasm languages

Improve error message when the tree-sitter field is malformed

Don't error out on package.json lookup errors if --no-bindings is passed (tree-sitter/tree-sitter#3323)

cli: Keep default cc flags in build

cli: Properly account for multi-grammar repos when using docker to build a wasm parser (tree-sitter/tree-sitter#3337)

generate: Don't check arbitrarily named dirs

generate: Take AsRef<Path> for the path parameter to avoid clones (tree-sitter/tree-sitter#3322)

highlight: Correct signature of ts_highlighter_add_language

lib: Do not return field names for extras (tree-sitter/tree-sitter#3330)

lib: Advance the lookahead end byte by 4 when there's an invalid code point (tree-sitter/tree-sitter#3305)

rust: Update README example (tree-sitter/tree-sitter#3307)

rust: Use unix + wasi cfg instead of not windows for fd (tree-sitter/tree-sitter#3304)

test: Allow newlines in between test name and attribute

wasm: Correct childrenFromFieldXXX method signatures (tree-sitter/tree-sitter#3301)

xtask: Always bump every crate in tandem

zig: Make usable as a zig dependency (tree-sitter/tree-sitter#3315)

Documentation

Mention build command variables

Swap \s for \\s in query example

highlight: Typo (tree-sitter/tree-sitter#3290)

Refactor

tests: Migrate remaining grammar.json tests to grammar.js (tree-sitter/tree-sitter#3325)

Build System and CI

Add nightly rustfmt to workflow for linting (tree-sitter/tree-sitter#3333)

Fix address sanitizer step (tree-sitter/tree-sitter#3188)

deps: Bump cc from 1.0.92 to 1.0.94 in the cargo group (tree-sitter/tree-sitter#3298)

deps: Bump the cargo group with 6 updates (tree-sitter/tree-sitter#3313)

xtask: Bump build.zig.zon version when bumping versions

Commits

b40f342 0.22.6
577d333 feat(cli): add test listing and allow users to parse a specific test number
33045ee fix(test): allow newlines in between test name and attribute
1e219ff fix(cli): properly account for multi-grammar repos when using docker to build...
572cdaa ci: fix address sanitizer step
6bfdae0 docs: mention build command variables
a2d2da3 fix(cli): keep default cc flags in build
90ba525 fix(highlight): correct signature of ts_highlighter_add_language
67a0439 test: temporarily disable php test
3a42c27 ci: add nightly rustfmt to workflow
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

cargo/cc

1.0.96

:green_circle: 6.2

Details

Check	Score	Reason
Code-Review	:green_circle: 4	Found 12/27 approved changesets -- score normalized to 4
Maintained	:green_circle: 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	:warning: -1	no releases found
Fuzzing	:warning: 0	project is not fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Packaging	:green_circle: 10	packaging workflow detected
Security-Policy	:green_circle: 10	security policy file detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

cargo/flate2

1.0.30

:green_circle: 7.2

Details

Check	Score	Reason
Maintained	:green_circle: 10	18 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 10	all changesets reviewed
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	:green_circle: 10	project is fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Security-Policy	:green_circle: 10	security policy file detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

cargo/tree-sitter

0.22.6

:green_circle: 4.3

Details

Check	Score	Reason
Maintained	:green_circle: 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 3	Found 7/22 approved changesets -- score normalized to 3
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: 0	Project has not signed or included provenance with any releases.
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Fuzzing	:warning: 0	project is not fuzzed
Packaging	:green_circle: 10	packaging workflow detected
Security-Policy	:warning: 0	security policy file not detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	:green_circle: 7	3 existing vulnerabilities detected
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

cargo/cc

1.0.94

:green_circle: 6.2

Details

Check	Score	Reason
Code-Review	:green_circle: 4	Found 12/27 approved changesets -- score normalized to 4
Maintained	:green_circle: 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	:warning: -1	no releases found
Fuzzing	:warning: 0	project is not fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Packaging	:green_circle: 10	packaging workflow detected
Security-Policy	:green_circle: 10	security policy file detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

cargo/flate2

1.0.28

:green_circle: 7.2

Details

Check	Score	Reason
Maintained	:green_circle: 10	18 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 10	all changesets reviewed
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	:green_circle: 10	project is fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Security-Policy	:green_circle: 10	security policy file detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

cargo/tree-sitter

0.22.5

:green_circle: 4.3

Details

Check	Score	Reason
Maintained	:green_circle: 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 3	Found 7/22 approved changesets -- score normalized to 3
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: 0	Project has not signed or included provenance with any releases.
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Fuzzing	:warning: 0	project is not fuzzed
Packaging	:green_circle: 10	packaging workflow detected
Security-Policy	:warning: 0	security policy file not detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	:green_circle: 7	3 existing vulnerabilities detected
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

Cargo.lock

cc@1.0.96
flate2@1.0.30
tree-sitter@0.22.6
cc@1.0.94
flate2@1.0.28
tree-sitter@0.22.5

advanced-security / codeql-extractor-iac

build(deps): bump the extractor group across 1 directory with 2 updates #140

1.0.29 - with new `zlib-rs` feature (~`zlib-ng` in Rust)

What's Changed

New Contributors

v0.22.6

[0.22.6] — 2024-05-05

Features

Bug Fixes

Documentation

Refactor

Build System and CI

[0.22.6] — 2024-05-05

Features

Bug Fixes

Documentation

Refactor

Build System and CI

Dependency Review

OpenSSF Scorecard

Scanned Manifest Files

advanced-security / codeql-extractor-iac

build(deps): bump the extractor group across 1 directory with 2 updates #140

1.0.29 - with new zlib-rs feature (~zlib-ng in Rust)

What's Changed

New Contributors

v0.22.6

[0.22.6] — 2024-05-05

Features

Bug Fixes

Documentation

Refactor

Build System and CI

[0.22.6] — 2024-05-05

Features

Bug Fixes

Documentation

Refactor

Build System and CI

Dependency Review

OpenSSF Scorecard

Scanned Manifest Files

1.0.29 - with new `zlib-rs` feature (~`zlib-ng` in Rust)