deps: bump the production-dependencies group with 4 updates

[dependabot]

Bumps the production-dependencies group with 4 updates: clap, thiserror, anyhow and tokio.

Updates clap from 4.5.21 to 4.5.23

Release notes

Sourced from clap's releases.

v4.5.23

[4.5.23] - 2024-12-05

Fixes

• (parser) When check allow_negative_numbers, allow E again

v4.5.22

[4.5.22] - 2024-12-03

Fixes

• (assert) Catch bugs with arguments requiring themself

Changelog

Sourced from clap's changelog.

[4.5.23] - 2024-12-05

Fixes

• (parser) When check allow_negative_numbers, allow E again

[4.5.22] - 2024-12-03

Fixes

• (assert) Catch bugs with arguments requiring themself

Commits

• 7916028 chore: Release
• 804498d docs: Update changelog
• f9721f1 Merge pull request #5695 from epage/value
• b04bf72 fix(complete)!: Be consistent in value language
• 0e28259 chore: Release
• e55c986 docs: Update changelog
• c7157df Merge pull request #5692 from epage/self
• 84252b7 fix(complete): Allow completing '.'
• eded64a test(complete): Verify PathCompleter::dir
• See full diff in compare view

Updates thiserror from 2.0.3 to 2.0.6

Release notes

Sourced from thiserror's releases.

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

Commits

• 2075e87 Release 2.0.6
• e9a9085 Merge pull request #396 from dtolnay/deprecatedfrom
• 6e8c724 Suppress deprecation warning on generated From impls
• caf585c Add test of deprecated type in From impl
• f1f159d Release 2.0.5
• 366a7b2 Merge pull request #395 from dtolnay/fallback
• 88a4603 Move fallback expansion to separate module
• 6712f8c Merge pull request #394 from dtolnay/deprecated
• 07e7d99 Add "in this derive macro expansion" to missing Display errors
• 714229d Work around deprecation warning on generated impl for deprecated type
• Additional commits viewable in compare view

Updates anyhow from 1.0.93 to 1.0.94

Release notes

Sourced from anyhow's releases.

1.0.94

• Documentation improvements

Commits

• 8ceb5e9 Release 1.0.94
• b9009ab Merge pull request #399 from dtolnay/okvalue
• 863791a Align naming between Ok function argument and its documentation
• 2081692 Merge pull request #398 from zertosh/ok_doc_format
• cc2cecb Fix anyhow::Ok rustdoc code formatting
• 8852dc3 Prevent upload-artifact from causing CI failure
• See full diff in compare view

Updates tokio from 1.41.1 to 1.42.0

Release notes

Sourced from tokio's releases.

Tokio v1.42.0

1.42.0 (Dec 3rd, 2024)

Added

• io: add AsyncFd::{try_io, try_io_mut} (#6967)

Fixed

• io: avoid ptr->ref->ptr roundtrip in RegistrationSet (#6929)
• runtime: do not defer yield_now inside block_in_place (#6999)

Changes

• io: simplify io readiness logic (#6966)

Documented

• net: fix docs for tokio::net::unix::{pid_t, gid_t, uid_t} (#6791)
• time: fix a typo in Instant docs (#6982)

#6791: tokio-rs/tokio#6791 #6929: tokio-rs/tokio#6929 #6966: tokio-rs/tokio#6966 #6967: tokio-rs/tokio#6967 #6982: tokio-rs/tokio#6982 #6999: tokio-rs/tokio#6999

Commits

• bb9d570 chore: prepare Tokio v1.42.0 (#7005)
• af9c683 tests: fix typo in build test instructions (#7004)
• 4bc5a1a ci: allow Unicode-3.0 license for unicode-ident (#7006)
• f8948ea runtime: do not defer yield_now inside block_in_place (#6999)
• bce9780 time: use array::from_fn instead of manually creating array (#7000)
• 38151f3 readme: unlist 1.32.x as LTS release (#6997)
• 5dda72d ci: pin valgrind to rustc 1.82 (#6998)
• c07257f io: simplify io readiness logic (#6966)
• d08578f time: fix a typo in Instant docs (#6982)
• 4047d79 miri: add annotations for tests with miri ignore (#6981)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/anyhow	1.0.94	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/20 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap	4.5.23	🟢 5.9	Details Check Score Reason Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
cargo/clap_builder	4.5.23	🟢 5.9	Details Check Score Reason Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
cargo/clap_lex	0.7.4	🟢 5.9	Details Check Score Reason Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
cargo/thiserror	2.0.6	🟢 5.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/16 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/thiserror-impl	2.0.6	🟢 5.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/16 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tokio	1.42.0	🟢 8.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• Cargo.lock