build(deps): bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the / directory:

Package	From	To
clap	4.5.41	4.5.50
console	0.16.0	0.16.1
dialoguer	0.11.0	0.12.0
indicatif	0.18.0	0.18.2
thiserror	2.0.12	2.0.17
anyhow	1.0.98	1.0.100
log	0.4.27	0.4.28
serde	1.0.219	1.0.228
serde_json	1.0.141	1.0.145
toml	0.9.2	0.9.8

Updates clap from 4.5.41 to 4.5.50

Release notes

Sourced from clap's releases.

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

... (truncated)

Commits

• d8acd47 chore: Release
• 7c2b8d9 docs: Update changelog
• e69a2ea Merge pull request #5987 from mernen/fix-bash-comp-words-loop
• e03cc2e Merge pull request #5988 from cordx56/fix-builder-custom-version-docs
• 5ab2579 fix: Minor fix for builder docs about version
• 2f66432 fix(complete): Only parse arguments before current
• 4d9d210 test(complete): Illustrate current behavior in Bash
• 6abe2f8 chore: Release
• d5c7454 docs: Update changelog
• 5b2e960 Merge pull request #5985 from mernen/bash-cur
• Additional commits viewable in compare view

Updates console from 0.16.0 to 0.16.1

Release notes

Sourced from console's releases.

0.16.1

What's Changed

• Add WithoutAnsi struct that implements Display by @​ChocolateLoverRaj in console-rs/console#258
• Tweak style for new WithAnsi code by @​djc in console-rs/console#266
• Fix QNX 7.1 patch for libc::cfmakeraw by @​rafaeling in console-rs/console#267
• Upgrade windows-sys to 0.61 by @​djc in console-rs/console#272

Commits

• f35b2e4 Bump version to 0.16.1
• 900379f Upgrade windows-sys to 0.61
• 174b8a4 Bump MSRV to 1.71 (for windows-sys 0.61)
• 208928e Fix lint warning for elided lifetimes
• a51fcea Fix QNX patch for libc::cfmakeraw
• 90ea08d Tweak style for new WithAnsi code
• 903df6d Add WithoutAnsi struct that implements Display
• See full diff in compare view

Updates dialoguer from 0.11.0 to 0.12.0

Release notes

Sourced from dialoguer's releases.

0.12.0

What's Changed

• Fix prompt in select.rs example by @​jwodder in console-rs/dialoguer#289
• Document crate feature guarded items on docs.rs by @​robjtede in console-rs/dialoguer#293
• Add conversion between error types by @​jacobtread in console-rs/dialoguer#300
• Accept items by iterator instead of slice by @​jacobtread in console-rs/dialoguer#299
• refactor: replace thiserror with a manual impl by @​CosmicHorrorDev in console-rs/dialoguer#327
• Update console to 0.16 by @​musicinmybrain in console-rs/dialoguer#329

Changelog

Sourced from dialoguer's changelog.

Changelog

For newer releases, please see releases.

Commits

• 731c70b Audit dependencies
• 2a88be1 Check for external types
• d4271ea Check semver compatibility
• 11c990d Check for documentation errors
• 39d2480 Add Dependabot config
• 31b2e25 Upgrade to actions/checkout v5
• 8ebd9e5 Focus CI testing on stable Rust
• d4a002d Use default targets on respective operating systems
• 3e3cc03 Reduce number of targets tested in CI
• fcb8a0d Enable basic caching in CI
• Additional commits viewable in compare view

Updates indicatif from 0.18.0 to 0.18.2

Release notes

Sourced from indicatif's releases.

0.18.1

What's Changed

• Do not render "current" char if no "current" char is configured by @​Finomnis in console-rs/indicatif#719
• Update vt100 requirement from 0.15.1 to 0.16.1 by @​dependabot[bot] in console-rs/indicatif#723
• Bump MSRV to 1.71 with versioned lockfile by @​djc in console-rs/indicatif#735
• Fix wide_bar width computation with a multiline message by @​glehmann in console-rs/indicatif#738

Commits

• See full diff in compare view

Updates thiserror from 2.0.12 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• Additional commits viewable in compare view

Updates anyhow from 1.0.98 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• Additional commits viewable in compare view

Updates log from 0.4.27 to 0.4.28

Release notes

Sourced from log's releases.

0.4.28

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• chore: fix some typos in comment by @​xixishidibei in rust-lang/log#677
• Unhide #[derive(Debug)] in example by @​ZylosLumen in rust-lang/log#688
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692
• Prepare for 0.4.28 release by @​KodrAus in rust-lang/log#695

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

Changelog

Sourced from log's changelog.

[0.4.28] - 2025-09-02

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

Notable Changes

• MSRV is bumped to 1.61.0 in rust-lang/log#676

Commits

• 6e17355 Merge pull request #695 from rust-lang/cargo/0.4.28
• 57719db focus on user-facing source changes in the changelog
• e0630c6 prepare for 0.4.28 release
• 60829b1 Merge pull request #692 from nebkor/up-and-down
• 95d44f8 change names of log-level-changing methods to be more descriptive
• 2b63dfa Add up() and down() methods for Level and LevelFilter
• 3aa1359 Merge pull request #690 from HaoliangXu/master
• 1091f2c Chore:delete compare_exchange method for AtomicUsize on platforms
• 24c5f44 Merge pull request #688 from ZylosLumen/patch-1
• 4498495 Unhide #[derive(Debug)] in example
• Additional commits viewable in compare view

Updates serde from 1.0.219 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates serde_json from 1.0.141 to 1.0.145

Release notes

Sourced from serde_json's releases.

v1.0.145

• Raise serde version requirement to >=1.0.220

v1.0.144

• Switch serde dependency to serde_core (#1285)

v1.0.143

• Implement Clone and Debug for serde_json::Map iterators (#1264, thanks @​xlambein)
• Implement Default for CompactFormatter (#1268, thanks @​SOF3)
• Implement FromStr for serde_json::Map (#1271, thanks @​mickvangelderen)

v1.0.142

• impl Default for &Value (#1265, thanks @​aatifsyed)

Commits

• efa66e3 Release 1.0.145
• 23679e2 Add serde version constraint
• fc27baf Release 1.0.144
• caef3c6 Ignore uninlined_format_args pedantic clippy lint
• 81ba3aa Merge pull request #1285 from dtolnay/serdecore
• d21e8ce Switch serde dependency to serde_core
• 6beb6cd Merge pull request #1286 from dtolnay/up
• 1dbc803 Raise required compiler to Rust 1.61
• 0bf5d87 Enforce trybuild >= 1.0.108
• d12e943 Update actions/checkout@v4 -> v5
• Additional commits viewable in compare view

Updates toml from 0.9.2 to 0.9.8

Commits

• 93e9146 chore: Release
• 7de1b4e docs: Update changelog
• 1b579c3 feat(serde): Support integer, bools, and chars as keys (#1050)
• ac1e077 feat(serde): Support chars as keys
• f3dec32 feat(serde): Support bools as keys
• 139b30a feat(serde): Support integer keys
• 2d65a88 test(serde): Show existing key behavior
• 80217f8 chore(deps): Update actions/checkout action to v5 (#1047)
• b36e351 chore(deps): Update actions/checkout action to v5
• 7d2c649 chore(deps): Update actions/setup-python action to v6 (#1048)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
cargo/anyhow	1.0.100	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/24 approved changesets -- score normalized to 0 Maintained 🟢 10 17 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/clap	4.5.50	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
cargo/clap_builder	4.5.50	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
cargo/clap_derive	4.5.49	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
cargo/console	0.16.1	Unknown	Unknown
cargo/dialoguer	0.12.0	Unknown	Unknown
cargo/hashbrown	0.16.0	🟢 6.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 11/13 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/indexmap	2.12.0	Unknown	Unknown
cargo/indicatif	0.18.2	Unknown	Unknown
cargo/log	0.4.28	🟢 6.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 10 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde	1.0.228	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/13 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_core	1.0.228	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/13 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_derive	1.0.228	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 3/13 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_json	1.0.145	🟢 6.8	Details Check Score Reason Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_spanned	1.0.3	🟢 7.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/thiserror	2.0.17	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/25 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/thiserror-impl	2.0.17	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/25 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/toml	0.9.8	🟢 7.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/toml_datetime	0.7.3	🟢 7.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/toml_parser	1.0.4	🟢 7.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/toml_writer	1.0.4	🟢 7.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
cargo/windows-link	0.2.1	🟢 4.4	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/27 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
cargo/windows-sys	0.61.2	🟢 4.4	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/27 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
cargo/winnow	0.7.13	🟢 7.3	Details Check Score Reason Maintained 🟢 10 24 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 4/13 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
cargo/dialoguer	>= 0.12.0, < 0.13.0	Unknown	Unknown

Scanned Files

• Cargo.lock
• Cargo.toml