build(deps): bump the extractor group with 3 updates

[dependabot]

Bumps the extractor group with 3 updates: clap, rayon and regex.

Updates clap from 4.5.41 to 4.5.45

Release notes

Sourced from clap's releases.

v4.5.45

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

v4.5.43

[4.5.43] - 2025-08-06

Fixes

• (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look

v4.5.42

[4.5.42] - 2025-07-30

Fixes

• Include subcommand visible long aliases in --help

Changelog

Sourced from clap's changelog.

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

[4.5.43] - 2025-08-06

Fixes

• (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look

[4.5.42] - 2025-07-30

Fixes

• Include subcommand visible long aliases in --help

Commits

• 246d972 chore: Release
• a35a076 docs: Update changelog
• 9b985a3 Merge pull request #5912 from epage/takes
• 389fbe8 feat(builder): Allow flags to take num_args=0..=1
• c395d02 test(parser): Show flag behavior
• 32c119e refactor(assert): Be more specific than action.takes_values
• 80ea3e7 fix(assert): Clean up num_args/action assert
• 2bc0f45 fix(builder): Make ValueRange display independent of usize::MAX
• a0187c6 test(assert): Verify num_args/action compat
• a8f9885 refactor(builder): Be more explicit in how takes_values is used
• Additional commits viewable in compare view

Updates rayon from 1.10.0 to 1.11.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.11.0 / rayon-core 1.13.0 (2025-08-12)

• The minimum supported rustc is now 1.80.
• iter::repeatn has been renamed to iter::repeat_n to match the name stabilized in the standard library. The old name still exists as a deprecated function for compatibility.
• Fixed a bug in in_place_scope when the default global registry uses the current thread, like on WebAssembly without threading support.
• binary_heap::Iter no longer requires a temporary allocation.
• Relaxed trait bounds on many of the public structs.
• Implemented IntoParallelIterator for Box<[T]> and its references.
• Implemented FromParallelIterator<_> for Box<str> via String.

Commits

• 6236214 Merge #1031
• 652f111 Release rayon 1.7.0 and rayon-core 1.11.0
• 7df001d Tweak plumbing consumer description
• 322dfe8 Merge #1026
• 099241d Merge #1030
• a17bcb9 Fix inappropriate use of slice::as_mut_ptr
• 98077fe Be more cautious about drain drops
• 7069695 Merge #1028
• 874ff73 Fix docs for the yield None case on ThreadPool
• 58f7b7e Be careful comparing job_ref.execute_fn
• Additional commits viewable in compare view

Updates regex from 1.11.1 to 1.11.2

Changelog

Sourced from regex's changelog.

1.11.2 (2025-08-24)

This is a new patch release of regex with some minor fixes. A larger number of typo or lint fix patches were merged. Also, we now finally recommend using std::sync::LazyLock.

Improvements:

• [BUG #1217](rust-lang/regex#1217): Switch recommendation from once_cell to std::sync::LazyLock.
• [BUG #1225](rust-lang/regex#1225): Add DFA::set_prefilter to regex-automata.

Bug fixes:

• [BUG #1165](rust-lang/regex#1150): Remove std dependency from perf-literal-multisubstring crate feature.
• [BUG #1165](rust-lang/regex#1165): Clarify the meaning of (?R)$ in the documentation.
• [BUG #1281](rust-lang/regex#1281): Remove fuzz/ and record/ directories from published crate on crates.io.

Commits

• d0aa586 1.11.2
• a3bf4ad regex-cli-0.2.2
• 25a15e2 rure-0.2.3
• 45c3da7 regex-lite-0.1.7
• 873ed80 regex-automata-0.4.10
• ea834f8 regex-syntax-0.8.6
• 86836fb changelog: 1.11.2
• 63a26c1 cargo: ensure that 'perf' doesn't enable 'std' implicitly (#1150)
• dd96592 doc: clarify CRLF mode effect
• 931dae0 cargo: point repository metadata to clonable URLs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/clap	4.5.45	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 1/19 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
cargo/clap_builder	4.5.44	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 1/19 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
cargo/clap_derive	4.5.45	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 1/19 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
cargo/rayon	1.11.0	🟢 4.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/rayon-core	1.13.0	🟢 4.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/regex	1.11.2	🟢 7	Details Check Score Reason Code-Review 🟢 5 Found 16/30 approved changesets -- score normalized to 5 Maintained 🟢 10 26 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/rayon	>= 1.11.0, < 2.0.0	🟢 4.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/regex	>= 1.11.2, < 2.0.0	🟢 7	Details Check Score Reason Code-Review 🟢 5 Found 16/30 approved changesets -- score normalized to 5 Maintained 🟢 10 26 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• Cargo.lock
• extractor/Cargo.toml