zizmor 1.11.1rc1__tar.gz → 1.12.1__tar.gz

{zizmor-1.11.1rc1 → zizmor-1.12.1}/Cargo.lock

@@ -62,9 +62,9 @@ dependencies = [
 
 [[package]]
 name = "anstream"
-version = "0.6.19"
+version = "0.6.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "301af1932e46185686725e0fad2f8f2aa7da69dd70bf6ecc44d6b703844a3933"
+checksum = "3ae563653d1938f79b1ab1b5e668c87c76a9930414574a6583a7b7e11a8e6192"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -302,9 +302,9 @@ dependencies = [
 
 [[package]]
 name = "camino"
-version = "1.1.10"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0da45bc31171d8d6960122e222a67740df867c1dd53b4d51caa297084c185cab"
+checksum = "5d07aa9a93b00c76f71bc35d598bed923f6d4f3a9ca5c24b7737ae1a292841c0"
 dependencies = [
  "serde",
 ]
@@ -332,9 +332,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
 
 [[package]]
 name = "clap"
-version = "4.5.40"
+version = "4.5.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f"
+checksum = "50fd97c9dc2399518aa331917ac6f274280ec5eb34e555dd291899745c48ec6f"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -352,9 +352,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.40"
+version = "4.5.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e"
+checksum = "c35b5830294e1fa0462034af85cc95225a4cb07092c088c55bda3147cfcd8f65"
 dependencies = [
  "anstream",
  "anstyle",
@@ -364,18 +364,18 @@ dependencies = [
 
 [[package]]
 name = "clap_complete"
-version = "4.5.54"
+version = "4.5.56"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aad5b1b4de04fead402672b48897030eec1f3bfe1550776322f59f6d6e6a5677"
+checksum = "67e4efcbb5da11a92e8a609233aa1e8a7d91e38de0be865f016d14700d45a7fd"
 dependencies = [
  "clap",
 ]
 
 [[package]]
 name = "clap_complete_nushell"
-version = "4.5.7"
+version = "4.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cdb8335b398d197fb3176efe9400c6c053a41733c26794316c73423d212b2f3d"
+checksum = "0a0c951694691e65bf9d421d597d68416c22de9632e884c28412cb8cd8b73dce"
 dependencies = [
  "clap",
  "clap_complete",
@@ -383,9 +383,9 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.5.40"
+version = "4.5.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2c7947ae4cc3d851207c1adb5b5e260ff0cca11446b1d6d1423788e442257ce"
+checksum = "ef4f52386a59ca4c860f7393bcf8abd8dfd91ecccc0f774635ff68e92eeef491"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -828,18 +828,19 @@ checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
 
 [[package]]
 name = "github-actions-expressions"
-version = "0.0.8"
+version = "0.0.9"
 dependencies = [
  "anyhow",
  "itertools",
  "pest",
  "pest_derive",
  "pretty_assertions",
+ "subfeature",
 ]
 
 [[package]]
 name = "github-actions-models"
-version = "0.31.0"
+version = "0.32.0"
 dependencies = [
  "indexmap",
  "serde",
@@ -996,9 +997,9 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
 [[package]]
 name = "human-panic"
-version = "2.0.2"
+version = "2.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "80b84a66a325082740043a6c28bbea400c129eac0d3a27673a1de971e44bf1f7"
+checksum = "ac63a746b187e95d51fe16850eb04d1cfef203f6af98e6c405a6f262ad3df00a"
 dependencies = [
  "anstream",
  "anstyle",
@@ -1065,7 +1066,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2",
+ "socket2 0.5.9",
  "tokio",
  "tower-service",
  "tracing",
@@ -1239,9 +1240,9 @@ dependencies = [
 
 [[package]]
 name = "indicatif"
-version = "0.17.12"
+version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4adb2ee6ad319a912210a36e56e3623555817bcc877a7e6e8802d1d69c4d8056"
+checksum = "70a646d946d06bedbbc4cac4c218acf4bbf2d87757a784857025f4d447e4e1cd"
 dependencies = [
  "console 0.16.0",
  "portable-atomic",
@@ -1271,6 +1272,17 @@ dependencies = [
  "rustversion",
 ]
 
+[[package]]
+name = "io-uring"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013"
+dependencies = [
+ "bitflags 2.9.0",
+ "cfg-if",
+ "libc",
+]
+
 [[package]]
 name = "ipnet"
 version = "2.11.0"
@@ -1842,7 +1854,7 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls",
- "socket2",
+ "socket2 0.5.9",
  "thiserror 2.0.12",
  "tokio",
  "tracing",
@@ -1878,7 +1890,7 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2",
+ "socket2 0.5.9",
  "tracing",
  "windows-sys 0.59.0",
 ]
@@ -2028,9 +2040,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.20"
+version = "0.12.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eabf4c97d9130e2bf606614eb937e86edac8292eaa6f422f995d7e8de1eb1813"
+checksum = "cbc931937e6ca3a06e3b6c0aa7841849b160a90351d6ab467a8b9b9959767531"
 dependencies = [
  "base64 0.22.1",
  "bytes",
@@ -2250,9 +2262,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.140"
+version = "1.0.142"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
+checksum = "030fedb782600dcbd6f02d479bf0d817ac3bb40d644745b769d6a96bc3afc5a7"
 dependencies = [
  "indexmap",
  "itoa",
@@ -2324,9 +2336,9 @@ dependencies = [
 
 [[package]]
 name = "serde_spanned"
-version = "0.6.8"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
+checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83"
 dependencies = [
  "serde",
 ]
@@ -2435,6 +2447,16 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "socket2"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807"
+dependencies = [
+ "libc",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "ssri"
 version = "9.2.0"
@@ -2489,6 +2511,15 @@ dependencies = [
  "syn 2.0.101",
 ]
 
+[[package]]
+name = "subfeature"
+version = "0.0.3"
+dependencies = [
+ "memchr",
+ "regex",
+ "serde",
+]
+
 [[package]]
 name = "subtle"
 version = "2.6.1"
@@ -2687,18 +2718,20 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.45.1"
+version = "1.47.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75ef51a33ef1da925cea3e4eb122833cb377c61439ca401b770f54902b806779"
+checksum = "89e49afdadebb872d3145a5638b59eb0691ea23e46ca484037cfab3b76b95038"
 dependencies = [
  "backtrace",
  "bytes",
+ "io-uring",
  "libc",
  "mio",
  "pin-project-lite",
- "socket2",
+ "slab",
+ "socket2 0.6.0",
  "tokio-macros",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -2748,43 +2781,30 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.8.22"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05ae329d1f08c4d17a59bed7ff5b5a769d062e64a62d34a3261b219e62cd5aae"
+checksum = "ed0aee96c12fa71097902e0bb061a5e1ebd766a6636bb605ba401c45c1650eac"
 dependencies = [
  "serde",
  "serde_spanned",
  "toml_datetime",
- "toml_edit",
+ "toml_writer",
 ]
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "toml_edit"
-version = "0.22.26"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e"
+checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3"
 dependencies = [
- "indexmap",
  "serde",
- "serde_spanned",
- "toml_datetime",
- "toml_write",
 ]
 
 [[package]]
-name = "toml_write"
-version = "0.1.1"
+name = "toml_writer"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfb942dfe1d8e29a7ee7fcbde5bd2b9a25fb89aa70caea2eba3bee836ff41076"
+checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64"
 
 [[package]]
 name = "tower"
@@ -2903,9 +2923,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.33"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c"
+checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
 dependencies = [
  "once_cell",
  "valuable",
@@ -2913,9 +2933,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-indicatif"
-version = "0.3.9"
+version = "0.3.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8201ca430e0cd893ef978226fd3516c06d9c494181c8bf4e5b32e30ed4b40aa1"
+checksum = "e1983afead46ff13a3c93581e0cec31d20b29efdd22cbdaa8b9f850eccf2c352"
 dependencies = [
  "indicatif",
  "tracing",
@@ -2954,9 +2974,9 @@ dependencies = [
 
 [[package]]
 name = "tree-sitter"
-version = "0.25.6"
+version = "0.25.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7cf18d43cbf0bfca51f657132cc616a5097edc4424d538bae6fa60142eaf9f0"
+checksum = "6d7b8994f367f16e6fa14b5aebbcb350de5d7cbea82dc5b00ae997dd71680dd2"
 dependencies = [
  "cc",
  "regex",
@@ -2984,9 +3004,9 @@ checksum = "c4013970217383f67b18aef68f6fb2e8d409bc5755227092d32efb0422ba24b8"
 
 [[package]]
 name = "tree-sitter-powershell"
-version = "0.25.6"
+version = "0.25.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e265a36be4ab388c842629bef61fb719c83f9be3241db92288d064ed425758ba"
+checksum = "d76347b6c5300ae20622847aa53c88005d13b6999708ffbe4618b509ddb45178"
 dependencies = [
  "cc",
  "tree-sitter-language",
@@ -3663,9 +3683,25 @@ version = "0.8.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3"
 
+[[package]]
+name = "yamlpatch"
+version = "0.3.0"
+dependencies = [
+ "indexmap",
+ "insta",
+ "line-index",
+ "pretty_assertions",
+ "serde",
+ "serde_json",
+ "serde_yaml",
+ "subfeature",
+ "thiserror 2.0.12",
+ "yamlpath",
+]
+
 [[package]]
 name = "yamlpath"
-version = "0.23.1"
+version = "0.25.0"
 dependencies = [
  "line-index",
  "serde",
@@ -3796,7 +3832,7 @@ dependencies = [
 
 [[package]]
 name = "zizmor"
-version = "1.11.1-rc1"
+version = "1.12.1"
 dependencies = [
  "annotate-snippets",
  "anstream",
@@ -3822,7 +3858,6 @@ dependencies = [
  "itertools",
  "jsonschema",
  "line-index",
- "memchr",
  "owo-colors",
  "regex",
  "reqwest",
@@ -3832,6 +3867,7 @@ dependencies = [
  "serde_json",
  "serde_json_path",
  "serde_yaml",
+ "subfeature",
  "tar",
  "terminal-link",
  "thiserror 2.0.12",
@@ -3843,5 +3879,6 @@ dependencies = [
  "tree-sitter",
  "tree-sitter-bash",
  "tree-sitter-powershell",
+ "yamlpatch",
  "yamlpath",
 ]

{zizmor-1.11.1rc1 → zizmor-1.12.1}/Cargo.toml

@@ -8,57 +8,60 @@ readme = "README.md"
 homepage = "https://docs.zizmor.sh"
 edition = "2024"
 license = "MIT"
+rust-version = "1.88.0"
 
 [workspace.dependencies]
 anyhow = "1.0.98"
-github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.8" }
-github-actions-models = { path = "crates/github-actions-models", version = "0.31.0" }
+github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.9" }
+github-actions-models = { path = "crates/github-actions-models", version = "0.32.0" }
 itertools = "0.14.0"
 pest = "2.8.1"
 pest_derive = "2.8.1"
 pretty_assertions = "1.4.1"
 annotate-snippets = "0.11.5"
-anstream = "0.6.19"
+anstream = "0.6.20"
 assert_cmd = "2.0.17"
-camino = "1.1.10"
-clap = "4.5.40"
+camino = "1.1.11"
+clap = "4.5.43"
 clap-verbosity-flag = { version = "3.0.3", default-features = false }
-clap_complete = "4.5.54"
-clap_complete_nushell = "4.5.7"
+clap_complete = "4.5.56"
+clap_complete_nushell = "4.5.8"
 csv = "1.3.1"
 etcetera = "0.10.0"
 flate2 = "1.1.2"
 fst = "0.4.7"
 http-cache-reqwest = "0.16"
-human-panic = "2.0.1"
+human-panic = "2.0.3"
 ignore = "0.4.23"
 indexmap = { version = "2.10.0", features = ["serde"] }
-indicatif = "0.17.12"
+indicatif = "0.18"
 insta = "1.43.0"
 jsonschema = "0.30.0"
 line-index = "0.1.2"
 memchr = "2.7.5"
 owo-colors = "4.2.2"
 regex = "1.11.1"
-reqwest = { version = "0.12.20", default-features = false }
+reqwest = { version = "0.12.22", default-features = false }
 reqwest-middleware = "0.4.2"
 serde = { version = "1.0.219", features = ["derive"] }
 serde-sarif = "0.8.0"
-serde_json = "1.0.140"
+serde_json = "1.0.142"
 serde_json_path = "0.7.2"
 serde_yaml = "0.9.34"
+subfeature = { path = "crates/subfeature", version = "0.0.3" }
 tar = "0.4.44"
 terminal-link = "0.1.0"
 thiserror = "2.0.12"
-tokio = { version = "1.44.1", features = ["rt-multi-thread", "io-std"] }
+tokio = { version = "1.47.1", features = ["rt-multi-thread", "io-std"] }
 tower-lsp = { version = "0.20.0" }
 tracing = "0.1.41"
-tracing-indicatif = "0.3.9"
+tracing-indicatif = "0.3.12"
 tracing-subscriber = "0.3.19"
-tree-sitter = "0.25.6"
+tree-sitter = "0.25.8"
 tree-sitter-bash = "0.23.3"
-tree-sitter-powershell = "0.25.6"
-yamlpath = { path = "crates/yamlpath", version = "0.23.1" }
+tree-sitter-powershell = "0.25.8"
+yamlpath = { path = "crates/yamlpath", version = "0.25.0" }
+yamlpatch = { path = "crates/yamlpatch", version = "0.3.0" }
 tree-sitter-yaml = "0.7.1"
 
 [workspace.lints.clippy]

zizmor-1.12.1/PKG-INFO

@@ -0,0 +1,6 @@
+Metadata-Version: 2.4
+Name: zizmor
+Version: 1.12.1
+License-File: LICENSE
+Home-Page: https://docs.zizmor.sh
+Requires-Python: >=3.9

{zizmor-1.11.1rc1 → zizmor-1.12.1}/crates/github-actions-expressions/Cargo.toml

@@ -2,7 +2,7 @@
 name = "github-actions-expressions"
 description = "GitHub Actions expression parser and data types"
 repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-expressions"
-version = "0.0.8"
+version = "0.0.9"
 readme = "README.md"
 
 homepage.workspace = true
@@ -15,9 +15,10 @@ workspace = true
 
 [dependencies]
 anyhow.workspace = true
+itertools.workspace = true
 pest.workspace = true
 pest_derive.workspace = true
-itertools.workspace = true
+subfeature.workspace = true
 
 [dev-dependencies]
 pretty_assertions.workspace = true

{zizmor-1.11.1rc1 → zizmor-1.12.1}/crates/github-actions-expressions/README.md

@@ -1,5 +1,6 @@
 # github-actions-expressions
 
+[![zizmor](https://img.shields.io/badge/%F0%9F%8C%88-zizmor-white?labelColor=white)](https://zizmor.sh/)
 [![CI](https://github.com/zizmorcore/zizmor/actions/workflows/ci.yml/badge.svg)](https://github.com/zizmorcore/zizmor/actions/workflows/ci.yml)
 [![Crates.io](https://img.shields.io/crates/v/github-actions-expressions)](https://crates.io/crates/github-actions-expressions)
 [![docs.rs](https://img.shields.io/docsrs/github-actions-expressions)](https://docs.rs/github-actions-expressions)
@@ -13,4 +14,4 @@ See the [documentation] for more details.
 This library is part of [zizmor].
 
 [documentation]: https://docs.rs/github-actions-expressions
-[zizmor]: https://docs.zizmor.sh
+[zizmor]: https://zizmor.sh