deps: bump tree-sitter from 0.25.10 to 0.26.3 in the production-dependencies group

[dependabot]

Bumps the production-dependencies group with 1 update: tree-sitter.

Updates tree-sitter from 0.25.10 to 0.26.3

Release notes

Sourced from tree-sitter's releases.

v0.26.3

What's Changed

• docs(cli): fix wrong file path for Java bindings test by @​Marcono1234 in tree-sitter/tree-sitter#5117
• ci(release): use node 24 by @​ObserverOfTime in tree-sitter/tree-sitter#5120
• build(deps): cargo update by @​clason in tree-sitter/tree-sitter#5125
• 0.26.3 by @​clason in tree-sitter/tree-sitter#5126

Full Changelog: tree-sitter/tree-sitter@v0.26.2...v0.26.3

v0.26.2

What's Changed

• build(deps): bump esbuild from 0.27.0 to 0.27.1 in /lib/binding_web in the npm group across 1 directory by @​dependabot[bot] in tree-sitter/tree-sitter#5113
• 0.26.x by @​WillLillis in tree-sitter/tree-sitter#5115

Full Changelog: tree-sitter/tree-sitter@v0.26.1...v0.26.2

v0.26.1

What's Changed

• feat(cli): specify abi version via env var by @​ObserverOfTime in tree-sitter/tree-sitter#4173
• ci: use ubuntu-22.04 for x64 builds by @​amaanq in tree-sitter/tree-sitter#4175
• fix(lib): prevent finished_tree assertion failure by @​ribru17 in tree-sitter/tree-sitter#4176
• build: do not define _POSIX_C_SOURCE on NetBSD by @​0-wiz-0 in tree-sitter/tree-sitter#4181
• fix(web): provide type in the exports by @​robertohuertasm in tree-sitter/tree-sitter#4185
• add generate crate to workspace & adjust to new clippy lints by @​amaanq in tree-sitter/tree-sitter#4192
• refactor(web): rename tree-sitter.js to web-tree-sitter.js by @​amaanq in tree-sitter/tree-sitter#4194
• feat: Windows support using MinGW-w64 by @​MisterDA in tree-sitter/tree-sitter#4201
• Fix crash when loading languages w/ old ABI via wasm by @​maxbrunsfeld in tree-sitter/tree-sitter#4210
• Ignore external tokens that are zero-length and extra by @​maxbrunsfeld in tree-sitter/tree-sitter#4213
• Reset result_symbol field of lexer in wasm memory in between invocations by @​maxbrunsfeld in tree-sitter/tree-sitter#4218
• Decrease the MSRV for the tree-sitter-language crate by @​maxbrunsfeld in tree-sitter/tree-sitter#4221
• fix(wasm): restore passing in ERROR to descendantsOfType by @​WillLillis in tree-sitter/tree-sitter#4226
• typo: but is only works → but it only works by @​hippietrail in tree-sitter/tree-sitter#4242
• adapt to new rust lints and tweak ci by @​WillLillis in tree-sitter/tree-sitter#4249
• Mark all format-like macros for Clippy by @​nyurik in tree-sitter/tree-sitter#4231
• fix symbol leak for character sets by @​polazarus in tree-sitter/tree-sitter#4255
• Fix cases where error recovery could infinite loop by @​maxbrunsfeld in tree-sitter/tree-sitter#4257
• fix(rust): adapt to new nightly lint by @​WillLillis in tree-sitter/tree-sitter#4254
• fix(lib): remove duplicate TSLanguageMetadata typedef by @​notxvilka in tree-sitter/tree-sitter#4268
• rust bindings: Add information about using WASM grammar files to README by @​lucifayr in tree-sitter/tree-sitter#4235
• Update build.zig.zon for zig master/0.14 by @​nihklas in tree-sitter/tree-sitter#4258
• fix(docs): update test command flag from -f to -i by @​jonshea in tree-sitter/tree-sitter#4263
• fix(cli): properly escape invisible characters in parse error output by @​WillLillis in tree-sitter/tree-sitter#4276
• feat(lib): quote invalid nodes, fields, and captures by @​ribru17 in tree-sitter/tree-sitter#4278
• build(deps): bump ring from 0.17.8 to 0.17.13 by @​dependabot[bot] in tree-sitter/tree-sitter#4272
• fix(build): bump version to 0.26.0 by @​clason in tree-sitter/tree-sitter#4282
• fix(xtask): error if new version supplied to xtask is less than or equal to current version by @​WillLillis in tree-sitter/tree-sitter#4287
• fix(make): make install shouldn’t fail when a parser bundles no queries by @​mavit in tree-sitter/tree-sitter#4284
• Change (Node | null)[] return types to Node[] by @​tmr232 in tree-sitter/tree-sitter#4283

... (truncated)

Commits

• cd4b6e2 0.26.3
• 8caecbc build(deps): cargo update
• 1b654ae ci(release): use node 24
• 3bd44af docs(cli): fix wrong file path for Java bindings test
• 8b81997 0.26.x
• 744e556 build(deps): bump esbuild
• 8a3dcc6 release 0.26.1
• b0afbf3 build(deps): bump wasmparser from 0.242.0 to 0.243.0 in the cargo group
• 974be3b fix(rust): specify workspace dependency of tree-sitter-language crate
• d861e2b docs(cli): list Java & Zig binding files
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/cc	1.2.49	🟢 6.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 13/18 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/find-msvc-tools	0.1.5	🟢 6.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 13/18 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde	1.0.228	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/16 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_core	1.0.228	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/16 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_derive	1.0.228	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/16 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/serde_json	1.0.145	🟢 6.8	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 6/24 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tree-sitter	0.26.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/tree-sitter	>= 0.26.0, < 0.27.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• Cargo.lock
• extractor/Cargo.toml

[aegilops]

@dependabot rebase