chore(deps)(deps): bump clap from 4.5.40 to 4.5.53

[dependabot]

Bumps clap from 4.5.40 to 4.5.53.

Release notes

Sourced from clap's releases.

v4.5.53

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

v4.5.52

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

... (truncated)

Commits

• 3716f9f chore: Release
• 613b69a docs: Update changelog
• d117f7a Merge pull request #6028 from epage/arg
• cb8255d feat(builder): Allow quoted id's for arg macro
• 1036060 Merge pull request #6025 from AldaronLau/typos-in-faq
• 2fcafc0 docs: Fix minor grammar issues in FAQ
• a380b65 Merge pull request #6023 from epage/template
• 4d7ab14 chore: Update from _rust/main template
• b8a7ea4 chore(deps): Update Rust Stable to v1.87 (#18)
• f9842b3 chore: Avoid MSRV problems out of the box
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: Missing GitHub repository secret**

What I found

This is a classic "missing secret" problem. The CI workflow at .github/workflows/claude-code-review.yml uses the anthropics/claude-code-action@v1 action, which needs either an ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN to talk to the Anthropic API.

The workflow references ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} on line 38, but that secret doesn't exist in the repo's settings. When the action runs, it gets an empty value and throws:

Environment variable validation failed:
- Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

Important: The actual PR changes (bumping clap from 4.5.40 to 4.5.53) are perfectly fine. This is just a routine Rust dependency update that has nothing to do with the failure. The CI would fail on any PR right now because of the missing secret.

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: with code changes.**

What I found

Looking at the CI logs, I can see the error clearly:

##[error]Action failed with error: Error: Environment variable validation failed:
  - Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

Root Cause

The CI failure is in the claude-review workflow which requires an ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN secret to run the Claude Code action. This is a secret/token issue, not a code issue.

Fix

UNFIXABLE with code changes.

This PR is a simple Dependabot dependency bump (clap 4.5.40 → 4.5.53) and the actual code changes are fine. The CI failure is because:

1. The claude-code-review.yml workflow uses anthropics/claude-code-action@v1
2. This action requires either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN to be set as a secret
3. Dependabot PRs run with limited secret access for security reasons - they cannot access repository secrets

To fix this, the repo maintainer needs to either:

1. Configure the ANTHROPIC_API_KEY secret to be available to Dependabot (not recommended for security)
2. Skip the claude-review workflow for Dependabot PRs by adding a condition like:

   if: github.actor != 'dependabot[bot]'

3. Manually approve/merge this Dependabot PR since the actual code change (clap version bump) is trivial and safe

The dependency update itself in Cargo.toml and Cargo.lock is perfectly valid and doesn't require any code fixes.

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!