Skip to content

v1.2.0 - cargo-deny 0.8.1

Marketplace
Marketplace
Compare
Choose a tag to compare
@Jake-Shadle Jake-Shadle released this 21 Oct 09:59
· 77 commits to main since this release
1.2.0
73a3bfe
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

  • PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee!
  • PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @Stupremee!
  • PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee!
  • PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
  • PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

  • advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
  • advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
  • PR#274 resolved #115 by normalizing git urls. Thanks @senden9!

Fixed

  • #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
  • PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
  • PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
  • PR#297 fixed a couple of diagnostics to have codes.
  • PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!
Assets 2
Loading