Skip to content

Releases: EmbarkStudios/cargo-deny-action

v1.2.5 - cargo-deny 0.9.0

11 Mar 11:52
Compare
Choose a tag to compare

Changed

  • Updated krates, which in turn uses an updated cargo_metadata which uses camino for utf-8 paths. Rather than support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses Utf8Path/Buf, which means that non-utf-8 paths for things like your Cargo.toml manifest or license paths will no longer function. This is a breaking change, that can be reverted if it disruptive for users, but the assumption is that cargo-deny is operating on normal checkouts of rust repositories that are overwhelmingly going to be utf-8 compatible paths.

Update image

15 Feb 11:03
5056f9f
Compare
Choose a tag to compare

Updates the base image to rust 1.50.0 to fix issue if you pin to it via eg rust-toolchain.

v1.2.3 - cargo-deny 0.8.5

16 Dec 09:55
ccf4547
Compare
Choose a tag to compare

Added

  • PR#315 resolved #312 by adding support for excluding packages in the deny configuration file, in addition to the existing support for the --exclude CLI option. Thanks @luser!

Fixed

  • PR#318 fixed #316 by adding a workaround for crate versions with pre-release identifiers in them that could be erroneously marked as matching advisories in an advisory database. Thanks for reporting this @djc!

v1.2.2 - cargo-deny 0.8.4

16 Dec 09:50
1fc3139
Compare
Choose a tag to compare

Changed

  • Updated dependencies, notably rustsec, crossbeam*, and cargo.
  • Bumped the Minimum Stable Rust Version to 1.44.1.

v1.2.1 - cargo-deny 0.8.1

21 Oct 16:33
6f5346b
Compare
Choose a tag to compare

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

  • PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee!
  • PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @Stupremee!
  • PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee!
  • PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
  • PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

  • advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
  • advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
  • PR#274 resolved #115 by normalizing git urls. Thanks @senden9!

Fixed

  • #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
  • PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
  • PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
  • PR#297 fixed a couple of diagnostics to have codes.
  • PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!

v1.2.0 - cargo-deny 0.8.1

21 Oct 09:59
73a3bfe
Compare
Choose a tag to compare

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

  • PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee!
  • PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @Stupremee!
  • PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee!
  • PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
  • PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

  • advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
  • advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
  • PR#274 resolved #115 by normalizing git urls. Thanks @senden9!

Fixed

  • #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
  • PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
  • PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
  • PR#297 fixed a couple of diagnostics to have codes.
  • PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!

v1.1.0 - cargo-deny 0.7.2

26 Aug 12:38
3187ba4
Compare
Choose a tag to compare

Upgrade to cargo-deny 0.7.2.

This adds a new arguments input to the action to be able to pass arbitrary arguments to cargo-deny. The default is --all-features to keep the same behavior with previous v1 action.

v1.0.1 - cargo-deny 0.6.7

03 May 11:38
c3a1c27
Compare
Choose a tag to compare

v1.0.0

30 Apr 17:50
Compare
Choose a tag to compare

First published stable version of this action!

Uses cargo-deny 0.6.6.

The action can be used either as v1 (recommended, get compatible upgrades) or v1.0.0 (pin to this exact version)