Releases: EmbarkStudios/cargo-deny-action
Releases · EmbarkStudios/cargo-deny-action
v1.2.5 - cargo-deny 0.9.0
Changed
- Updated
krates
, which in turn uses an updatedcargo_metadata
which usescamino
for utf-8 paths. Rather than support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses Utf8Path/Buf, which means that non-utf-8 paths for things like your Cargo.toml manifest or license paths will no longer function. This is a breaking change, that can be reverted if it disruptive for users, but the assumption is that cargo-deny is operating on normal checkouts of rust repositories that are overwhelmingly going to be utf-8 compatible paths.
Update image
Updates the base image to rust 1.50.0 to fix issue if you pin to it via eg rust-toolchain.
v1.2.3 - cargo-deny 0.8.5
v1.2.2 - cargo-deny 0.8.4
Changed
- Updated dependencies, notably
rustsec
,crossbeam
*, andcargo
. - Bumped the Minimum Stable Rust Version to 1.44.1.
v1.2.1 - cargo-deny 0.8.1
Updates cargo-deny from 0.7.3 -> 0.8.1
Added
- PR#238 resolved #225 by adding a
wrappers
field to[bans.deny]
entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee! - PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the
advisory
check. Thanks @Stupremee! - PR#243 resolved #54 by adding support for compiling and using
cargo
crate directly via thestandalone
feature. This allowscargo-deny
to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee! - PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
- PR#262 added the
fix
subcommand, which was added to bringcargo-deny
to feature parity withcargo-audit
so that it can take over forcargo-audit
as the official frontend for the the RustSec Advisory Database.
Changed
advisories.db-url
has been deprecated in favor ofadvisories.db-urls
since multiple databses are now supported.advisories.db-path
is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how.cargo/registry/index
directories work.- PR#274 resolved #115 by normalizing git urls. Thanks @senden9!
Fixed
- #265 A transitive dependency (
smol_str
) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision. - PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
- PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
- PR#297 fixed a couple of diagnostics to have codes.
- PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!
v1.2.0 - cargo-deny 0.8.1
Updates cargo-deny from 0.7.3 -> 0.8.1
Added
- PR#238 resolved #225 by adding a
wrappers
field to[bans.deny]
entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee! - PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the
advisory
check. Thanks @Stupremee! - PR#243 resolved #54 by adding support for compiling and using
cargo
crate directly via thestandalone
feature. This allowscargo-deny
to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee! - PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
- PR#262 added the
fix
subcommand, which was added to bringcargo-deny
to feature parity withcargo-audit
so that it can take over forcargo-audit
as the official frontend for the the RustSec Advisory Database.
Changed
advisories.db-url
has been deprecated in favor ofadvisories.db-urls
since multiple databses are now supported.advisories.db-path
is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how.cargo/registry/index
directories work.- PR#274 resolved #115 by normalizing git urls. Thanks @senden9!
Fixed
- #265 A transitive dependency (
smol_str
) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision. - PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
- PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
- PR#297 fixed a couple of diagnostics to have codes.
- PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!
v1.1.0 - cargo-deny 0.7.2
Upgrade to cargo-deny
0.7.2.
This adds a new arguments
input to the action to be able to pass arbitrary arguments to cargo-deny. The default is --all-features
to keep the same behavior with previous v1 action.
v1.0.1 - cargo-deny 0.6.7
Upgrade to cargo-deny
0.6.7.
v1.0.0
First published stable version of this action!
Uses cargo-deny
0.6.6.
The action can be used either as v1
(recommended, get compatible upgrades) or v1.0.0
(pin to this exact version)