Skip to content

Releases: EmbarkStudios/cargo-deny

0.14.20

23 Mar 12:45
Compare
Choose a tag to compare

Fixed

  • PR#642 resolved #641 by pinning gix-transport (and its unique dependencies) to 0.41.2 as a workaround for cargo install not using the lockfile. See this issue for more information.

0.14.19

21 Mar 18:34
Compare
Choose a tag to compare

Changed

  • PR#639 updated tame-index to avoid an error if you don't used --locked.

0.14.18

21 Mar 11:31
Compare
Choose a tag to compare

Fixed

0.14.17

17 Mar 10:27
Compare
Choose a tag to compare

Changed

  • PR#631 improved the diagnostic for when the yank check fails due to some issue with retrieving or reading the index information.
  • PR#633 updated gix -> 0.60.

0.14.16

06 Mar 10:17
Compare
Choose a tag to compare

Fixed

  • PR#626 resolved #625 by explicitly checking that a license identified as Pixar was actually (probably) the Pixar license, instead of a normal Apache-2.0 license.

0.14.15

28 Feb 08:42
Compare
Choose a tag to compare

Added

  • PR#618 added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is info or higher to make the diagnostic clearer by default.

0.14.14

26 Feb 11:36
Compare
Choose a tag to compare

Fixed

  • PR#617 resolved #576 by updating the SPDX license list to 3.23.

0.14.13

24 Feb 12:45
Compare
Choose a tag to compare

Fixed

  • PR#615 fixed an issue introduced in PR#605 where the various bans diagnostic codes could not have their lint level changed via the CLI. It also introduced the deprecated diagnostic code.

0.14.12

23 Feb 15:06
Compare
Choose a tag to compare

Changed

  • PR#605 did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options.
  • PR#605 moved targets, exclude, all-features, features, no-default-features, and exclude into the [graph] table.
  • PR#605 moved feature-depth into the [output] table.

Added

  • PR#613 added support for basic shell expansion to advisories.db-path, which expands support beyond just ~ to include environment variable expansion.

Fixed

  • PR#601 resolved #600 by outputting the correct spans when a license was both allowed and denied.
  • PR#605 resolved #264 be replacing toml and serde with toml-span.
  • PR#605 resolved #539 by simplifying the very common name = "<crate_name>", version = "<requirements>" used to target specific crates into either a plain package spec string or the simpler crate = "<package spec>".
  • PR#605 resolved #578 by adding a reason = "<reason>" field to many fields within the configuration that are provided in diagnostics. [bans.deny] also has an additional use-instead = "<url/crate_name>". PR#610 did this for the advisories.ignore field.
  • PR#605 resolved #579 by allowing yanked crates to be ignored by specifying a PackageSpec in the [advisories.ignore] array.

Deprecated

  • PR#606 and PR#611 together deprecated several fields listed below. See PR#611 for how to change your config to opt-in to the new behavior that will become the default when the deprecated fields are removed in a future minor version.
    • [advisories]
      • vulnerability
      • unmaintained
      • unsound
      • notice
      • severity-threshold
    • [licenses]
      • unlicensed
      • allow-osi-fsf-free
      • copyleft
      • default
      • deny

Release 0.14.11

05 Feb 08:03
Compare
Choose a tag to compare

Fixed