Releases: EmbarkStudios/cargo-deny
Releases Β· EmbarkStudios/cargo-deny
Release 0.14.10
Release 0.14.9
Release 0.14.8
Release 0.14.7
Release 0.14.6
Fixed
- PR#590 updated
krates
to fix an issue with crates that directly have a dependency on 2 or more versions of the same crate.
Added
- PR#590 resolved #405 by emitting warnings when a
wrapper
crate for a banned crate does not have a dependency on that crate.
Changed
- PR#591 updated
gix
andtame-index
.
Release 0.14.5
Release 0.14.4
Release 0.14.3
Fixed
- PR#566 updated
tame-index
to obtain support OS file locking, resolving #537. This change means that cargo-deny should not encounter issues such as those described here since we no longer usegix::lock
locking advisory databases, and makes reading the crates.io index safer by respecting the lock used by cargo itself.
Release 0.14.2
Added
- PR#545 added the ability to specify additional license exceptions via additional configuration files.
- PR#549 added the
bans.build
configuration option, opting in to checking for file extensions, native executables, and interpreted scripts. This resolved #43.
Changed
- PR#557 introduced changes to how
dev-dependencies
are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking formultiple-versions
violations. This can be re-enabled via thebans.multiple-versions-include-dev
config field. Additionally, licenses are no longer checked fordev-dependencies
, but can be re-enabled vialicenses.include-dev
the config field.dev-dependencies
can also be completely disabled altogether, but this applies to all checks, includingadvisories
andsources
, so is not enabled by default. This behavior can be enabled by using theexclude-dev
field, or the--exclude-dev
command line flag. This change resolved #322, #329, #413 and #497.
Fixed
- PR#549 fixed #548 by correctly locating cargo registry indices from an git ssh url.
- PR#549 fixed #552 by correctly handling signal interrupts and removing the advisory-dbs lock file.
- PR#549 fixed #553 by adding the
native-certs
feature flag that can enable the OS native certificate store.
Deprecated
- PR#549 moved
bans.allow-build-scripts
tobans.build.allow-build-scripts
.bans.allow-build-scripts
is still supported, but emits a warning.
Release 0.14.1
Fixed
- PR#544 updated dependencies, notably
tame-index 0.2.5
which fixed this issue
Changed
- PR#538 resolved #483 by emitting exit codes as a bitset of the individual checks that failed, allowing scripts to handle checks separately from a single run. This could affect users who check exactly for the exit code being 1, as that will now only be emitted if the
advisories
, but no other, check fails.