Skip to content

Releases: EmbarkStudios/cargo-deny

Release 0.14.10

24 Jan 16:17
Compare
Choose a tag to compare

Fixed

Release 0.14.9

24 Jan 07:58
Compare
Choose a tag to compare

Fixed

Release 0.14.8

22 Jan 16:41
Compare
Choose a tag to compare

Fixed

Release 0.14.7

22 Jan 10:43
Compare
Choose a tag to compare

Fixed

Release 0.14.6

21 Jan 15:53
Compare
Choose a tag to compare

Fixed

  • PR#590 updated krates to fix an issue with crates that directly have a dependency on 2 or more versions of the same crate.

Added

  • PR#590 resolved #405 by emitting warnings when a wrapper crate for a banned crate does not have a dependency on that crate.

Changed

  • PR#591 updated gix and tame-index.

Release 0.14.5

20 Jan 06:41
Compare
Choose a tag to compare

Fixed

  • PR#588 resolved an issue introduced in [0.14.4] where features that reference dev-only dependencies in non-workspace crates would cause a panic.

Release 0.14.4

19 Jan 21:20
Compare
Choose a tag to compare

Fixed

Release 0.14.3

29 Sep 13:49
Compare
Choose a tag to compare

Fixed

  • PR#566 updated tame-index to obtain support OS file locking, resolving #537. This change means that cargo-deny should not encounter issues such as those described here since we no longer use gix::lock locking advisory databases, and makes reading the crates.io index safer by respecting the lock used by cargo itself.

Release 0.14.2

04 Sep 09:57
Compare
Choose a tag to compare

Added

Changed

  • PR#557 introduced changes to how dev-dependencies are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking for multiple-versions violations. This can be re-enabled via the bans.multiple-versions-include-dev config field. Additionally, licenses are no longer checked for dev-dependencies, but can be re-enabled via licenses.include-dev the config field. dev-dependencies can also be completely disabled altogether, but this applies to all checks, including advisories and sources, so is not enabled by default. This behavior can be enabled by using the exclude-dev field, or the --exclude-dev command line flag. This change resolved #322, #329, #413 and #497.

Fixed

  • PR#549 fixed #548 by correctly locating cargo registry indices from an git ssh url.
  • PR#549 fixed #552 by correctly handling signal interrupts and removing the advisory-dbs lock file.
  • PR#549 fixed #553 by adding the native-certs feature flag that can enable the OS native certificate store.

Deprecated

Release 0.14.1

02 Aug 15:42
Compare
Choose a tag to compare

Fixed

Changed

  • PR#538 resolved #483 by emitting exit codes as a bitset of the individual checks that failed, allowing scripts to handle checks separately from a single run. This could affect users who check exactly for the exit code being 1, as that will now only be emitted if the advisories, but no other, check fails.