Skip to content

Release 1.5.5 - cargo-deny 0.14.2

Compare
Choose a tag to compare
@Jake-Shadle Jake-Shadle released this 27 Sep 09:04
· 29 commits to main since this release

Added

Changed

  • PR#557 introduced changes to how dev-dependencies are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking for multiple-versions violations. This can be re-enabled via the bans.multiple-versions-include-dev config field. Additionally, licenses are no longer checked for dev-dependencies, but can be re-enabled via licenses.include-dev the config field. dev-dependencies can also be completely disabled altogether, but this applies to all checks, including advisories and sources, so is not enabled by default. This behavior can be enabled by using the exclude-dev field, or the --exclude-dev command line flag. This change resolved #322, #329, #413 and #497.

Fixed

  • PR#549 fixed #548 by correctly locating cargo registry indices from an git ssh url.
  • PR#549 fixed #552 by correctly handling signal interrupts and removing the advisory-dbs lock file.
  • PR#549 fixed #553 by adding the native-certs feature flag that can enable the OS native certificate store.

Deprecated