Releases: EmbarkStudios/cargo-deny
Releases Β· EmbarkStudios/cargo-deny
Release 0.13.0
Added
- PR#434 together with PR#461 resolved #206 and #226 by adding support for checking the feature sets enabled for crates. See the docs for configuration options. Thanks @Stupremee!
- PR#464 added the
-A, --allow
,-D, --deny
and-W, --warn
options to thecheck
subcommand. This allows one to override the severity level of both specific diagnostics, eg.-D unmaintained
would fail if there was an unmaintained dependency, even ifadvisories.unmaintained
wasallow
orwarn
. One can also change an entire severity itself, the typical case being-D warnings
to upgrade all warnings to errors. Resolved #454. - PR#466 added the
all-features
,no-default-features
,features
, andfeature-depth
configuration options, allowing configuration of features so that one doesn't need to always specify them via the command line.
Changed
- PR#447 add more details to the diagnostic reported when a
bans.skip
crate was not located in the graph. Thanks @daviddrysdale! - PR#464 changed all error codes from the previous rustc style eg.
B001
style to more clippy style descriptive names, eg.banned
, resolving #61.
Fixed
Release 0.12.2
Added
- PR#431 resolved #19 by adding support for an allow list for build scripts, allowing a project to opt in (or deny completely) build scripts on a case by case basis rather than blanket allowing all build scripts. See the
bans.allow-build-scripts
config option for more details. Thanks @Stupremee!
Fixed
- PR#430 fixed an issue where local/git crates could be flagged as "yanked" if they shared a name and version with a crates.io crate that was yanked from the registry, resolving #441 before it was even opened. Thanks @khuey!
- PR#440 fixed #438 by ensuring git cli output was piped properly rather than polluting the output of cargo-deny itself.
- PR#443 fixed #442 by removing the signature check on the HEAD commit an advisory databases. This check didn't add meaningful security and could cause spurious failures if an unsigned commit was pushed to an advisory database.
Changed
Release 0.12.1
Release 0.12.0
Removed
- PR#423 removed the
fix
subcommand. This functionality was far too complicated for far too little benefit.
Fixed
- PR#420 resolved #388 by adding the ability to fetch advisory databases via the
git
CLI. Thanks @danielhaap83! - PR#422 fixed #380 and #410 by updating a few transitive dependencies that use
git2
, as well as removing the usage ofrustsec
'sgit
feature so that we now usegit2 v0.14
, resolving a crash issue in newlibgit2
versions available in eg. rolling release distros such as Arch. This should also make it easier to update and improve git related functionality since more of it is inside cargo-deny itself now. - PR#424 really fixed (there's even a test now!) #384 by adding each version's reverse dependency graph in the ascending order.
Release 0.11.4
Fixed
- PR#414 resolved #484 by always sorting crates with the same name by their version so they are always deterministically sorted. Thanks @Veykril!
- PR#418 fixed an issue where duplicate crate versions would not be detected if the crate was sorted last in the crate graph.
Changed
- PR#415 updated dependencies, notably
regex
to fix RUSTSEC-2022-0013.
Release 0.11.3
Release 0.11.2
Changed
- PR#403 added support for the
CARGO_TERM_COLOR
environment variable. Thanks @svenstaro! - PR#404 updated dependencies.
Fixed
Release 0.11.1
Added
- PR#391 resolved #344 by adding
[licenses.ignore-sources]
to ignore license checking for crates sourced from 1 or more specified registries. Thanks @ShellWowza! - PR#396 resolved #366 by also looking for
.deny.toml
in addition todeny.toml
if a config file is not specified.
Changed
- PR#392 updated all dependencies.
Fixed
- PR#393 resolved #371 by changing the default for version requirements specified in config files to accept all versions, rather than using the almost-but-not-quite default of
*
. - PR#394 resolved #147 by ignore all private crates, not only the ones in the workspace.
- PR#395 resolved #375 by fixing a potential infinite loop when using
[bans.skip-tree]
.
Release 0.11.0
Changed
- PR#382 updated dependencies and bumped the Minimum Stable Rust Version to 1.56.1.
Release 0.10.3
Changed
- PR#379 updated
askalono
which got rid of thefailure
dependency, which was pulling in a lot of additional crates that are now gone.