Release 0.12.1

Fixed

• PR#426 fixed an oversight in PR#422, fully resolving #412 by allowing both https and ssh URLs for advisory databases. Thanks @jbg!

Changed

• PR#427 updated dependencies.

Release 0.12.0

Removed

• PR#423 removed the fix subcommand. This functionality was far too complicated for far too little benefit.

Fixed

• PR#420 resolved #388 by adding the ability to fetch advisory databases via the git CLI. Thanks @danielhaap83!
• PR#422 fixed #380 and #410 by updating a few transitive dependencies that use git2, as well as removing the usage of rustsec's git feature so that we now use git2 v0.14, resolving a crash issue in new libgit2 versions available in eg. rolling release distros such as Arch. This should also make it easier to update and improve git related functionality since more of it is inside cargo-deny itself now.
• PR#424 really fixed (there's even a test now!) #384 by adding each version's reverse dependency graph in the ascending order.

Release 0.11.4

Fixed

• PR#414 resolved #484 by always sorting crates with the same name by their version so they are always deterministically sorted. Thanks @Veykril!
• PR#418 fixed an issue where duplicate crate versions would not be detected if the crate was sorted last in the crate graph.

Changed

• PR#415 updated dependencies, notably regex to fix RUSTSEC-2022-0013.

Release 0.11.3

Fixed

• PR#407 resolved #406 by always checking license exceptions first.

Release 0.11.2

Changed

• PR#403 added support for the CARGO_TERM_COLOR environment variable. Thanks @svenstaro!
• PR#404 updated dependencies.

Fixed

• PR#398 resolved #135 by making [licenses.exceptions] additive to the global allow list. Thanks @senden9!
• PR#404 resolved #401 by trimming quotes from spans before serializing them as JSON.
• PR#404 resolved #402 by updating crossbeam-utils to a non-yanked version.

Release 0.11.1

Added

• PR#391 resolved #344 by adding [licenses.ignore-sources] to ignore license checking for crates sourced from 1 or more specified registries. Thanks @ShellWowza!
• PR#396 resolved #366 by also looking for .deny.toml in addition to deny.toml if a config file is not specified.

Changed

• PR#392 updated all dependencies.

Fixed

• PR#393 resolved #371 by changing the default for version requirements specified in config files to accept all versions, rather than using the almost-but-not-quite default of *.
• PR#394 resolved #147 by ignore all private crates, not only the ones in the workspace.
• PR#395 resolved #375 by fixing a potential infinite loop when using [bans.skip-tree].

Release 0.11.0

Changed

• PR#382 updated dependencies and bumped the Minimum Stable Rust Version to 1.56.1.

Release 0.10.3

Changed

• PR#379 updated askalono which got rid of the failure dependency, which was pulling in a lot of additional crates that are now gone.

Fixed

• PR#379 fixed #378 which was an edge case where the sources check was executed against a crate that didn't use any crates from crates.io, and the config file was shorter than the crates.io URL.

Release 0.10.2

Fixed

• PR#376 fixed the JSON formatting when using --format json output option. Thanks @dnaka91!

Changed

• PR#377 updated dependencies.

Release 0.10.1

Fixed

• PR#347 resolved #372 by correcting a slight mistake that resulted in an incorrect hash making cargo-deny unable to lookup index or crate information from the local file system.