Releases: EmbarkStudios/cargo-deny
Releases Β· EmbarkStudios/cargo-deny
0.8.1
Fixed
- PR#297 fixed a couple of diagnostics to have codes.
- PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!
0.8.0
Added
- PR#238 resolved #225 by adding a
wrappersfield to[bans.deny]entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee! - PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the
advisorycheck. Thanks @Stupremee! - PR#243 resolved #54 by adding support for compiling and using
cargocrate directly via thestandalonefeature. This allowscargo-denyto be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee! - PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
- PR#262 added the
fixsubcommand, which was added to bringcargo-denyto feature parity withcargo-auditso that it can take over forcargo-auditas the official frontend for the the RustSec Advisory Database.
Changed
advisories.db-urlhas been deprecated in favor ofadvisories.db-urlssince multiple databses are now supported.advisories.db-pathis now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how.cargo/registry/indexdirectories work.- PR#274 resolved #115 by normalizing git urls. Thanks @senden9!
Fixed
- #265 A transitive dependency (
smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision. - PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
- PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
0.7.3
0.7.2
0.7.1
Fixed
- Fix issue due to incompatible semver versioning with relation to...the semver crate.
0.7.0
Added
- Resolved #137 by adding a
--format <human|json>option. All diagnostic and log messages from thechecksubcommand respect this flag.
Changed
- Resolved #216 by adding support for the
--all-features,--features, and--no-default-featuresflags to specify the exact features to have enabled when gathering the crates in your dependency graph to actually run checks against. This is a BREAKING CHANGE as previously crates were gathered with--all-features. - The
--coloroption for thelistsubcommand has been moved to the top level arguments.
Removed
- The
--contextoption , which was deprecated in0.6.3, has been removed.
Fixed
- Resolved #211 by adding a top-level
--color <auto|always|never>option, if stderr is not a TTY orneveris passed, no colors will be present in the output stream.
0.6.8
Added
- A one line summary of the state of each check is now output at the very end of the
checksubcommand unless the--log-levelisoff. If the--log-levelisinfoor higher, a summary of the state, errors, warnings, and notes for each check are outputted on their own line instead. - Added the
-s | --show-statsflag to thechecksubcommand, which will print out the more detailed summary, regardless of the--log-level.
Changed
- Updated crates.
- Updated
cfg-expr, which should allow for filtering of crates for most custom targets that aren't built-in to rustc.
0.6.7
0.6.6
Changed
- Updated crates. Mainly to force a new version because the Windows release messed up. Yay!
0.6.5
Added
- Added a
fetchsubcommand that can be used to fetch external data, currently the crates.io index and the configured advisory database
Changed
- Upgraded to rustsec 0.18.0, which slighly reworks how yanked crate detection is done