0.6.4

Fixed

• Resolved #131 by removing an unnecessary path canonicalization

0.6.3

Added

• Added the --manifest-path option to specify the Cargo.toml you want to use as the context for the operation to fit with how other cargo subcommands work. Takes precedence over the (deprecated) --context.
• Added the --workspace flag to give the user a workaround in cases where a manifest is both a package and a workspace.
• Added the --exclude option to allow users to explicitly remove packages from the final crate graph.

Changed

• The configuration used for the command is recursively searched for in parent directories starting in the same directory as the Cargo.toml (unless explicitly specified).
• The target list used when evaluating cfg expressions for dependencies has been updated to the list of targets supported by 1.41.0. This will give undesired behavior if you happen to use a target triple that has been removed from 1.41.0 that is available in the Rust version you have.

Fixed

• Resolved #122 by pruning the packages that are checked against the advisory database to the same set used by all other checks

Deprecated

• --context has been deprecated in favor of --manifest-path, to align cargo-deny more with all other cargo subcommands

0.6.2

Added

• Resolved #116 by adding the [licenses.default] field, which allows you to configure how to handle licenses that don't match any other predicate
• Resolved #117 by allowing the list subcommand to also use the normal configuration used by the check subcommand. Only the targets field is used, to determine which crates have their licenses listed.

0.6.1

Added

• Added [advisories.yanked] field in PR#114 for linting yanked crates.

0.6.0

Added

• Added the sources check and configuration, which allows linting of crate sources
• Resolved #63 by adding a dependency on krates, which allows us to easily filter out dependencies that don't match a target specified by the user via the targets config value.
• Resolved #75, a warning is now printed for license exceptions and allowed licenses, if they aren't encountered when checking crate license information.
• Resolved #50, private workspace members (anything that is not published publicly) can now be ignored during the license check.

Changed

• Resolved #85 by changing the max column width from 120 to 80 and reformatting some of the help text for the CLI.
• Resolved #109 by only printing a single diagnostic message for each set of duplicate version

Fixed

• Fixed #96 by allowing expansion of '~' rooted paths for the [advisories.db-path] configuration variable.

0.5.2

Added

• Resolved #53 by adding [licenses.exceptions], which lets you allow 1 or more licenses only for a particular crate. Thanks for reporting @iliana!

0.5.1

Fixed

• Fixed issue where both --manifest-path and working directory were set when executing cargo-metadata, causing it to fail if a executed in a subdirectory.

0.5.0

Added

• Added the advisories check and configuration section for checking crates against an advisory database to detect security vulnerabilities, unmaintained crates, and crates with security notices
• A warning will now be emitted if a crate that isn't in the graph is specified in [bans.skip-tree]

Fixed

• PR#58 Fixed #55 to handle license requirements for GPL, AGPL, LGPL, and GFDL better. Thanks for reporting @pikajude!
• PR#62 Fixed #56, the [metadata] section in Cargo.lock is now gone in nightly to improve merging, the previous reporting mechanism that required this section has been reworked.

Changed

• The check subcommand now takes multiple values eg cargo deny check bans advisories
• Specifying either cargo deny check or cargo deny check all will now run the additional advisories check
• Previously, if you hadn't specified the [licenses] or [bans] section then running that check would have done nothing. Now if any section (including [advisories]) is not specified, the default configuration will be used.

Deprecated

• check ban has been deprecated in favor of check bans
• check license has been deprecated in favor of check licenses

0.4.2

Added

• PR#48 Added an init subcommand to generate a cargo-deny template file with guiding comments. Thanks @foresterre!

0.4.1

Fixed

• PR#46 Fixed issue where license-file was not being turned into an absolute path like the normal license file scanning, causing a crash. Thanks @foresterre!
• Fixed an out of bounds panic when skipping a crate which wasn't present in the crate graph, that would have been sorted last if it had existed