Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo-deny 0.16.0 #179384

Merged
merged 2 commits into from
Aug 2, 2024
Merged

cargo-deny 0.16.0 #179384

merged 2 commits into from
Aug 2, 2024

Conversation

BrewTestBot
Copy link
Member

Created by brew bump

Created with brew bump-formula-pr.

release notes 
### Removed
- [PR#681](https://github.com/EmbarkStudios/cargo-deny/pull/681) finished the deprecation introduced in [PR#611](https://github.com/EmbarkStudios/cargo-deny/pull/611), making the usage of the deprecated fields into errors.

[advisories]


The following fields have all been removed in favor of denying all advisories by default. To ignore an advisory the ignore field can be used as before.


    

  • vulnerability - Vulnerability advisories are now deny by default
    • 

  • unmaintained - Unmaintained advisories are now deny by default
    • 

  • unsound - Unsound advisories are now deny by default
    • 

  • notice - Notice advisories are now deny by default
    • 

  • severity-threshold - The severity of vulnerabilities is now irrelevant
    • 



[licenses]


The following fields have all been removed in favor of denying all licenses that are not explicitly allowed via either allow or exceptions.


    

  • unlicensed - Crates whose license(s) cannot be confidently determined are now always errors. The clarify field can be used to help cargo-deny determine the license.
    • 

  • allow-osi-fsf-free - The OSI/FSF Free attributes are now irrelevant, only whether it is explicitly allowed.
    • 

  • copyleft - The copyleft attribute is now irrelevant, only whether it is explicitly allowed.
    • 

  • default - The default is now deny.
    • 

  • deny - All licenses are now denied by default, this field added nothing.
    • 



Changed


    

  • PR#685 follows up on PR#673, moving the fields that were added to their own separate bans.workspace-dependencies section. This is an unannounced breaking change but is fairly minor and 0.15.0 was never released on github actions so the amount of people affected by this will be (hopefully) small. This also makes the workspace duplicate detection off by default since the field is optional, but makes it so that if not specified workspace duplicates are now deny instead of warn.
    • 



Fixed


    

  • PR#685 resolved #682 by adding the include-path-dependencies field, allowing path dependencies to be ignored if it is false.

@github-actions github-actions bot added rust Rust use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Aug 2, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 2, 2024

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Aug 2, 2024
@BrewTestBot BrewTestBot added this pull request to the merge queue Aug 2, 2024
Merged via the queue into master with commit 996710e Aug 2, 2024
15 checks passed
@BrewTestBot BrewTestBot deleted the bump-cargo-deny-0.16.0 branch August 2, 2024 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenrui333 chenrui333 chenrui333 approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. rust Rust use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BrewTestBot @chenrui333