Releases: EmbarkStudios/cargo-deny-action
Releases Β· EmbarkStudios/cargo-deny-action
Release 1.5.1 - cargo-deny 0.13.8
Added
- PR#504 (though really PR#365) resolved #350 by adding the
deny-multiple-versions
field tobans.deny
entries, allowing specific crates to deny multiple versions while allowing/warning on them more generally. Thanks @leops! - PR#493 resolved #437 by also looking for deny configuration files in
.cargo
. Thanks @DJMcNab! - PR#502 resolved #500 by adding initial support for sparse indices.
Fixed
Release 1.5.0 - cargo-deny 0.13.7
Update from cargo-deny 0.13.5 to 0.13.7, apparently I missed two releases, that's embarrassing.
0.13.7
Fixed
- PR#491 resolved #490 by building libgit2 from vendored sources instead of relying on potentially outdated packages.
0.13.6
Changed
- PR#489 updated dependencies, notably
clap
,cargo
, andgit2
Added
- PR#485 added this project and repository to our Security Bug Bounty Program and has Private vulnerability reporting enabled. See
SECURITY.md
for more details. - PR#487 added
allow-wildcard-paths
, fixing #488 by allowing wildcards to be denied, but allowing them for internal, private crates. Thanks @sribich!
Fixed
- PR#489 fixed an issue where git sources where
branch=master
would be incorrectly categorized as not specifying the branch (ie use HEAD of default branch).
Release 1.4.0 - cargo-deny 0.13.5
Changed
- Updated to cargo-deny 0.13.5
v1.3.2 - cargo-deny 0.12.1
Added
- PR#54 resolved #53 by adding the
credentials
parameter for passing in a private access token to allow cargo to fetch private github repositories. Thanks @danielhaap83!
v1.3.1 - cargo-deny 0.12.1
v1.3.0 - cargo-deny 0.12.0
Removed
- PR#423 removed the
fix
subcommand. This functionality was far too complicated for far too little benefit.
Fixed
- PR#420 resolved #388 by adding the ability to fetch advisory databases via the
git
CLI. Thanks @danielhaap83! - PR#422 fixed #380 and #410 by updating a few transitive dependencies that use
git2
, as well as removing the usage ofrustsec
'sgit
feature so that we now usegit2 v0.14
, resolving a crash issue in newlibgit2
versions available in eg. rolling release distros such as Arch. This should also make it easier to update and improve git related functionality since more of it is inside cargo-deny itself now. - PR#424 really fixed (there's even a test now!) #384 by adding each version's reverse dependency graph in the ascending order.
v1.2.17 - cargo-deny 0.11.4
Changed
- PR#51 updated the image to use Rust 1.60.0 by default. Thanks @MarcoIeni!
v1.2.16 - cargo-deny 0.11.4
v1.2.15 - cargo-deny 0.11.3
Fixed
- Accidentally change how arguments were forwarded to cargo-deny which broken more complicated invocations
v1.2.14 - cargo-deny 0.11.3
Added
- Added
git
to the image, resolving #40