Release 1.5.1 - cargo-deny 0.13.8

Added

• PR#504 (though really PR#365) resolved #350 by adding the deny-multiple-versions field to bans.deny entries, allowing specific crates to deny multiple versions while allowing/warning on them more generally. Thanks @leops!
• PR#493 resolved #437 by also looking for deny configuration files in .cargo. Thanks @DJMcNab!
• PR#502 resolved #500 by adding initial support for sparse indices.

Fixed

• PR#503 resolved #498 by falling back to more lax parsing of the SPDX expression of crate if fails to parse according to the stricter but more correct rules.

Release 1.5.0 - cargo-deny 0.13.7

Update from cargo-deny 0.13.5 to 0.13.7, apparently I missed two releases, that's embarrassing.

0.13.7

Fixed

• PR#491 resolved #490 by building libgit2 from vendored sources instead of relying on potentially outdated packages.

0.13.6

Changed

• PR#489 updated dependencies, notably clap, cargo, and git2

Added

• PR#485 added this project and repository to our Security Bug Bounty Program and has Private vulnerability reporting enabled. See SECURITY.md for more details.
• PR#487 added allow-wildcard-paths, fixing #488 by allowing wildcards to be denied, but allowing them for internal, private crates. Thanks @sribich!

Fixed

• PR#489 fixed an issue where git sources where branch=master would be incorrectly categorized as not specifying the branch (ie use HEAD of default branch).

Release 1.4.0 - cargo-deny 0.13.5

Changed

• Updated to cargo-deny 0.13.5

v1.3.2 - cargo-deny 0.12.1

Added

• PR#54 resolved #53 by adding the credentials parameter for passing in a private access token to allow cargo to fetch private github repositories. Thanks @danielhaap83!

v1.3.1 - cargo-deny 0.12.1

Fixed

• PR#426 fixed an oversight in PR#422, fully resolving #412 by allowing both https and ssh URLs for advisory databases. Thanks @jbg!

Changed

• PR#427 updated dependencies.

v1.3.0 - cargo-deny 0.12.0

Removed

• PR#423 removed the fix subcommand. This functionality was far too complicated for far too little benefit.

Fixed

• PR#420 resolved #388 by adding the ability to fetch advisory databases via the git CLI. Thanks @danielhaap83!
• PR#422 fixed #380 and #410 by updating a few transitive dependencies that use git2, as well as removing the usage of rustsec's git feature so that we now use git2 v0.14, resolving a crash issue in new libgit2 versions available in eg. rolling release distros such as Arch. This should also make it easier to update and improve git related functionality since more of it is inside cargo-deny itself now.
• PR#424 really fixed (there's even a test now!) #384 by adding each version's reverse dependency graph in the ascending order.

v1.2.17 - cargo-deny 0.11.4

Changed

• PR#51 updated the image to use Rust 1.60.0 by default. Thanks @MarcoIeni!

v1.2.16 - cargo-deny 0.11.4

Added

• PR#49 added the command-arguments option to the action. Thanks @ryo33!

v1.2.15 - cargo-deny 0.11.3

Fixed

• Accidentally change how arguments were forwarded to cargo-deny which broken more complicated invocations

v1.2.14 - cargo-deny 0.11.3

Added

• Added git to the image, resolving #40