Releases: EmbarkStudios/cargo-deny-action
Releases Β· EmbarkStudios/cargo-deny-action
Release 1.6.3 - cargo-deny 0.14.21
Fixed
- PR#643 resolved #629 by making the hosted git (github, gitlab, bitbucket) org/user name comparison case-insensitive. Thanks @pmnlla!
- PR#649 fixed an issue where depending on the same crate multiple times by using different
cfg()/tripletargets could cause features to be resolved incorrectly and thus crates to be not pulled into the graph used for checking.
[0.14.20] - 2024-03-23
Fixed
- PR#642 resolved #641 by pinning
gix-transport(and its unique dependencies) to 0.41.2 as a workaround forcargo installnot using the lockfile. See this issue for more information.
Release 1.6.2 - cargo-deny 0.14.19
Changed
- PR#639 updated tame-index to avoid an error if you don't used
--locked.
[0.14.18] - 2024-03-21
Fixed
[0.14.17] - 2024-03-17
Changed
v1.6.1
v1.6.0
action changes
- Color output is now always enabled so that colors show up in the action output.
0.14.15
Added
- PR#618 added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is
infoor higher to make the diagnostic clearer by default.
0.14.14
Fixed
0.14.13
Fixed
- PR#615 fixed an issue introduced in PR#605 where the various
bansdiagnostic codes could not have their lint level changed via the CLI. It also introduced thedeprecateddiagnostic code.
0.14.12
Changed
- PR#605 did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options.
- PR#605 moved
targets,exclude,all-features,features,no-default-features, andexcludeinto the[graph]table. - PR#605 moved
feature-depthinto the[output]table.
Added
- PR#613 added support for basic shell expansion to
advisories.db-path, which expands support beyond just~to include environment variable expansion.
Fixed
- PR#601 resolved #600 by outputting the correct spans when a license was both allowed and denied.
- PR#605 resolved #264 be replacing
tomlandserdewithtoml-span. - PR#605 resolved #539 by simplifying the very common
name = "<crate_name>", version = "<requirements>"used to target specific crates into either a plain package spec string or the simplercrate = "<package spec>". - PR#605 resolved #578 by adding a
reason = "<reason>"field to many fields within the configuration that are provided in diagnostics.[bans.deny]also has an additionaluse-instead = "<url/crate_name>". PR#610 did this for theadvisories.ignorefield. - PR#605 resolved #579 by allowing yanked crates to be ignored by specifying a PackageSpec in the
[advisories.ignore]array.
Deprecated
- PR#606 and PR#611 together deprecated several fields listed below. See PR#611 for how to change your config to opt-in to the new behavior that will become the default when the deprecated fields are removed in a future minor version.
[advisories]vulnerabilityunmaintainedunsoundnoticeseverity-threshold
[licenses]unlicensedallow-osi-fsf-freecopyleftdefaultdeny
Release 1.5.15 - cargo-deny 0.14.11
Fixed
- Resolved #71 that was introduced in the previous release.
Release 1.5.14 - cargo-deny 0.14.11
Added
- Added the
manifest-pathkey as a shorthand for doingarguments: --manifest-path <path>