v1.2.2 - cargo-deny 0.8.4

Changed

• Updated dependencies, notably rustsec, crossbeam*, and cargo.
• Bumped the Minimum Stable Rust Version to 1.44.1.

v1.2.1 - cargo-deny 0.8.1

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

• PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee!
• PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @Stupremee!
• PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee!
• PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
• PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

• advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
• advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
• PR#274 resolved #115 by normalizing git urls. Thanks @senden9!

Fixed

• #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
• PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
• PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
• PR#297 fixed a couple of diagnostics to have codes.
• PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!

v1.2.0 - cargo-deny 0.8.1

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

• PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @Stupremee!
• PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @Stupremee!
• PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @Stupremee!
• PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
• PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

• advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
• advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
• PR#274 resolved #115 by normalizing git urls. Thanks @senden9!

Fixed

• #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
• PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
• PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @khodzha!
• PR#297 fixed a couple of diagnostics to have codes.
• PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @tomasfarias!

v1.1.0 - cargo-deny 0.7.2

Upgrade to cargo-deny 0.7.2.

This adds a new arguments input to the action to be able to pass arbitrary arguments to cargo-deny. The default is --all-features to keep the same behavior with previous v1 action.

v1.0.1 - cargo-deny 0.6.7

Upgrade to cargo-deny 0.6.7.

v1.0.0

First published stable version of this action!

Uses cargo-deny 0.6.6.

The action can be used either as v1 (recommended, get compatible upgrades) or v1.0.0 (pin to this exact version)