Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo-deny 0.14.0 #137923

Merged
merged 2 commits into from
Jul 29, 2023
Merged

cargo-deny 0.14.0 #137923

merged 2 commits into from
Jul 29, 2023

Conversation

chenrui333
Copy link
Member

Created by brew bump

Created with brew bump-formula-pr.

release notes 
### Changed
- [PR#520] resolved [#522](https://github.com/EmbarkStudios/cargo-deny/issues/522) by completely removing all dependencies upon `git2` and `openssl`. This was done by transitioning from `git2` -> `gix` for all git operations, both directly in this crate, as well as replacing [`crates-index`](https://github.com/frewsxcv/rust-crates-index) with [`tame-index`](https://github.com/EmbarkStudios/tame-index).
- [PR#520] bumped the MSRV from `1.65.0` -> `1.70.0`
- [PR#523](https://github.com/EmbarkStudios/cargo-deny/pull/523) added "(try `cargo update -p `)" when an advisory is detected for a crate. Thanks [@Victor-N-Suadicani](https://github.com/Victor-N-Suadicani)!

Fixed


    

  • PR#520 resolved #361 by printing output when a fetch is being performed to clarify what is taking time.
    • 

  • PR#520 (possibly) resolved #435 by switching all git operations from git2 to gix.
    • 

  • PR#520 resolved #439 by using minimal refspecs for cloning and fetching all remote git repositories (indices or advisory databases) where only the remote HEAD is needed to update the local repository, regardless of the default remote branch pointed to by HEAD.
    • 

  • PR#520 resolved #446 by ensuring (and testing) that crates from non-registry sources are not checked for advisories, eg. in the case that a local crate is named and versioned the same as a crate from crates.io that has an advisory that affects it.
    • 

  • PR#520 resolved #515 by always opening the correct registry index based upon the environment.
    • 

  • PR#531 resolved #210 by adding osi and fsf options to licenses.allow-osi-fsf-free. Thanks @zkxs!
    • 

  • PR#533 resolved #521 and #524 by allowing clarifications to add files that are used to verify the license information is up to date, rather than needing to match one of the license files that was discovered.
    • 

  • PR#534 resolved #479 by improving how advisory databases are cloned and/or fetched, notably each database now uses gix's file-based locking to ensure that only one process has mutable access to an advisory database repo at a time.
    • 



Removed


    

  • PR#520 removed all features, notably standalone. This is due to cargo still being in transition from git2 -> gix and having no way to compiled without OpenSSL. Once cargo is a better state with regards to this we can add back that feature.
    •

@github-actions github-actions bot added rust Rust use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Jul 28, 2023
@chenrui333
Copy link
Member Author

@chenrui333
cargo-deny 0.14.0
326aed3 
cargo-deny: update build

relates to EmbarkStudios/cargo-deny#520 (nuke git2 + openssl)

Signed-off-by: Rui Chen <rui@chenrui.dev>
@chenrui333 chenrui333 added the ready to merge PR can be merged once CI is green label Jul 28, 2023
branchvincent
branchvincent approved these changes Jul 28, 2023
View reviewed changes
Copy link
Member

@branchvincent branchvincent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

@github-actions
Copy link
Contributor

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Jul 28, 2023
@BrewTestBot BrewTestBot added this pull request to the merge queue Jul 28, 2023
Merged via the queue into Homebrew:master with commit df8f92a Jul 29, 2023
12 checks passed
@chenrui333 chenrui333 deleted the bump-cargo-deny-0.14.0 branch January 22, 2024 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@branchvincent branchvincent branchvincent approved these changes

@github-actions github-actions[bot] github-actions approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. ready to merge PR can be merged once CI is green rust Rust use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@chenrui333 @branchvincent @BrewTestBot