All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased - ReleaseDate
0.25.9 - 2024-05-19
crevettetool forcargo-crevtocargo-vetexportcargo crev review --diffsuggests a URL for viewing a diffcargo crev reviewremembers the lastcargo crev opencrate.
- Added
--directflag to trust paramaters to use only directly trusted Ids - Added command "proof reissue" to reissue reviews under a different id. The original proof will be referenced in the new proof under the "original:" field
- Fix crash on systems with libgit2 v1.4
- Fix the
crate cleanworking directory check. - Fix the
crate reviewworking directory check.
0.23.0 - 2022-01-22
- Ignore cargo directory source replacements - this essentially ignores
cargo vendorandcargo crevwill not read vendored sources - Proofs moved from the config directory (e.g. ~/.config/crev/proofs) to the data directory (e.g. ~/.local/share/crev/proofs).
- Added command
config data-dir. - Added command
config cache-dir. crate verify: better column width detection- Better broken pipe errors handling
- Fix
verify --no-dev-dependenciesbeing ignored - Deprecate
--no-dev-dependencies. Make it the default. Introduce--dev-dependenciesinstead. - Fix binary releases by switching to Github Actions
- Make
crate {goto,dir,open,expand}assume-uoutside of an existing Rust project. - Introduce trust and package review "overrides" which allow overriding (ignoring) specific trust / package review
- Add
cargo crev wot logto help understand your WoT.
0.22.2 - 2022-01-11
- Use
cargo-releaseto make our release process more reasonable. - Display better diagnostics for any digest mismatch.
- Fix interactive use of
trustandid trustto actually read the proofs edited
0.21.1 - 2020-05-29
- Lots of minor improvements
- We're really sorry, but it takes a considerable effort to maintain a clean CHANGELOG for a project still going through a lot of smaller and bigger changes.
0.18.0 - 2020-04-29
- Faster fetching on
repo fetch ... - Fix
verifyreporting missing user dir
0.17.0 - 2020-04-29
- user interface now exposes distinction between URLs self-reported by an owner
of a Crev Id, and unverified URLs reported about others.
id query alldisplays whether URLs have been verified to belong to their Crev Id:==signed and verified,~=signed but not fetched,??reported by others only.id trustpropagates only URLs signed by their own Crev Id.
repo fetch urlreports which Crev Ids belong to the repo (have the same URL) and which were copied from other repos.
0.16.1 - 2020-02-11
- Fix default
featuresnot recognized in some crates
0.16.0 - 2020-02-11
- Support for new cargo lockfile version
0.15.0 - 2020-01-14
crate verifyno longer hangs on unpublished local crates- Use effective instead of direct trust in WoT graph calculations
- Make most columns in
crate verifyoptional with--show-xyzoptions. - Added some helpful informative messages.
0.14.0 - 2019-12-16
crate verifyperformance for local cratescargo installworks without--lockedflag
alternativesare reported in both source and destination
0.13.0 - 2019-11-26
- Handle local packages more consistently
commentfield serialization in trust proofscrate verifyreturn code- Stale documentation
0.12.0 - 2019-11-19
- Comment field handling in proofs and drafts
- Documentation here and there
- Backfill
kindfield when deserializing old-format content --skip-known-ownersand--skip-verifiedreturning errors
- Add
config dirandrepo dir
0.11.0 - 2019-11-01
- Change the proof format to simplify it and allow 3rd party "kinds" of them.
The main goal is to support
git-crevproject: https://github.com/crev-dev/git-crev - Tune tokei line counts to exclude tests and examples
- Ability report the crate as unmaintained and/or list alternatives to it
--targettocrate verifyto ignore crates not compiled on the given (default: current) target--for-idforcargo crev repo fetch trusted- Autocompletion generation with
config completions crate infosubcommand to get some detailed info for a single dependency
- Stale old-syntax commands in documentation
- Minor help messages
0.10.1 - 2019-10-13
- Fixed "Getting Started" documentation module
- Updated dependencies
- Fixed minor bugs & some QoL improvements
0.10.0 - 2019-10-07
- BREAKING:
cargo crev <verb> <noun>was change tocargo crev <noun> <verb> - Introduces one letter aliases for most (all?) commands
- Commands quering proofs will now print them as a multi-object yaml document for easier parsing
- Shortened
=1.2.3inlatest_tto just=
id untrustandcrate unreviewto overwrite/clean errnous review/trust proofscrate mvpto discovering best reviewerscrate searchfor looking up best reviewed dependency candidatescrate verify --recursiveCREV_PASSPHRASE_CMDfor users ofpassand similiar- Multiple flags and arguments to narrow down
crate verifyscope - Handling of
--level <level>in many commands - "Tips and tricks" in user documentation
0.9.0 - 2019-08-26
- Performance improvement in
verify
- Fixed detailed help for
verifynot showing. - Renamed
cargo crev * idtocargo crev id *, e.g.cargo crev id new,cargo crev id export. Addedcargo crev id show. - Combined
advise,flag,reportintoreview --advisoryandreview --issue
0.8.0 - 2019-07-11
verify depswas renamed to justverify- Not saving the default draft is considered as canceling the operation.
- Revamp advisories system and add
- Statically compiled release binaries
- User Documentation, including Getting Started Guide
query dircommand- Differential reviews with
diffandreview --diffcommands - New options, particularily for
verify
0.7.0 - 2019-04-27
- Advisories (https://github.com/dpc/crev/wiki/Advisories)
cargo crev advise [name [version]]cargo crev query advisory [name [version]]
0.6.0 - 2019-04-13
- BREAKING: Switch cryptography to standard Ed25519/RFC8032. This will render
existing IDs and artificates invalid. We're sorry for that. Please recreate
your IDs, and use
cargo crev import proofto recreate your reviews.
cargo crev edit configallows interactive user config editionopen-cmdin user config for customizingcargo crev opencommandcargo crev import prooffor mass-import of proofs
0.5.0 - 2019-03-06
unsafecounts viageigercrate
0.4.0 - 2019-01-12
- This
CHANGELOG.mdfile. LICENSEfiles- Ability to work without an Id for most commands.
opencommand to help IDE users.- Tracking effective trust level in WoT.
- Distrust calculation when calculating WoT.
reviewcommand options:--print-[un]signedand-no-store.exportandimportcommands for Ids.- New column in
verify deps:lines- line counts usingtokei. - New column in
verify dpes:flags- Custom Build. verify depsoption:--for-id.- Exit status on
verify depsto make it usable in CI pipelines. - Counts of new proofs on
fetchcommands. - Effecttive trust level column in
query id trustedoutput. updatecommand.
- Windows cache folder changed from
%AppData%\Local\Dawid Ci,281,,380,arkiewicz\crevto%AppData%\Local\crev. - Windows config folder changed from
%AppData%\Roaming\Dawid Ci,281,,380,arkiewicz\crevto%AppData%\Roaming\crev. - MacOS config folder changed from
$HOME/Library/Application Support/crevto$HOME/Library/Preferences/crev. - Improve
verify depsnames and format. - Handle error messages better in many places.
- Use host-specific salt in paths of proof files, to prevent dealing with git conflicts when sharing Id between many machines
- Make newer reviews (for the same package and version) effectively overwrite older ones.
- Change
push,pull,publishto be more ID-sharing (between hosts) friendly - Rename
--independentto--unrelatedand add-uas a short version. - Avoid fetching things during normal work (helps offline use).
- Hardcode dpc's proof-repo url on
fetch allto help bootstrap the ecosystem.
- Fix
$EDITOR/$VISUALhandling, especially on Windows - Save
lanesinLockedId. Old Ids need to be fixed manually.
Changelog was not maintained for this and earlier releases