v0.1.4

Release v0.1.4 — see CHANGELOG.md for details.

v0.1.3

Fixed

• close_position rejected with validation.null-not-allowed.request.
  IG silently drops the body of real DELETE requests, so every
  required field on ClosePositionRequest was reported as null. The
  transport now mirrors the official Python trading-ig client and
  rewrites body-carrying DELETEs as POST with an _method: DELETE
  header. Bodyless DELETEs (session logout, watchlists delete,
  workingorders delete) are untouched. Validated live on a demo
  account: position fully closed, expected P/L confirmed.
• Defence in depth: ClosePositionRequest now carries
  #[serde(skip_serializing_if = "Option::is_none")] on every optional
  field, so explicit nulls never reach IG even if a future code path
  bypasses the transport rewrite.

Added

• examples/diag_close_position.rs — list open positions and close the
  first, logging the outbound JSON. Handy when reproducing the
  null-not-allowed bug or validating the rewrite against a fresh demo
  account.
• tests/dealing_positions.rs::close_position_rewrites_delete_to_post_with_method_override
  pins the rewrite + asserts the JSON body survives intact.
• tests/support/matchers::HasMethodOverride and
  IgMockServer::mount_delete_error helpers for tests that target
  body-carrying DELETE endpoints.

v0.1.2

Release v0.1.2 — see CHANGELOG.md for details.

v0.1.1

Added

• session().login_with_encryption() (behind the encryption
  cargo feature) — log in v3 with an RSA-encrypted password instead
  of plaintext. Recommended for accounts holding real funds (live or
  funded demo). Internally fetches the encryption key, encrypts the
  password with PKCS#1 v1.5, and posts to /session with
  encryptedPassword=true.
• SECURITY.md — vulnerability reporting policy (FR + EN),
  maintainer contact email thibault.barske@kolombo.xyz, encryption
  recommendation for funded accounts, defensive practices the crate
  enforces.
• README "Recommended for funded accounts" section pointing at the
  new helper.

Fixed

• Cargo.toml: corrected the repository URL to point at
  tibs245/trading-ig-rust. Added homepage and documentation
  metadata fields, and configured [package.metadata.docs.rs] so
  docs.rs builds with all features.
• streaming::reconnect doc comment: fix broken intra-doc link to
  StreamingApi::connect_with.
• streaming::events::MarketUpdate::from_raw doc comment: drop
  intra-doc link to a private MARKET_FIELDS constant (was
  cargo doc -D warnings failure on Rust 1.95).
• Two Duration::from_secs(60) call sites updated to
  Duration::from_mins(1) to satisfy Rust 1.95's new
  clippy::duration_suboptimal_units lint.

Security

• RUSTSEC-2023-0071 (rsa crate Marvin timing side-channel on
  PKCS#1 v1.5 decryption): acknowledged but not applicable to
  this crate — we only ever encrypt with IG's public key, never
  decrypt. An ignore is documented in deny.toml and in the
  cargo audit invocations of both CI workflows. See SECURITY.md
  for the full rationale.
• cargo deny is now wired into the weekly security workflow
  (.github/workflows/audit.yml) — checks advisories, licenses,
  banned crates, and source provenance.
• cargo audit is also added to the pre-push git hook (skipped if
  the binary isn't installed locally; CI runs it unconditionally).