Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump EmbarkStudios/cargo-deny-action from v1.1.0 to v1.2.5 #19

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 15, 2021

Bumps EmbarkStudios/cargo-deny-action from v1.1.0 to v1.2.5.

Release notes

Sourced from EmbarkStudios/cargo-deny-action's releases.

v1.2.5 - cargo-deny 0.9.0

Changed

  • Updated krates, which in turn uses an updated cargo_metadata which uses camino for utf-8 paths. Rather than support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses Utf8Path/Buf, which means that non-utf-8 paths for things like your Cargo.toml manifest or license paths will no longer function. This is a breaking change, that can be reverted if it disruptive for users, but the assumption is that cargo-deny is operating on normal checkouts of rust repositories that are overwhelmingly going to be utf-8 compatible paths.

Update image

Updates the base image to rust 1.50.0 to fix issue if you pin to it via eg rust-toolchain.

v1.2.3 - cargo-deny 0.8.5

Added

  • PR#315 resolved #312 by adding support for excluding packages in the deny configuration file, in addition to the existing support for the --exclude CLI option. Thanks @​luser!

Fixed

  • PR#318 fixed #316 by adding a workaround for crate versions with pre-release identifiers in them that could be erroneously marked as matching advisories in an advisory database. Thanks for reporting this @​djc!

v1.2.2 - cargo-deny 0.8.4

Changed

  • Updated dependencies, notably rustsec, crossbeam*, and cargo.
  • Bumped the Minimum Stable Rust Version to 1.44.1.

v1.2.1 - cargo-deny 0.8.1

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

  • PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @​Stupremee!
  • PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @​Stupremee!
  • PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @​Stupremee!
  • PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
  • PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

Changed

  • advisories.db-url has been deprecated in favor of advisories.db-urls since multiple databses are now supported.
  • advisories.db-path is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how .cargo/registry/index directories work.
  • PR#274 resolved #115 by normalizing git urls. Thanks @​senden9!

Fixed

  • #265 A transitive dependency (smol_str) forced the usage of the latest Rust stable version (1.46) which was unintended. We now state the MSRV in the README and check for it in CI so that changing the MSRV is a conscious decision.
  • PR#287 fixed #286, which could happen if using a git source where the representation differed slightly between the user specified id and the id used for dependencies.
  • PR#249 fixed #190 by printing a different diagnostic for when the path specified for a clarification license file could not be found. Thanks @​khodzha!
  • PR#297 fixed a couple of diagnostics to have codes.
  • PR#296 resolved #288 by improving the information in diagnostics pertaining to advisories. Thanks @​tomasfarias!

v1.2.0 - cargo-deny 0.8.1

Updates cargo-deny from 0.7.3 -> 0.8.1

Added

  • PR#238 resolved #225 by adding a wrappers field to [bans.deny] entries, which allows the banned crate to be used only if it is a direct dependency of one of the wrapper crates. Thanks @​Stupremee!
  • PR#244 resolved #69 by adding support for multiple advisory databases, which will all be checked during the advisory check. Thanks @​Stupremee!
  • PR#243 resolved #54 by adding support for compiling and using cargo crate directly via the standalone feature. This allows cargo-deny to be used without cargo being installed, but it still requires rustc to be available. Thanks @​Stupremee!
  • PR#275 resolved #64 by adding a diagnostic when a user tries to ignore an advisory identifier that doesn't exist in any database.
  • PR#262 added the fix subcommand, which was added to bring cargo-deny to feature parity with cargo-audit so that it can take over for cargo-audit as the official frontend for the the RustSec Advisory Database.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [EmbarkStudios/cargo-deny-action](https://github.com/EmbarkStudios/cargo-deny-action) from v1.1.0 to v1.2.5.
- [Release notes](https://github.com/EmbarkStudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@v1.1.0...419cdfd)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 15, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 29, 2021

Superseded by #20.

@dependabot dependabot bot closed this Mar 29, 2021
@dependabot dependabot bot deleted the dependabot/github_actions/EmbarkStudios/cargo-deny-action-v1.2.5 branch March 29, 2021 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment