Skip to content

Update dependency cargo-deny to v0.14.0 #6898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 28, 2023
Merged

Update dependency cargo-deny to v0.14.0 #6898

merged 1 commit into from
Jul 28, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 28, 2023

Mend Renovate

This PR contains the following updates:

Package Update Change
cargo-deny minor 0.13.9 -> 0.14.0

Release Notes

EmbarkStudios/cargo-deny (cargo-deny)

v0.14.0

Compare Source

Changed
  • PR#520 resolved #​522 by completely removing all dependencies upon git2 and openssl. This was done by transitioning from git2 -> gix for all git operations, both directly in this crate, as well as replacing crates-index with tame-index.
  • PR#520 bumped the MSRV from 1.65.0 -> 1.70.0
  • PR#523 added "(try cargo update -p <crate_name>)" when an advisory is detected for a crate. Thanks @​Victor-N-Suadicani!
Fixed
  • PR#520 resolved #​361 by printing output when a fetch is being performed to clarify what is taking time.
  • PR#520 (possibly) resolved #​435 by switching all git operations from git2 to gix.
  • PR#520 resolved #​439 by using minimal refspecs for cloning and fetching all remote git repositories (indices or advisory databases) where only the remote HEAD is needed to update the local repository, regardless of the default remote branch pointed to by HEAD.
  • PR#520 resolved #​446 by ensuring (and testing) that crates from non-registry sources are not checked for advisories, eg. in the case that a local crate is named and versioned the same as a crate from crates.io that has an advisory that affects it.
  • PR#520 resolved #​515 by always opening the correct registry index based upon the environment.
  • PR#531 resolved #​210 by adding osi and fsf options to licenses.allow-osi-fsf-free. Thanks @​zkxs!
  • PR#533 resolved #​521 and #​524 by allowing clarifications to add files that are used to verify the license information is up to date, rather than needing to match one of the license files that was discovered.
  • PR#534 resolved #​479 by improving how advisory databases are cloned and/or fetched, notably each database now uses gix's file-based locking to ensure that only one process has mutable access to an advisory database repo at a time.
Removed
  • PR#520 removed all features, notably standalone. This is due to cargo still being in transition from git2 -> gix and having no way to compiled without OpenSSL. Once cargo is a better state with regards to this we can add back that feature.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@Turbo87 Turbo87 merged commit 54ab007 into main Jul 28, 2023
@Turbo87 Turbo87 deleted the renovate/cargo-deny-0.x branch July 28, 2023 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Turbo87