search

geiger-rs / cargo-geiger

Detects usage of unsafe Rust in a Rust crate and its dependencies.
https://crates.io/crates/cargo-geiger
1.41k stars 66 forks source link

build(deps): bump krates from 0.11.0 to 0.16.7 #508

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 8 months ago

Bumps krates from 0.11.0 to 0.16.7.

Release notes

Sourced from krates's releases.

0.16.7

Fixed

  • PR#78 fixed an issue where setting manifest_path to Cargo.toml without preceding ./ would cause the current directory be set to empty, and cargo_metadata to fail.

Release 0.16.6

Fixed

  • PR#77 resolved #76 by special casing "wildcard" version requirements if the version being tested is a pre-release, as pre-releases must have at least one comparator.

Release 0.16.5

Fixed

  • PR#75 resolved #74 by just always checking version requirements for dependencies. Sigh.

Release 0.16.4

Fixed

  • PR#73 resolved #72 by correctly parsing the new stable package ids where a specifier was not used.

Release 0.16.3

Fixed

  • PR#71 fixed an issue introduced in PR#70 that would cause duplicates to not be detected correctly. Thanks @​louisdewar!

Release 0.16.2

Fixed

  • PR#70 resolved #68 and #69 by additionally checking the version of resolve dependencies if there were 2 or more of the same name referenced by the same crate.

Release 0.16.1

Fixed

  • PR#67 resolved #66 by ignore features that reference crates that aren't resolved, instead of panicing, as there should only be one case where that occurs.

Release 0.16.0

Fixed

  • PR#65 resolved #64 by adding support for the newly stabilized (currently nightly only) package id format.

Changed

  • PR#65 changed Kid from just a type alias for cargo_metadata::PackageId to an actual type that has accessors for the various components of the id. It also specifies its own Ord etc implementation so that those ids are sorted the exact same as the old version.

Release 0.15.3

Fixed

Release 0.15.2

Fixed

  • PR#61 resolved #60 by refactoring the building of the crate graph to do its own crate and feature resolution to properly handle pruning based on the user's desires.

Release 0.15.1

Added

  • PR#59 added Krates::krates_filtered, allowing filtering of crates based upon their edge kinds.

Release 0.15.0

Changed

  • PR#58 removed the prefer-index feature, which brought in tame-index, in favor of just letting the user provide a callback that can be used to gather index information, freeing this crate from dependency issues and allowing downstream crates more flexibility.

... (truncated)

Changelog

Sourced from krates's changelog.

[0.16.7] - 2024-03-20

Fixed

  • PR#78 fixed an issue where setting manifest_path to Cargo.toml without preceding ./ would cause the current directory be set to empty, and cargo_metadata to fail.

[0.16.6] - 2024-01-24

Fixed

  • PR#77 resolved #76 by special casing "wildcard" version requirements if the version being tested is a pre-release, as pre-releases must have at least one comparator.

[0.16.5] - 2024-01-24

Fixed

  • PR#75 resolved #74 by just always checking version requirements for dependencies. Sigh.

[0.16.4] - 2024-01-22

Fixed

  • PR#73 resolved #72 by correctly parsing the new stable package ids where a specifier was not used.

[0.16.3] - 2024-01-22

Fixed

  • PR#71 fixed an issue introduced in PR#70 that would cause duplicates to not be detected correctly. Thanks @​louisdewar!

[0.16.2] - 2024-01-21

Fixed

  • PR#70 resolved #68 and #69 by additionally checking the version of resolve dependencies if there were 2 or more of the same name referenced by the same crate.

[0.16.1] - 2024-01-20

Fixed

  • PR#67 resolved #66 by ignore features that reference crates that aren't resolved, instead of panicing, as there should only be one case where that occurs.

[0.16.0] - 2024-01-19

Fixed

  • PR#65 resolved #64 by adding support for the newly stabilized (currently nightly only) package id format.

Changed

  • PR#65 changed Kid from just a type alias for cargo_metadata::PackageId to an actual type that has accessors for the various components of the id. It also specifies its own Ord etc implementation so that those ids are sorted the exact same as the old version.

[0.15.3] - 2024-01-12

Fixed

[0.15.2] - 2024-01-12

Fixed

  • PR#61 resolved #60 by refactoring the building of the crate graph to do its own crate and feature resolution to properly handle pruning based on the user's desires.

[0.15.1] - 2023-09-03

Added

  • PR#59 added Krates::krates_filtered, allowing filtering of crates based upon their edge kinds.

[0.15.0] - 2023-08-23

Changed

  • PR#58 removed the prefer-index feature, which brought in tame-index, in favor of just letting the user provide a callback that can be used to gather index information, freeing this crate from dependency issues and allowing downstream crates more flexibility.

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 7 months ago

Superseded by #512.