github-actions[bot]
commented
1 year ago π€ Cargo Audit Report π€`
Show Report
*** Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 548 security advisories (from /usr/local/cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (419 crate dependencies) Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 βββ criterion 0.4.0 βββ tap_core 0.1.0 βββ tap_aggregator 0.1.0 warning: 1 allowed warning found ```Pusher: @aasseman, Action: pull_request, Working Directory: `, Workflow:tests`
This will continually generate a PR that bumps the workspace's crates SemVer using the conventional commits data. When we do decide to merge the PR, a changelog, git tag, and github release are generated.
Each crate will have its own versioning (tags, releases, etc). The tool knows which crate is impacted by the commits by analyzing the diffs. It also knows when to bump a crate version (ie. aggreagator) if its workspace dependency got an update (ie. core).
These lines will make it so that it generates "prerelease versioning", meaning that it will stick to
0.x.x: https://github.com/semiotic-ai/timeline-aggregation-protocol/blob/90a115c30e073e62d1f200bb83f768cf1d2d6335/release-please-config.json#L4-L6 When we feel ready, we can set it to "normal" versioning, and manually bump it to1.0.0(RTFM)Check out the main branch here https://github.com/aasseman/timeline-aggregation-protocol where I have done some tests.
There is no "publish" to crates.io step in this PR. Coming soon.