EmbarkStudios/cargo-deny-action (EmbarkStudios/cargo-deny-action)
### [`v1.6.3`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.3): Release 1.6.3 - cargo-deny 0.14.21
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.2...v1.6.3)
##### Fixed
- [PR#643](https://togithub.com/EmbarkStudios/cargo-deny/pull/643) resolved [#629](https://togithub.com/EmbarkStudios/cargo-deny/issues/629) by making the hosted git (github, gitlab, bitbucket) org/user name comparison case-insensitive. Thanks [@pmnlla](https://togithub.com/pmnlla)!
- [PR#649](https://togithub.com/EmbarkStudios/cargo-deny/pull/649) fixed an issue where depending on the same crate multiple times by using different `cfg()/triple` targets could cause features to be resolved incorrectly and thus crates to be not pulled into the graph used for checking.
#### \[0.14.20] - 2024-03-23
##### Fixed
- [PR#642](https://togithub.com/EmbarkStudios/cargo-deny/pull/642) resolved [#641](https://togithub.com/EmbarkStudios/cargo-deny/issues/641) by pinning `gix-transport` (and its unique dependencies) to 0.41.2 as a workaround for `cargo install` not using the lockfile. See [this issue](https://togithub.com/Byron/gitoxide/issues/1328) for more information.
### [`v1.6.2`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.2): Release 1.6.2 - cargo-deny 0.14.19
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.1...v1.6.2)
##### Changed
- [PR#639](https://togithub.com/EmbarkStudios/cargo-deny/pull/639) updated tame-index to avoid an error if you don't used `--locked`.
#### \[0.14.18] - 2024-03-21
##### Fixed
- [PR#638](https://togithub.com/EmbarkStudios/cargo-deny/pull/638) resolved [#636](https://togithub.com/EmbarkStudios/cargo-deny/issues/636) by updating `krates`.
#### \[0.14.17] - 2024-03-17
##### Changed
- [PR#631](https://togithub.com/EmbarkStudios/cargo-deny/pull/631) improved the diagnostic for when the yank check fails due to some issue with retrieving or reading the index information.
- [PR#633](https://togithub.com/EmbarkStudios/cargo-deny/pull/633) updated `gix` -> 0.60.
### [`v1.6.1`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.1)
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.0...v1.6.1)
##### Fixed
- [PR#626](https://togithub.com/EmbarkStudios/cargo-deny/pull/626) resolved [#625](https://togithub.com/EmbarkStudios/cargo-deny/issues/625) by explicitly checking that a license identified as Pixar was actually (probably) the Pixar license, instead of a normal Apache-2.0 license.
### [`v1.6.0`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.0)
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.15...v1.6.0)
#### action changes
- Color output is now always enabled so that colors show up in the action output.
#### 0.14.15
##### Added
- [PR#618](https://togithub.com/EmbarkStudios/cargo-deny/pull/618) added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is `info` or higher to make the diagnostic clearer by default.
#### 0.14.14
##### Fixed
- [PR#617](https://togithub.com/EmbarkStudios/cargo-deny/pull/617) resolved [#576](https://togithub.com/EmbarkStudios/cargo-deny/issues/576) by updating the SPDX license list to 3.23.
#### 0.14.13
##### Fixed
- [PR#615](https://togithub.com/EmbarkStudios/cargo-deny/pull/615) fixed an issue introduced in [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) where the various `bans` diagnostic codes could not have their lint level changed via the CLI. It also introduced the `deprecated` diagnostic code.
#### 0.14.12
##### Changed
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) moved `targets`, `exclude`, `all-features`, `features`, `no-default-features`, and `exclude` into the `[graph]` table.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) moved `feature-depth` into the `[output]` table.
##### Added
- [PR#613](https://togithub.com/EmbarkStudios/cargo-deny/pull/613) added support for [basic shell expansion](https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-db-path-field-optional) to `advisories.db-path`, which expands support beyond just `~` to include environment variable expansion.
##### Fixed
- [PR#601](https://togithub.com/EmbarkStudios/cargo-deny/pull/601) resolved [#600](https://togithub.com/EmbarkStudios/cargo-deny/issues/600) by outputting the correct spans when a license was both allowed and denied.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#264](https://togithub.com/EmbarkStudios/cargo-deny/issues/264) be replacing `toml` and `serde` with `toml-span`.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#539](https://togithub.com/EmbarkStudios/cargo-deny/issues/539) by simplifying the very common `name = "", version = ""` used to target specific crates into either a plain [package spec string](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#string-format) or the simpler `crate = ""`.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#578](https://togithub.com/EmbarkStudios/cargo-deny/issues/578) by adding a `reason = ""` field to *many* fields within the configuration that are provided in diagnostics. `[bans.deny]` also has an additional `use-instead = ""`. [PR#610](https://togithub.com/EmbarkStudios/cargo-deny/pull/610) did this for the `advisories.ignore` field.
- [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#579](https://togithub.com/EmbarkStudios/cargo-deny/issues/579) by allowing yanked crates to be ignored by specifying a [PackageSpec](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#package-specs) in the `[advisories.ignore]` array.
##### Deprecated
- [PR#606](https://togithub.com/EmbarkStudios/cargo-deny/pull/606) and [PR#611](https://togithub.com/EmbarkStudios/cargo-deny/pull/611) together deprecated several fields listed below. See [PR#611](https://togithub.com/EmbarkStudios/cargo-deny/pull/611) for how to change your config to opt-in to the new behavior that will become the default when the deprecated fields are removed in a future minor version.
- `[advisories]`
- `vulnerability`
- `unmaintained`
- `unsound`
- `notice`
- `severity-threshold`
- `[licenses]`
- `unlicensed`
- `allow-osi-fsf-free`
- `copyleft`
- `default`
- `deny`
### [`v1.5.15`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.15): Release 1.5.15 - cargo-deny 0.14.11
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.14...v1.5.15)
##### Fixed
- Resolved [https://github.com/EmbarkStudios/cargo-deny-action/issues/71](https://togithub.com/EmbarkStudios/cargo-deny-action/issues/71) that was introduced in the previous release.
### [`v1.5.14`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.14): Release 1.5.14 - cargo-deny 0.14.11
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.13...v1.5.14)
##### Added
- Added the `manifest-path` key as a shorthand for doing `arguments: --manifest-path `
### [`v1.5.13`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.13): Release 1.5.13 - cargo-deny 0.14.11
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.12...v1.5.13)
##### Fixed
- [PR#599](https://togithub.com/EmbarkStudios/cargo-deny/pull/599) resolved [#488](https://togithub.com/EmbarkStudios/cargo-deny/issues/488) by treating git and path sources differently. Thanks [@kpreid](https://togithub.com/kpreid)!
### [`v1.5.12`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.12): Release 1.5.12 - cargo-deny 0.14.10
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.11...v1.5.12)
##### Fixed
- [PR#596](https://togithub.com/EmbarkStudios/cargo-deny/pull/596) updated `krates` *again* to pull in [krates#77](https://togithub.com/EmbarkStudios/krates/pull/77).
### [`v1.5.11`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.11): Release 1.5.11 - cargo-deny 0.14.9
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.10...v1.5.11)
##### Fixed
- [PR#594](https://togithub.com/EmbarkStudios/cargo-deny/pull/594) updated `krates` *again* to pull in [krates#75](https://togithub.com/EmbarkStudios/krates/pull/75).
### [`v1.5.10`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.10): Release 1.5.10 - cargo-deny 0.14.8
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.9...v1.5.10)
##### Fixed
- [PR#592](https://togithub.com/EmbarkStudios/cargo-deny/pull/592) updated `krates` *again* to pull in [krates#73](https://togithub.com/EmbarkStudios/krates/pull/73).
### [`v1.5.9`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.9): Release 1.5.9 - cargo-deny 0.14.7
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.8...v1.5.9)
##### Fixed
- [PR#591](https://togithub.com/EmbarkStudios/cargo-deny/pull/591) updated `krates` *again* to pull in [krates#71](https://togithub.com/EmbarkStudios/krates/pull/71).
### [`v1.5.8`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.8): Release 1.5.8 - cargo-deny 0.14.6
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.7...v1.5.8)
##### Fixed
- [PR#590](https://togithub.com/EmbarkStudios/cargo-deny/pull/590) updated `krates` to fix an issue with crates that directly have a dependency on 2 or more versions of the same crate.
##### Added
- [PR#590](https://togithub.com/EmbarkStudios/cargo-deny/pull/590) resolved [#405](https://togithub.com/EmbarkStudios/cargo-deny/issues/405) by emitting warnings when a `wrapper` crate for a banned crate does not have a dependency on that crate.
##### Changed
- [PR#591](https://togithub.com/EmbarkStudios/cargo-deny/pull/591) updated `gix` and `tame-index`.
### [`v1.5.7`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.7): Release 1.5.7 - cargo-deny 0.14.5
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.6...v1.5.7)
##### Fixed
- [PR#588](https://togithub.com/EmbarkStudios/cargo-deny/pull/588) resolved an issue introduced in \[0.14.4] where features that reference dev-only dependencies in non-workspace crates would cause a [panic](https://togithub.com/EmbarkStudios/krates/issues/66).
### [`v1.5.6`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.6): Release 1.5.6 - cargo-deny 0.14.4
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.5...v1.5.6)
##### Fixed
- [PR#586](https://togithub.com/EmbarkStudios/cargo-deny/pull/586) resolved 2 issues with crate graph creation, see [krates#60](https://togithub.com/EmbarkStudios/krates/issues/60) and [krates#64](https://togithub.com/EmbarkStudios/krates/issues/64) for more details.
### [`v1.5.5`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.5): Release 1.5.5 - cargo-deny 0.14.2
[Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.4...v1.5.5)
##### Added
- [PR#545](https://togithub.com/EmbarkStudios/cargo-deny/pull/545) added the ability to specify additional license exceptions via [additional configuration files](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#additional-exceptions-configuration-file).
- [PR#549](https://togithub.com/EmbarkStudios/cargo-deny/pull/549) added the [`bans.build`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-build-field-optional) configuration option, opting in to checking for [file extensions](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-script-extensions-field-optional), [native executables](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-executables-field-optional), and [interpreted scripts](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-interpreted-field-optional). This resolved [#43](https://togithub.com/EmbarkStudios/cargo-deny/issues/43).
##### Changed
- [PR#557](https://togithub.com/EmbarkStudios/cargo-deny/pull/557) introduced changes to how [`dev-dependencies`](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#development-dependencies) are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking for [`multiple-versions`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-multiple-versions-field-optional) violations. This can be re-enabled via the [`bans.multiple-versions-include-dev`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-multiple-versions-include-dev-field-optional) config field. Additionally, licenses are no longer checked for `dev-dependencies`, but can be re-enabled via [`licenses.include-dev`](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-include-dev-field-optional) the config field. `dev-dependencies` can also be completely disabled altogether, but this applies to all checks, including `advisories` and `sources`, so is not enabled by default. This behavior can be enabled by using the [`exclude-dev`](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#the-exclude-dev-field-optional) field, or the `--exclude-dev` command line flag. This change resolved [#322](https://togithub.com/EmbarkStudios/cargo-deny/issues/322), [#329](https://togithub.com/EmbarkStudios/cargo-deny/issues/329), [#413](https://togithub.com/EmbarkStudios/cargo-deny/issues/413) and [#497](https://togithub.com/EmbarkStudios/cargo-deny/issues/497).
##### Fixed
- [PR#549](https://togithub.com/EmbarkStudios/cargo-deny/pull/549) fixed [#548](https://togithub.com/EmbarkStudios/cargo-deny/issues/548) by correctly locating cargo registry indices from an git ssh url.
- [PR#549](https://togithub.com/EmbarkStudios/cargo-deny/pull/549) fixed [#552](https://togithub.com/EmbarkStudios/cargo-deny/issues/552) by correctly handling signal interrupts and removing the advisory-dbs lock file.
- [PR#549](https://togithub.com/EmbarkStudios/cargo-deny/pull/549) fixed [#553](https://togithub.com/EmbarkStudios/cargo-deny/issues/553) by adding the `native-certs` feature flag that can enable the OS native certificate store.
##### Deprecated
- [PR#549](https://togithub.com/EmbarkStudios/cargo-deny/pull/549) moved `bans.allow-build-scripts` to [`bans.build.allow-build-scripts`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-allow-build-scripts-field-optional). `bans.allow-build-scripts` is still supported, but emits a warning.
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v1.5.4->v1.6.3Release Notes
EmbarkStudios/cargo-deny-action (EmbarkStudios/cargo-deny-action)
### [`v1.6.3`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.3): Release 1.6.3 - cargo-deny 0.14.21 [Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.2...v1.6.3) ##### Fixed - [PR#643](https://togithub.com/EmbarkStudios/cargo-deny/pull/643) resolved [#629](https://togithub.com/EmbarkStudios/cargo-deny/issues/629) by making the hosted git (github, gitlab, bitbucket) org/user name comparison case-insensitive. Thanks [@pmnlla](https://togithub.com/pmnlla)! - [PR#649](https://togithub.com/EmbarkStudios/cargo-deny/pull/649) fixed an issue where depending on the same crate multiple times by using different `cfg()/triple` targets could cause features to be resolved incorrectly and thus crates to be not pulled into the graph used for checking. #### \[0.14.20] - 2024-03-23 ##### Fixed - [PR#642](https://togithub.com/EmbarkStudios/cargo-deny/pull/642) resolved [#641](https://togithub.com/EmbarkStudios/cargo-deny/issues/641) by pinning `gix-transport` (and its unique dependencies) to 0.41.2 as a workaround for `cargo install` not using the lockfile. See [this issue](https://togithub.com/Byron/gitoxide/issues/1328) for more information. ### [`v1.6.2`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.2): Release 1.6.2 - cargo-deny 0.14.19 [Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.1...v1.6.2) ##### Changed - [PR#639](https://togithub.com/EmbarkStudios/cargo-deny/pull/639) updated tame-index to avoid an error if you don't used `--locked`. #### \[0.14.18] - 2024-03-21 ##### Fixed - [PR#638](https://togithub.com/EmbarkStudios/cargo-deny/pull/638) resolved [#636](https://togithub.com/EmbarkStudios/cargo-deny/issues/636) by updating `krates`. #### \[0.14.17] - 2024-03-17 ##### Changed - [PR#631](https://togithub.com/EmbarkStudios/cargo-deny/pull/631) improved the diagnostic for when the yank check fails due to some issue with retrieving or reading the index information. - [PR#633](https://togithub.com/EmbarkStudios/cargo-deny/pull/633) updated `gix` -> 0.60. ### [`v1.6.1`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.1) [Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.6.0...v1.6.1) ##### Fixed - [PR#626](https://togithub.com/EmbarkStudios/cargo-deny/pull/626) resolved [#625](https://togithub.com/EmbarkStudios/cargo-deny/issues/625) by explicitly checking that a license identified as Pixar was actually (probably) the Pixar license, instead of a normal Apache-2.0 license. ### [`v1.6.0`](https://togithub.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.0) [Compare Source](https://togithub.com/EmbarkStudios/cargo-deny-action/compare/v1.5.15...v1.6.0) #### action changes - Color output is now always enabled so that colors show up in the action output. #### 0.14.15 ##### Added - [PR#618](https://togithub.com/EmbarkStudios/cargo-deny/pull/618) added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is `info` or higher to make the diagnostic clearer by default. #### 0.14.14 ##### Fixed - [PR#617](https://togithub.com/EmbarkStudios/cargo-deny/pull/617) resolved [#576](https://togithub.com/EmbarkStudios/cargo-deny/issues/576) by updating the SPDX license list to 3.23. #### 0.14.13 ##### Fixed - [PR#615](https://togithub.com/EmbarkStudios/cargo-deny/pull/615) fixed an issue introduced in [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) where the various `bans` diagnostic codes could not have their lint level changed via the CLI. It also introduced the `deprecated` diagnostic code. #### 0.14.12 ##### Changed - [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options. - [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) moved `targets`, `exclude`, `all-features`, `features`, `no-default-features`, and `exclude` into the `[graph]` table. - [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) moved `feature-depth` into the `[output]` table. ##### Added - [PR#613](https://togithub.com/EmbarkStudios/cargo-deny/pull/613) added support for [basic shell expansion](https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-db-path-field-optional) to `advisories.db-path`, which expands support beyond just `~` to include environment variable expansion. ##### Fixed - [PR#601](https://togithub.com/EmbarkStudios/cargo-deny/pull/601) resolved [#600](https://togithub.com/EmbarkStudios/cargo-deny/issues/600) by outputting the correct spans when a license was both allowed and denied. - [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#264](https://togithub.com/EmbarkStudios/cargo-deny/issues/264) be replacing `toml` and `serde` with `toml-span`. - [PR#605](https://togithub.com/EmbarkStudios/cargo-deny/pull/605) resolved [#539](https://togithub.com/EmbarkStudios/cargo-deny/issues/539) by simplifying the very common `name = "Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.