0.6.7

Fixed

• PR#183 resolved an infinite loop issue which could be caused by cyclic dependencies in a crate graph. Thanks @Veetaha!

0.6.6

Changed

• Updated crates. Mainly to force a new version because the Windows release messed up. Yay!

0.6.5

Added

• Added a fetch subcommand that can be used to fetch external data, currently the crates.io index and the configured advisory database

Changed

• Upgraded to rustsec 0.18.0, which slighly reworks how yanked crate detection is done

0.6.4

Fixed

• Resolved #131 by removing an unnecessary path canonicalization

0.6.3

Added

• Added the --manifest-path option to specify the Cargo.toml you want to use as the context for the operation to fit with how other cargo subcommands work. Takes precedence over the (deprecated) --context.
• Added the --workspace flag to give the user a workaround in cases where a manifest is both a package and a workspace.
• Added the --exclude option to allow users to explicitly remove packages from the final crate graph.

Changed

• The configuration used for the command is recursively searched for in parent directories starting in the same directory as the Cargo.toml (unless explicitly specified).
• The target list used when evaluating cfg expressions for dependencies has been updated to the list of targets supported by 1.41.0. This will give undesired behavior if you happen to use a target triple that has been removed from 1.41.0 that is available in the Rust version you have.

Fixed

• Resolved #122 by pruning the packages that are checked against the advisory database to the same set used by all other checks

Deprecated

• --context has been deprecated in favor of --manifest-path, to align cargo-deny more with all other cargo subcommands

0.6.2

Added

• Resolved #116 by adding the [licenses.default] field, which allows you to configure how to handle licenses that don't match any other predicate
• Resolved #117 by allowing the list subcommand to also use the normal configuration used by the check subcommand. Only the targets field is used, to determine which crates have their licenses listed.

0.6.1

Added

• Added [advisories.yanked] field in PR#114 for linting yanked crates.

0.6.0

Added

• Added the sources check and configuration, which allows linting of crate sources
• Resolved #63 by adding a dependency on krates, which allows us to easily filter out dependencies that don't match a target specified by the user via the targets config value.
• Resolved #75, a warning is now printed for license exceptions and allowed licenses, if they aren't encountered when checking crate license information.
• Resolved #50, private workspace members (anything that is not published publicly) can now be ignored during the license check.

Changed

• Resolved #85 by changing the max column width from 120 to 80 and reformatting some of the help text for the CLI.
• Resolved #109 by only printing a single diagnostic message for each set of duplicate version

Fixed

• Fixed #96 by allowing expansion of '~' rooted paths for the [advisories.db-path] configuration variable.

0.5.2

Added

• Resolved #53 by adding [licenses.exceptions], which lets you allow 1 or more licenses only for a particular crate. Thanks for reporting @iliana!

0.5.1

Fixed

• Fixed issue where both --manifest-path and working directory were set when executing cargo-metadata, causing it to fail if a executed in a subdirectory.