v1.6.0

action changes

• Color output is now always enabled so that colors show up in the action output.

0.14.15

Added

• PR#618 added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is info or higher to make the diagnostic clearer by default.

0.14.14

Fixed

• PR#617 resolved #576 by updating the SPDX license list to 3.23.

0.14.13

Fixed

• PR#615 fixed an issue introduced in PR#605 where the various bans diagnostic codes could not have their lint level changed via the CLI. It also introduced the deprecated diagnostic code.

0.14.12

Changed

• PR#605 did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options.
• PR#605 moved targets, exclude, all-features, features, no-default-features, and exclude into the [graph] table.
• PR#605 moved feature-depth into the [output] table.

Added

• PR#613 added support for basic shell expansion to advisories.db-path, which expands support beyond just ~ to include environment variable expansion.

Fixed

• PR#601 resolved #600 by outputting the correct spans when a license was both allowed and denied.
• PR#605 resolved #264 be replacing toml and serde with toml-span.
• PR#605 resolved #539 by simplifying the very common name = "<crate_name>", version = "<requirements>" used to target specific crates into either a plain package spec string or the simpler crate = "<package spec>".
• PR#605 resolved #578 by adding a reason = "<reason>" field to many fields within the configuration that are provided in diagnostics. [bans.deny] also has an additional use-instead = "<url/crate_name>". PR#610 did this for the advisories.ignore field.
• PR#605 resolved #579 by allowing yanked crates to be ignored by specifying a PackageSpec in the [advisories.ignore] array.

Deprecated

• PR#606 and PR#611 together deprecated several fields listed below. See PR#611 for how to change your config to opt-in to the new behavior that will become the default when the deprecated fields are removed in a future minor version.
  • [advisories]
    • vulnerability
    • unmaintained
    • unsound
    • notice
    • severity-threshold
  • [licenses]
    • unlicensed
    • allow-osi-fsf-free
    • copyleft
    • default
    • deny

Release 1.5.15 - cargo-deny 0.14.11

Fixed

• Resolved #71 that was introduced in the previous release.

Release 1.5.14 - cargo-deny 0.14.11

Added

• Added the manifest-path key as a shorthand for doing arguments: --manifest-path <path>

Release 1.5.13 - cargo-deny 0.14.11

Fixed

• PR#599 resolved #488 by treating git and path sources differently. Thanks @kpreid!

Release 1.5.12 - cargo-deny 0.14.10

Fixed

• PR#596 updated krates again to pull in krates#77.

Release 1.5.11 - cargo-deny 0.14.9

Fixed

• PR#594 updated krates again to pull in krates#75.

Release 1.5.10 - cargo-deny 0.14.8

Fixed

• PR#592 updated krates again to pull in krates#73.

Release 1.5.9 - cargo-deny 0.14.7

Fixed

• PR#591 updated krates again to pull in krates#71.

Release 1.5.8 - cargo-deny 0.14.6

Fixed

• PR#590 updated krates to fix an issue with crates that directly have a dependency on 2 or more versions of the same crate.

Added

• PR#590 resolved #405 by emitting warnings when a wrapper crate for a banned crate does not have a dependency on that crate.

Changed

• PR#591 updated gix and tame-index.

Release 1.5.7 - cargo-deny 0.14.5

Fixed

• PR#588 resolved an issue introduced in [0.14.4] where features that reference dev-only dependencies in non-workspace crates would cause a panic.