Release 0.11.3

Fixed

• PR#407 resolved #406 by always checking license exceptions first.

Release 0.11.2

Changed

• PR#403 added support for the CARGO_TERM_COLOR environment variable. Thanks @svenstaro!
• PR#404 updated dependencies.

Fixed

• PR#398 resolved #135 by making [licenses.exceptions] additive to the global allow list. Thanks @senden9!
• PR#404 resolved #401 by trimming quotes from spans before serializing them as JSON.
• PR#404 resolved #402 by updating crossbeam-utils to a non-yanked version.

Release 0.11.1

Added

• PR#391 resolved #344 by adding [licenses.ignore-sources] to ignore license checking for crates sourced from 1 or more specified registries. Thanks @ShellWowza!
• PR#396 resolved #366 by also looking for .deny.toml in addition to deny.toml if a config file is not specified.

Changed

• PR#392 updated all dependencies.

Fixed

• PR#393 resolved #371 by changing the default for version requirements specified in config files to accept all versions, rather than using the almost-but-not-quite default of *.
• PR#394 resolved #147 by ignore all private crates, not only the ones in the workspace.
• PR#395 resolved #375 by fixing a potential infinite loop when using [bans.skip-tree].

Release 0.11.0

Changed

• PR#382 updated dependencies and bumped the Minimum Stable Rust Version to 1.56.1.

Release 0.10.3

Changed

• PR#379 updated askalono which got rid of the failure dependency, which was pulling in a lot of additional crates that are now gone.

Fixed

• PR#379 fixed #378 which was an edge case where the sources check was executed against a crate that didn't use any crates from crates.io, and the config file was shorter than the crates.io URL.

Release 0.10.2

Fixed

• PR#376 fixed the JSON formatting when using --format json output option. Thanks @dnaka91!

Changed

• PR#377 updated dependencies.

Release 0.10.1

Fixed

• PR#347 resolved #372 by correcting a slight mistake that resulted in an incorrect hash making cargo-deny unable to lookup index or crate information from the local file system.

Release 0.10.0

Added

• PR#353 resolved #351 by adding the sources.private field to blanket allow git repositories sourced from a particular url.
• PR#359 resolved #341 and #357 by adding support for the --frozen, --locked, and --offline flags to determine whether network access is allowed, and whether the Cargo.lock file can be created and/or modified.
• PR#368 added the licenses.unused-allowed-license field to control whether the L006 - license was not encountered diagnostic. Thanks @thomcc!

Changed

• PR#358 bumped the Minimum Stable Rust Version to 1.53.0.
• PR#358 bumped various dependencies, notably semver to 1.0.3.

Release 0.9.1

Changed

• Updated dependencies

0.9.0

Changed

• Updated krates, which in turn uses an updated cargo_metadata which uses camino for utf-8 paths. Rather than support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses Utf8Path/Buf, which means that non-utf-8 paths for things like your Cargo.toml manifest or license paths will no longer function. This is a breaking change, that can be reverted if it is disruptive for users, but the assumption is that cargo-deny is operating on normal checkouts of rust repositories that are overwhelmingly going to be utf-8 compatible paths.