0.7.2

Added

• PR#227 Added a new bans.wildcards check to lint for version requirements of "*", which can happen when using local or patched crates that aren't published to a registry. Thanks @khodzha!

Fixed

• Fix incompatible crate versions due to cargo_metadata.

0.7.1

Fixed

• Fix issue due to incompatible semver versioning with relation to...the semver crate.

0.7.0

Added

• Resolved #137 by adding a --format <human|json> option. All diagnostic and log messages from the check subcommand respect this flag.

Changed

• Resolved #216 by adding support for the --all-features, --features, and --no-default-features flags to specify the exact features to have enabled when gathering the crates in your dependency graph to actually run checks against. This is a BREAKING CHANGE as previously crates were gathered with --all-features.
• The --color option for the list subcommand has been moved to the top level arguments.

Removed

• The --context option , which was deprecated in 0.6.3, has been removed.

Fixed

• Resolved #211 by adding a top-level --color <auto|always|never> option, if stderr is not a TTY or never is passed, no colors will be present in the output stream.

0.6.8

Added

• A one line summary of the state of each check is now output at the very end of the check subcommand unless the --log-level is off. If the --log-level is info or higher, a summary of the state, errors, warnings, and notes for each check are outputted on their own line instead.
• Added the -s | --show-stats flag to the check subcommand, which will print out the more detailed summary, regardless of the --log-level.

Changed

• Updated crates.
• Updated cfg-expr, which should allow for filtering of crates for most custom targets that aren't built-in to rustc.

0.6.7

Fixed

• PR#183 resolved an infinite loop issue which could be caused by cyclic dependencies in a crate graph. Thanks @Veetaha!

0.6.6

Changed

• Updated crates. Mainly to force a new version because the Windows release messed up. Yay!

0.6.5

Added

• Added a fetch subcommand that can be used to fetch external data, currently the crates.io index and the configured advisory database

Changed

• Upgraded to rustsec 0.18.0, which slighly reworks how yanked crate detection is done

0.6.4

Fixed

• Resolved #131 by removing an unnecessary path canonicalization

0.6.3

Added

• Added the --manifest-path option to specify the Cargo.toml you want to use as the context for the operation to fit with how other cargo subcommands work. Takes precedence over the (deprecated) --context.
• Added the --workspace flag to give the user a workaround in cases where a manifest is both a package and a workspace.
• Added the --exclude option to allow users to explicitly remove packages from the final crate graph.

Changed

• The configuration used for the command is recursively searched for in parent directories starting in the same directory as the Cargo.toml (unless explicitly specified).
• The target list used when evaluating cfg expressions for dependencies has been updated to the list of targets supported by 1.41.0. This will give undesired behavior if you happen to use a target triple that has been removed from 1.41.0 that is available in the Rust version you have.

Fixed

• Resolved #122 by pruning the packages that are checked against the advisory database to the same set used by all other checks

Deprecated

• --context has been deprecated in favor of --manifest-path, to align cargo-deny more with all other cargo subcommands

0.6.2

Added

• Resolved #116 by adding the [licenses.default] field, which allows you to configure how to handle licenses that don't match any other predicate
• Resolved #117 by allowing the list subcommand to also use the normal configuration used by the check subcommand. Only the targets field is used, to determine which crates have their licenses listed.