0.6.1

Added

• Added [advisories.yanked] field in PR#114 for linting yanked crates.

0.6.0

Added

• Added the sources check and configuration, which allows linting of crate sources
• Resolved #63 by adding a dependency on krates, which allows us to easily filter out dependencies that don't match a target specified by the user via the targets config value.
• Resolved #75, a warning is now printed for license exceptions and allowed licenses, if they aren't encountered when checking crate license information.
• Resolved #50, private workspace members (anything that is not published publicly) can now be ignored during the license check.

Changed

• Resolved #85 by changing the max column width from 120 to 80 and reformatting some of the help text for the CLI.
• Resolved #109 by only printing a single diagnostic message for each set of duplicate version

Fixed

• Fixed #96 by allowing expansion of '~' rooted paths for the [advisories.db-path] configuration variable.

0.5.2

Added

• Resolved #53 by adding [licenses.exceptions], which lets you allow 1 or more licenses only for a particular crate. Thanks for reporting @iliana!

0.5.1

Fixed

• Fixed issue where both --manifest-path and working directory were set when executing cargo-metadata, causing it to fail if a executed in a subdirectory.

0.5.0

Added

• Added the advisories check and configuration section for checking crates against an advisory database to detect security vulnerabilities, unmaintained crates, and crates with security notices
• A warning will now be emitted if a crate that isn't in the graph is specified in [bans.skip-tree]

Fixed

• PR#58 Fixed #55 to handle license requirements for GPL, AGPL, LGPL, and GFDL better. Thanks for reporting @pikajude!
• PR#62 Fixed #56, the [metadata] section in Cargo.lock is now gone in nightly to improve merging, the previous reporting mechanism that required this section has been reworked.

Changed

• The check subcommand now takes multiple values eg cargo deny check bans advisories
• Specifying either cargo deny check or cargo deny check all will now run the additional advisories check
• Previously, if you hadn't specified the [licenses] or [bans] section then running that check would have done nothing. Now if any section (including [advisories]) is not specified, the default configuration will be used.

Deprecated

• check ban has been deprecated in favor of check bans
• check license has been deprecated in favor of check licenses

0.4.2

Added

• PR#48 Added an init subcommand to generate a cargo-deny template file with guiding comments. Thanks @foresterre!

0.4.1

Fixed

• PR#46 Fixed issue where license-file was not being turned into an absolute path like the normal license file scanning, causing a crash. Thanks @foresterre!
• Fixed an out of bounds panic when skipping a crate which wasn't present in the crate graph, that would have been sorted last if it had existed

0.4.0

Changed

• Replaced usage of failure with anyhow
• Upgraded askalono and spdx to newer versions that both use version 3.7 of the SPDX license list
• The embedded license list now uses zstd for compression resulting in smaller binary files and faster decompression.

0.3.0

Added

• Added [licenses.copyleft] config, which can be used to determine what happens when a copyleft license is encountered.
• Added [bans.skip-tree] config, which can be used to skip entire subtrees of a dependency graph when considering duplicates

Fixed

• Fixed displaying of duplicate errors in the presence of a skipped crate

0.3.0-beta

Release 0.3.0-beta