Release 1.5.14 - cargo-deny 0.14.11

Added

• Added the manifest-path key as a shorthand for doing arguments: --manifest-path <path>

Release 1.5.13 - cargo-deny 0.14.11

Fixed

• PR#599 resolved #488 by treating git and path sources differently. Thanks @kpreid!

Release 1.5.12 - cargo-deny 0.14.10

Fixed

• PR#596 updated krates again to pull in krates#77.

Release 1.5.11 - cargo-deny 0.14.9

Fixed

• PR#594 updated krates again to pull in krates#75.

Release 1.5.10 - cargo-deny 0.14.8

Fixed

• PR#592 updated krates again to pull in krates#73.

Release 1.5.9 - cargo-deny 0.14.7

Fixed

• PR#591 updated krates again to pull in krates#71.

Release 1.5.8 - cargo-deny 0.14.6

Fixed

• PR#590 updated krates to fix an issue with crates that directly have a dependency on 2 or more versions of the same crate.

Added

• PR#590 resolved #405 by emitting warnings when a wrapper crate for a banned crate does not have a dependency on that crate.

Changed

• PR#591 updated gix and tame-index.

Release 1.5.7 - cargo-deny 0.14.5

Fixed

• PR#588 resolved an issue introduced in [0.14.4] where features that reference dev-only dependencies in non-workspace crates would cause a panic.

Release 1.5.6 - cargo-deny 0.14.4

Fixed

• PR#586 resolved 2 issues with crate graph creation, see krates#60 and krates#64 for more details.

Release 1.5.5 - cargo-deny 0.14.2

Added

• PR#545 added the ability to specify additional license exceptions via additional configuration files.
• PR#549 added the bans.build configuration option, opting in to checking for file extensions, native executables, and interpreted scripts. This resolved #43.

Changed

• PR#557 introduced changes to how dev-dependencies are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking for multiple-versions violations. This can be re-enabled via the bans.multiple-versions-include-dev config field. Additionally, licenses are no longer checked for dev-dependencies, but can be re-enabled via licenses.include-dev the config field. dev-dependencies can also be completely disabled altogether, but this applies to all checks, including advisories and sources, so is not enabled by default. This behavior can be enabled by using the exclude-dev field, or the --exclude-dev command line flag. This change resolved #322, #329, #413 and #497.

Fixed

• PR#549 fixed #548 by correctly locating cargo registry indices from an git ssh url.
• PR#549 fixed #552 by correctly handling signal interrupts and removing the advisory-dbs lock file.
• PR#549 fixed #553 by adding the native-certs feature flag that can enable the OS native certificate store.

Deprecated

• PR#549 moved bans.allow-build-scripts to bans.build.allow-build-scripts. bans.allow-build-scripts is still supported, but emits a warning.