Accepting request 1177429 from devel:languages:rust

OBS-URL: https://build.opensuse.org/request/show/1177429
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cargo-audit?expand=0&rev=19
This commit is contained in:
Ana Guerrero 2024-05-29 17:36:04 +00:00 committed by Git OBS Bridge
commit b5f560af87
7 changed files with 134 additions and 10 deletions

View File

@ -3,8 +3,9 @@
<param name="url">https://github.com/RustSec/rustsec.git</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="scm">git</param>
<param name="revision">cargo-audit/v0.19.0</param>
<param name="match-tag">cargo-audit*</param>
<!-- <param name="revision">cargo-audit/v0.20.0</param> -->
<param name="revision">main</param>
<param name="match-tag">cargo-audit/v*</param>
<param name="versionrewrite-pattern">.*v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
@ -19,7 +20,8 @@
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">rustsec</param>
<param name="compression">zst</param>
<param name="update">true</param>
<param name="update">false</param>
<param name="i-accept-the-risk">RUSTSEC-2024-0019</param>
</service>
<service name="cargo_audit" mode="disabled">
<param name="srcdir">rustsec</param>

View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/RustSec/rustsec.git</param>
<param name="changesrevision">c9d1fbe0637c98e33177124f2934dc7e4dd24451</param></service></servicedata>
<param name="changesrevision">972ac9329076e2e6347a8324dc95ec4cc35561a1</param></service></servicedata>

View File

@ -1,3 +1,125 @@
-------------------------------------------------------------------
Tue May 28 05:14:03 UTC 2024 - william.brown@suse.com
- Update to version 0.20.0~git66.972ac93:
* build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193)
* build(deps): bump softprops/action-gh-release (#1192)
* build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191)
* build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190)
* build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189)
* update `gix` to v0.63 for security fixes
* Upgrade to auditable-info 0.7.2
* build(deps): bump rust-embed from 8.2.0 to 8.3.0
* build(deps): bump semver from 1.0.21 to 1.0.23
* Fix typo `then` -> `them` in index.html
* Drop unused import
* Fix typos
* Use clap to properly parse --color argument
* Remove duplicated arguments from bin subcommand
* Support specifying multiple target arches and oses in cargo-audit
* Make Query's target arch & os a Vec<T> instead of Option<T>
* build(deps): bump tame-index from 0.11.0 to 0.11.1
* Apply clippy suggestions
* Adjust binary type filter for WASM
* WIP WASM auditing support
* Fix warnings added in Rust 1.78
* Regenerate Cargo.lock
* Bump rustsec version
* Drop is-terminal line from rustsec changelog; it's a cargo-audit only change
* Update changelog
* build(deps): bump chrono from 0.4.34 to 0.4.38
* build(deps): bump time from 0.3.34 to 0.3.36
* fix after gix update
* update gix and tame-index
* fix cargo clippy warning and error
* cargo-audit: remove is-terminal dep
* build(deps): bump regex from 1.10.3 to 1.10.4
* Regenerate Cargo.lock
* Bump tame-index and gix versions
* chore: regenerate platform support and bump to platforms@3.4.0
* Document to use cargo install with --locked (fixes #1152)
* Release `rustsec` 0.29.1
* Revert rustsec-admin Cargo.toml entirely
* Bump required tame-index version in admin as well
* Upgrade to gix 0.60 to fix build
* build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1135)
* build(deps): bump auditable-serde from 0.6.0 to 0.6.1
* build(deps): bump toml_edit from 0.22.5 to 0.22.6
* build(deps): bump time from 0.3.32 to 0.3.34
-------------------------------------------------------------------
Tue May 28 04:57:40 UTC 2024 - william.brown@suse.com
- Update to version 0.20.0~git0.6f4ca87:
* Bump version numbers
* Mention enterprise firewall issue in cargo-audit changelog too
* Fill in cargo-audit changelog
* Expand upon the rewrite description in rustsec changelog
* Fill in rustsec changelog
* Fix link
* build(deps): bump softprops/action-gh-release (#1114)
* build(deps): bump toml_edit from 0.21.1 to 0.22.5 (#1123)
* Bump askama to 0.12
* Update yanked package
* Drop libgit2 advisory from ignore list now that we got rid of libgit2
* build(deps): bump toml_edit from 0.19.15 to 0.21.1
* build(deps): bump chrono from 0.4.33 to 0.4.34
* build(deps): bump is-terminal from 0.4.11 to 0.4.12
* Improve fixer documentation
* Move Cargo path detection out of rustsec and into cargo-audit, to make rustsec more flexible
* Remove rustsec `fix` feature and always enable the fixer, now that it doesn't pull in additional dependencies
* Fix syntax
* Apply review suggestion (style)
* Update cargo-audit/src/commands/audit/fix.rs
* Run `cargo update` in the same dir as Cargo.lock
* Revert 'fix' being a default feature
* Placate clippy
* Print a nice summary at the end
* Better wording
* Remove extraneous newline
* prettier printing
* More detailed reporting
* Set the correct(ish) exit status in dry run mode
* Keep track of unpatchable vulns and failures
* Warn about vulnerabilities without patched versions and do not attempt to upgrade those crates
* Only attempt to upgrade vulnerable versions of a given package
* Fix: run `cargo update`, not just `cargo`
* Add a note that `fix` is experimental
* Update cargo.lock in the wake of cargo-edit removal
* Drop the now-unused dependency cargo-edit
* Drop obsolete Cargo.toml locating logic that breaks in presence of workspaces
* Do not require passing manifest path
* Drop unused imports
* Adapt `cargo audit fix` to the changed rustsec fix api
* Simplify rustsec part of `cargo audit fix`
* cargo fmt
* WIP
* No need to generate lockfile explicitly now that we call `cargo update`, remove that code
* WIP conversion of cargo-audit to the new rustsec fixer API
* cargo fmt
* Do not run `cargo update` when auditing
* Better docs on fixer
* Drop lifetimes from the fixer struct; they are a pointless flex - the cost of cloning is absolutely dwarfed by the cost of calling a subprocess.
* Implement initial prototype of `cargo update`-based package upgrading
* .cargo/audit.toml: ignore RUSTSEC-2024-0013 (#1111)
* WIP
* WIP
* Accept a &Path without allocating for giggles
* Comment out soon-to-be-removed code and make lifetimes work out
* Fix pkgid function signature to accept an immutable borrow
* Bump rustsec to 0.28.6
* Add pkgid function
* Temporarily make 'fix' feature default to ease development
* build(deps): bump is-terminal from 0.4.10 to 0.4.11 (#1105)
* Bump rustsec-admin to 0.8.9
* Rebase
* Remove PYSEC ids
* Update sync for various changes
* HTTPS download for OSV export
* Improve output format
* Add a command to synchronize advisory data from osv.dev/GHSA
* build(deps): bump tame-index from 0.9.2 to 0.9.3
-------------------------------------------------------------------
Wed Feb 07 01:23:27 UTC 2024 - william.brown@suse.com

View File

@ -20,7 +20,7 @@
%global workspace_name rustsec
Name: cargo-audit
Version: 0.19.0~git0.c9d1fbe
Version: 0.20.0~git66.972ac93
Release: 0
Summary: Audit rust sources for known security vulnerabilities
License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:237b934352286b38ad7f4e0e545f9e67605914e38ec68196d8b257661bddf1f2
size 651640

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b2aa891ed289a8b0ec3165b52722186d5898a5316e022a8da22476b0cf2d2c76
size 656733

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c27b01a0c69d0ff63577698ac5012ff802953f3311a5954b3b34834e6fb9dc3b
size 35729216
oid sha256:f59ca58cb89d414d147ff2caba6b985b0f8edf8be874648dbd71ac64614e4965
size 31573688