- Update to version 0.20.0~git66.972ac93:
* build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193)
* build(deps): bump softprops/action-gh-release (#1192)
* build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191)
* build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190)
* build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189)
* update `gix` to v0.63 for security fixes
* Upgrade to auditable-info 0.7.2
* build(deps): bump rust-embed from 8.2.0 to 8.3.0
* build(deps): bump semver from 1.0.21 to 1.0.23
* Fix typo `then` -> `them` in index.html
* Drop unused import
* Fix typos
* Use clap to properly parse --color argument
* Remove duplicated arguments from bin subcommand
* Support specifying multiple target arches and oses in cargo-audit
* Make Query's target arch & os a Vec<T> instead of Option<T>
* build(deps): bump tame-index from 0.11.0 to 0.11.1
* Apply clippy suggestions
* Adjust binary type filter for WASM
* WIP WASM auditing support
* Fix warnings added in Rust 1.78
* Regenerate Cargo.lock
* Bump rustsec version
* Drop is-terminal line from rustsec changelog; it's a cargo-audit only change
* Update changelog
* build(deps): bump chrono from 0.4.34 to 0.4.38
* build(deps): bump time from 0.3.34 to 0.3.36
* fix after gix update
* update gix and tame-index
OBS-URL: https://build.opensuse.org/request/show/1177204
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=37
- Update to version 0.19.0~git0.c9d1fbe:
* Bump version to 0.19.0
* Update changelog to 0.19
* Fill in link URLs
* Bump version
* populate changelog
* bump version
* Update changelog
* Bump gix to 0.58
* Revert "Merge pull request #1094 from rustsec/revert-1081-gix-upgrade"
* build(deps): bump comrak from 0.18.0 to 0.21.0 (#1090)
* build(deps): bump rust-embed from 6.8.1 to 8.2.0 (#1080)
* Cargo.toml: use `resolver = "2"` (#1095)
* Update abscissa_core and clap; MSRV 1.70 (#1092)
* Revert "gix upgrade to v0.56"
* Fix "error: the borrowed expression implements the required traits" lint
* build(deps): bump actions/cache from 3.0.11 to 4.0.0 (#1088)
* thanks clippy
* upgrade `gix` to v0.56 and `tame-index` to v0.9 to match it
* Bump platforms version to 3.3.0
* Regenerate platforms crate
* build(deps): bump url from 2.4.1 to 2.5.0 (#1071)
* Add a `source` field to `rustsec::Error`, and use it in simple cases. (#1067)
* build(deps): bump fs-err from 2.10.0 to 2.11.0 (#1069)
* Bump rustsec version
* Update changelog
* Turn link into an automatic link
* Display the chain of sources for errors in `cargo audit`
* bump cargo-lock msrv in another place too
* bump cargo-lock msrv again from 1.66 to 1.67
OBS-URL: https://build.opensuse.org/request/show/1144760
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=35
- Update to version 0.18.3~git0.3544515:
* Bump version
* Populate changelog
* Update the `fix` subcommand to the new API
* Fix deadlock on missing lockfile
* build(deps): bump regex from 1.9.5 to 1.10.2
* Update rustsec changelog
* Configure `gix` with `max-performance-safe` feature
* feat: let `Severity` implement `Hash`
* Bump rustsec version to 0.28.3
* Bump date
* Changelog for 0.28.3
* fix typo
* fix typo
* Update rustsec/src/repository/git/repository.rs
* Expand documentation on locking
* build(deps): bump webpki from 0.22.1 to 0.22.2
* Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors
* cargo fmt
* Use Result instead of an unwrap()
* Fix DB directory locking
* Regenerate Cargo.lock
* Add comment
* Migrade rustsec-admin to tame-index 0.7
* bump gix version in admin too
* cargo fmt
* Switch from Git-compatible locks to OS locks in database checkout
* Purge gix lock to rustsec error conversion; I am removing gix locks
* Only create LockTimeout error variant from tame-index locks
* cargo fmt
OBS-URL: https://build.opensuse.org/request/show/1120657
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=31
- Update to version 0.17.5~git0.dc8ec71:
* Set the release date in changelog
* Bump `cargo-audit` version
* Bump `rustsec` crate requirement to 0.26.5, to mandate the version with the fixed libgit2
* Fill in the CHANGELOG
* Do not run all tests from the default feature set twice
* cargo fmt
* Fix version reporting
* Update openssl in Cargo.lock files
* More changelog entries
* cargo fmt
* Fix type inference error
* Fill in changelog
* Bump version to 0.26.5
* build(deps): bump regex from 1.7.1 to 1.7.2
* build(deps): bump rust-embed from 6.4.2 to 6.6.0
* build(deps): bump chrono from 0.4.23 to 0.4.24
* Bump crates-index to 0.19
* rustsec: Fix git2 via cargo-edit-9 fork
* fix(cargo-audit): set clap bin_name to cargo (#824)
* fix(cargo-audit): Better the formatting of severity output
* Add vulnerability severity to the cargo-audit report presenter
* test(cargo-audit): Ensure informational warnings are shown by default
* fix(cargo-audit): Add unsound and notice to default informational warnings
* Resolves#622
* fix(cargo-audit): Remove latest commit signature check
* Re-enable MacOS CI with `--all-features`
* Bump `platforms` version
* Regenerate the `platforms` crate for rustc 1.69.0-nightly (8996ea93b 2023-02-09)
* build(deps): bump toml from 0.7.1 to 0.7.2 (#811)
OBS-URL: https://build.opensuse.org/request/show/1074529
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=29
- Update to version 0.17.4~git0.0b05e18:
* Set 0.17.4 date in changelog
* Bump `cargo-audit` to 0.17.4
* Update documentation for 0.17.4; `cargo audit bin` is now officially enabled by default
* Fix homepage style on mobile (#755)
* Add comment
* Only attempt to check for yanked crates for crates coming from crates.io
* Remove an unused inport
* placate Clippy
* cargo fmt
* Fix#747 in `cargo-audit instead, and don't silence errors that occur during checking for yanked crates`
* Revert "Only check if a package is yanked if it comes from crates.io; fixes#747" This is a significant behavioral change that should only come with a semver bump
* Add tests validating yank behavior so that #747 can't regress again
* Only check if a package is yanked if it comes from crates.io; fixes#747
* Add a test fixture depending on a yanked crate
* Consolidate CODE_OF_CONDUCT.d files into one; switch to Rust code of conduct (#751)
* Release rustsec-admit 0.8.3
* fix links in admin/CHANGELOG.md
* bump `platforms` to 3.0.2
* regenerate `platforms` crate
* Prepare rustsec-admin release
OBS-URL: https://build.opensuse.org/request/show/1034646
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=27
- Update to version 0.15.0~git0.16c8aa4:
* cargo-audit v0.15.0 (#392)
* rustsec-admin v0.5.0 (#389)
* README.md: 🦀🛡️📦
* rustsec v0.24.0 (#388)
* OSV export (#366)
* Bump semver from 1.0.1 to 1.0.3
* Bump semver from 1.0.0 to 1.0.1 (#381)
* Bump git2 from 0.13.19 to 0.13.20 (#375)
* Bump crates-index from 0.16.6 to 0.16.7 (#380)
* cargo-lock v7.0.0 (#379)
* Bump to semver 1.0.0 (#378)
* rustsec-admin v0.4.3 (#374)
* list-affected-versions: Also print the crate in question
* Bump crates-index from 0.16.5 to 0.16.6
* Fix doc comments
* Added docs
* Clean up the code and commit stuff I forgot to add to git
* Implement list-affected-versions subcommand, works fine with current DB
* Add list-affected-versions subcommand stub
* Clarify error message
* Update the crates.io index if not up to date
* Drop ureq dependency
* cargo fmt
* Better error reporting
* Initial untested attempt to get rid of crates.io API querying completely
* Comment, thanks Alex
* cargo fmt
* Fix crates.io API interaction
* Ditched crates_io_api crate, did the same thing with ureq. Gets rid of tokio and a whole lot of other deps. Fixes breakage due to the recent crates.io API breakage, and prevents similar breakage in the future
OBS-URL: https://build.opensuse.org/request/show/904008
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=6
