rpm/cargo-audit
SHA256
1
0
Fork 0
forked from pool/cargo-audit
Code Pull Requests Activity
factory
cargo-audit/cargo-audit.changes

1283 lines
52 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Tue Sep 10 23:56:50 UTC 2024 - William Brown <william.brown@suse.com>
- explicitly depend on cargo to pull in latest compiler revision
-------------------------------------------------------------------
Tue May 28 05:14:03 UTC 2024 - william.brown@suse.com
- Update to version 0.20.0~git66.972ac93:
* build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193)
* build(deps): bump softprops/action-gh-release (#1192)
* build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191)
* build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190)
* build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189)
* update `gix` to v0.63 for security fixes
* Upgrade to auditable-info 0.7.2
* build(deps): bump rust-embed from 8.2.0 to 8.3.0
* build(deps): bump semver from 1.0.21 to 1.0.23
* Fix typo `then` -> `them` in index.html
* Drop unused import
* Fix typos
* Use clap to properly parse --color argument
* Remove duplicated arguments from bin subcommand
* Support specifying multiple target arches and oses in cargo-audit
* Make Query's target arch & os a Vec<T> instead of Option<T>
* build(deps): bump tame-index from 0.11.0 to 0.11.1
* Apply clippy suggestions
* Adjust binary type filter for WASM
* WIP WASM auditing support
* Fix warnings added in Rust 1.78
* Regenerate Cargo.lock
* Bump rustsec version
* Drop is-terminal line from rustsec changelog; it's a cargo-audit only change
* Update changelog
* build(deps): bump chrono from 0.4.34 to 0.4.38
* build(deps): bump time from 0.3.34 to 0.3.36
* fix after gix update
* update gix and tame-index
* fix cargo clippy warning and error
* cargo-audit: remove is-terminal dep
* build(deps): bump regex from 1.10.3 to 1.10.4
* Regenerate Cargo.lock
* Bump tame-index and gix versions
* chore: regenerate platform support and bump to platforms@3.4.0
* Document to use cargo install with --locked (fixes #1152)
* Release `rustsec` 0.29.1
* Revert rustsec-admin Cargo.toml entirely
* Bump required tame-index version in admin as well
* Upgrade to gix 0.60 to fix build
* build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1135)
* build(deps): bump auditable-serde from 0.6.0 to 0.6.1
* build(deps): bump toml_edit from 0.22.5 to 0.22.6
* build(deps): bump time from 0.3.32 to 0.3.34
-------------------------------------------------------------------
Tue May 28 04:57:40 UTC 2024 - william.brown@suse.com
- Update to version 0.20.0~git0.6f4ca87:
* Bump version numbers
* Mention enterprise firewall issue in cargo-audit changelog too
* Fill in cargo-audit changelog
* Expand upon the rewrite description in rustsec changelog
* Fill in rustsec changelog
* Fix link
* build(deps): bump softprops/action-gh-release (#1114)
* build(deps): bump toml_edit from 0.21.1 to 0.22.5 (#1123)
* Bump askama to 0.12
* Update yanked package
* Drop libgit2 advisory from ignore list now that we got rid of libgit2
* build(deps): bump toml_edit from 0.19.15 to 0.21.1
* build(deps): bump chrono from 0.4.33 to 0.4.34
* build(deps): bump is-terminal from 0.4.11 to 0.4.12
* Improve fixer documentation
* Move Cargo path detection out of rustsec and into cargo-audit, to make rustsec more flexible
* Remove rustsec `fix` feature and always enable the fixer, now that it doesn't pull in additional dependencies
* Fix syntax
* Apply review suggestion (style)
* Update cargo-audit/src/commands/audit/fix.rs
* Run `cargo update` in the same dir as Cargo.lock
* Revert 'fix' being a default feature
* Placate clippy
* Print a nice summary at the end
* Better wording
* Remove extraneous newline
* prettier printing
* More detailed reporting
* Set the correct(ish) exit status in dry run mode
* Keep track of unpatchable vulns and failures
* Warn about vulnerabilities without patched versions and do not attempt to upgrade those crates
* Only attempt to upgrade vulnerable versions of a given package
* Fix: run `cargo update`, not just `cargo`
* Add a note that `fix` is experimental
* Update cargo.lock in the wake of cargo-edit removal
* Drop the now-unused dependency cargo-edit
* Drop obsolete Cargo.toml locating logic that breaks in presence of workspaces
* Do not require passing manifest path
* Drop unused imports
* Adapt `cargo audit fix` to the changed rustsec fix api
* Simplify rustsec part of `cargo audit fix`
* cargo fmt
* WIP
* No need to generate lockfile explicitly now that we call `cargo update`, remove that code
* WIP conversion of cargo-audit to the new rustsec fixer API
* cargo fmt
* Do not run `cargo update` when auditing
* Better docs on fixer
* Drop lifetimes from the fixer struct; they are a pointless flex - the cost of cloning is absolutely dwarfed by the cost of calling a subprocess.
* Implement initial prototype of `cargo update`-based package upgrading
* .cargo/audit.toml: ignore RUSTSEC-2024-0013 (#1111)
* WIP
* WIP
* Accept a &Path without allocating for giggles
* Comment out soon-to-be-removed code and make lifetimes work out
* Fix pkgid function signature to accept an immutable borrow
* Bump rustsec to 0.28.6
* Add pkgid function
* Temporarily make 'fix' feature default to ease development
* build(deps): bump is-terminal from 0.4.10 to 0.4.11 (#1105)
* Bump rustsec-admin to 0.8.9
* Rebase
* Remove PYSEC ids
* Update sync for various changes
* HTTPS download for OSV export
* Improve output format
* Add a command to synchronize advisory data from osv.dev/GHSA
* build(deps): bump tame-index from 0.9.2 to 0.9.3
-------------------------------------------------------------------
Wed Feb 07 01:23:27 UTC 2024 - william.brown@suse.com
- Update to version 0.19.0~git0.c9d1fbe:
* Bump version to 0.19.0
* Update changelog to 0.19
* Fill in link URLs
* Bump version
* populate changelog
* bump version
* Update changelog
* Bump gix to 0.58
* Revert "Merge pull request #1094 from rustsec/revert-1081-gix-upgrade"
* build(deps): bump comrak from 0.18.0 to 0.21.0 (#1090)
* build(deps): bump rust-embed from 6.8.1 to 8.2.0 (#1080)
* Cargo.toml: use `resolver = "2"` (#1095)
* Update abscissa_core and clap; MSRV 1.70 (#1092)
* Revert "gix upgrade to v0.56"
* Fix "error: the borrowed expression implements the required traits" lint
* build(deps): bump actions/cache from 3.0.11 to 4.0.0 (#1088)
* thanks clippy
* upgrade `gix` to v0.56 and `tame-index` to v0.9 to match it
* Bump platforms version to 3.3.0
* Regenerate platforms crate
* build(deps): bump url from 2.4.1 to 2.5.0 (#1071)
* Add a `source` field to `rustsec::Error`, and use it in simple cases. (#1067)
* build(deps): bump fs-err from 2.10.0 to 2.11.0 (#1069)
* Bump rustsec version
* Update changelog
* Turn link into an automatic link
* Display the chain of sources for errors in `cargo audit`
* bump cargo-lock msrv in another place too
* bump cargo-lock msrv again from 1.66 to 1.67
* bump cargo-lock msrv from 1.65 to 1.66
* cargo update
* Update to tame-index 0.8.x and gix 0.55.x
* build(deps): bump rustix from 0.37.21 to 0.37.27
* fix typo html in advisory scores (#1059)
* https://github.com/rustsec/rustsec/pull/1057#pullrequestreview-1714037690
* fix https://github.com/rustsec/rustsec/issues/503
* bump version
* regenerate platforms crate
-------------------------------------------------------------------
Thu Jan 4 02:03:56 UTC 2024 - William Brown <william.brown@suse.com>
- bsc#1218227 - update vendored dependencies for ssh terrapin attack
-------------------------------------------------------------------
Fri Oct 27 03:17:26 UTC 2023 - william.brown@suse.com
- Update to version 0.18.3~git0.3544515:
* Bump version
* Populate changelog
* Update the `fix` subcommand to the new API
* Fix deadlock on missing lockfile
* build(deps): bump regex from 1.9.5 to 1.10.2
* Update rustsec changelog
* Configure `gix` with `max-performance-safe` feature
* feat: let `Severity` implement `Hash`
* Bump rustsec version to 0.28.3
* Bump date
* Changelog for 0.28.3
* fix typo
* fix typo
* Update rustsec/src/repository/git/repository.rs
* Expand documentation on locking
* build(deps): bump webpki from 0.22.1 to 0.22.2
* Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors
* cargo fmt
* Use Result instead of an unwrap()
* Fix DB directory locking
* Regenerate Cargo.lock
* Add comment
* Migrade rustsec-admin to tame-index 0.7
* bump gix version in admin too
* cargo fmt
* Switch from Git-compatible locks to OS locks in database checkout
* Purge gix lock to rustsec error conversion; I am removing gix locks
* Only create LockTimeout error variant from tame-index locks
* cargo fmt
* Update docs
* regenerate Cargo.lock
* Initial conversion to tame-index 0.7.1. Compiles but untested.
* Bump admin version
* Populate changelog for admin
* Update Clippy to fix useless warnings
* admin: use `gix` max-performance-safe instead of max-performance
* configure `gix` for best performance
* Bump version to 0.18.2
* thanks clippy
* Populate changelog for cargo-audit
* Require rustsec 0.28.2 in cargo-audit to fix RUSTSEC-2023-0064
* change edition to 2021
* Use tame-index which switches `rustsec-admin` to `gix`.
* Bump version to 0.28.2
* Populate changelog
* Drop hyperlinks to gix in documentation because we don't have the necessary features enabled. Temporary hack to unblock a release with a security fix
* Fix up code to deal with API changes
* Bump tame-index, explicitly depend on `gix` to enable the necessary features
* Fix error reporting on stale lockfile
* build(deps): bump termcolor from 1.2.0 to 1.3.0 (#1009)
* build(deps): bump chrono from 0.4.30 to 0.4.31
* build(deps): bump xml-rs from 0.8.17 to 0.8.18
* Fix `deny = ["warnings"]` being ignored (#995)
* rustsec-admin 0.8.7 (#998)
* Additional information in advisory content (#997)
* build(deps): bump chrono from 0.4.29 to 0.4.30
* commit Cargo.lock
* bump rustsec crate to 0.28.1
* bump tame-index version requirement to 0.5.5, it contains the HTTP/2 change
* Populate changelog
* cargo fmt
* Do not require http2 when establishing the connection
* build(deps): bump chrono from 0.4.27 to 0.4.29
* Appease clippy
* Do not re-lookup packages that are already cached
* build(deps): bump regex from 1.9.4 to 1.9.5
* build(deps): bump xml-rs from 0.8.16 to 0.8.17
* build(deps): bump actions/checkout from 3 to 4
* review feedback: reduce boilerplate
* replace feature default, with v3 and std
* make 'cargo test --no-default-features' run without errors
* Add manual trigger mechanism to release workflow
* Drop remaining 'fix' features
* cargo-audit v0.18.1 (#981)
* Release workflow: don't enable `fix` and `vendored-openssl` features
* Bump versions
* Fill in release date in changelogs
* commit Cargo.lock
* bump rustsec requirement in admin
* Commit Cargo.lock
* bump cargo-audit version to 0.18.0-rc.1
* Bump rustsec to 0.28.0-rc.1
* Mention `fix` feature not being converted in changelog
* Fill in cargo-audit changelog
* build(deps): bump time from 0.3.27 to 0.3.28
* build(deps): bump chrono from 0.4.26 to 0.4.27
* build(deps): bump url from 2.4.0 to 2.4.1
* build(deps): bump regex from 1.9.3 to 1.9.4
* Exclude auto-generation scripts from the published package
* Ignore the file downloaded by the regeneration script
* Bump `platforms` version
* Add myself to authors, I've built out the whole autogeneration infrastructure
* Re-run the generation script
* Bring back the hyperlinks in README.md
* Automatically regenerate the table of known platforms in README
* Turn links into hyperlinks to stop recent rustdoc from complaining (#965)
* Bump version
* Regenerate platforms crate
* Bump MSRV in README.md
* Add another PR
* Also filter warnings by binary type in `cargo audit bin`
* fix build
* Add `affected` field to warnings in `rustsec` so that we could enable platform filtering in `cargo audit bin`
* Correctly state MSRV in changelog
* Populate changelog for the rustsec crate
* remove redundant clone as advised by clippy
* placate clippy
* placate clippy
* Cargo fmt
* Add more methods to CommitHash
* Add forgotten file
* WIP wrapper for gix::ObjectId
* cargo fmt
* Do not expose `toml` types through the public API
* Drop `toml` crate from the public API as well
* Drop unused Error conversion impl
* Add a TODO
* Slightly better doc comments
* Do not expose gix types in the Error public API
* Use a private function for converting from tame_index::Error to rustsec::Error
* don't pub use gix, we do not want it to leak into the public API
* cargo fmt
* Put import at the top to fix doc links
* Feature-gate tame_inxed import
* cargo fmt
* Fix build
* build(deps): bump time from 0.3.26 to 0.3.27
* build(deps): bump tame-index from 0.5.3 to 0.5.4
* cargo fmt
* Handle #[non_exhaustive] enum from tame-index
* Fix remaining discrepancies
* WIP conversion to tame-index 0.5.x and gix 0.52.x
* Fix unknown license handling (#956)
* Print the GHSA URL for GHSA advisories, take 2
* Revert "Print the GHSA URL for GHSA advisories"
* Print the GHSA URL for GHSA advisories
* Expose License type
* Rename license variants
* Implement license + url
* Bump hermit-abi to move away from a yanked version
* Bump rustls-webpki to resolve RUSTSEC-2023-0053
* build(deps): bump regex from 1.9.1 to 1.9.3
* build(deps): bump toml from 0.7.5 to 0.7.6
* build(deps): bump regex from 1.8.4 to 1.9.1
* build(deps): bump time from 0.3.25 to 0.3.26
* Regenerate Cargo.lock
* Use native certificates for TLS
* build(deps): bump petgraph from 0.6.3 to 0.6.4
* build(deps): bump tame-index from 0.4.0 to 0.4.1
* Document locking considerations
* More consistent status printing
* cargo fmt
* Warn before waiting on crates.io cache locks. Verbose but cannot be expressed via a higher-order function, and macros would make it much worse.
* Add lock timeout parameter to open() and fetch()
* Split creating a new remote index into a separate function in preparation for more complex logic around it
* Add a comment
* Drop manual map_err now that the conversion is implemented on rustsec::Error
* cargo fmt made the code more succinct for once, drop my comment complaining about verbosity
* cargo fmt
* Convert from lock error rather than from its immutable borrow
* Implement From conversions for LockTimeout error variant, since we will need to reuse it
* build(deps): bump tame-index from 0.3.1 to 0.4.0
* Fix doc links
* More clear documentation
* Less esoteric pattern matching
* silence unused variable warnings
* Convert cargo-audit to use explicit locking
* Update docs to match code
* Drop unused import
* Create a separate error kind for lock timeouts, and expose configurable lock timeouts from the advanced fetching function only
* Fix docs
* cargo fmt
* Provide a rationale for the bulk API
* Hide index implementation details and remove the performance pitfall of calling is_yanked on individual packages
* Migrate check_for_yanked_crates() to the bulk API
* cargo fmt
* Do not short-cirquit on index update failure
* Rework bulk yank-checking code to report errors granularly instead of short-cirquiting on first error it encounters
* Transparently populate cache from `find_yanked`
* Documentation tweaks
* Even more caching for even faster CI
* Fix intra-doc links
* Explicitly document locking considerations
* Revert "Re-enable self-audit"
* Re-unify CI matrix, fulfilling a TODO
* Attempt to fix CI by explicitly generating the lockfile
* Re-enable self-audit
* Dummy commit to trigger a CI re-run
* Add rust-cache job properly now
* Revert "Add Rust-specific caching job to see if that speeds up CI"
* Dummy commit to trigger a CI re-run
* Add Rust-specific caching job to see if that speeds up CI
* Switch rustsec crate CI back to MSRV to see what happens
* Drop --release from rustsec CI, the tests execute really quickly in debug mode
* No need to reimplement CmdRunner::default() now that binary scanning is a default feature
* Drop the --release flag so that the compilation artifacts could be reused - Abscissa doesn't seem to have an option to run acceptance tests with `cargo run --release`
* Switch to Rust 1.71.0 for select jobs
* Placate both versions of rustfmt
* cargo fmt
* build(deps): bump semver from 1.0.17 to 1.0.18
* Add a TODO
* Re-add some of the comments
* Normalize time offsets to UTC
* Justify clippy opt-out
* Undo autoformat
* Finish up transition to gix
* WIP
* build(deps): bump xml-rs from 0.8.14 to 0.8.16
* Ignore clippy lint
* Checkpoint
* Update error message
* Use `AsyncRemoteSparseIndex::krates_blocking`
* Oops
* Make sparse index cache population parallel
* Fix remaining lints
* Make public
* Fix lint
* Allow clippy lint
* Bump CI
* Bump MSRV to 1.67.0
* Transition from `crates-index` -> `tame-index`
* build(deps): bump atom_syndication from 0.12.1 to 0.12.2 (#921)
* Add license and attribution fields to advisories
* rustsec-admin 0.8.6 (#915)
* Case-insensitive search on website
* build(deps): bump rust-embed from 6.7.0 to 6.8.1 (#909)
* Cargo.lock: bump dependencies (#908)
* build(deps): bump toml from 0.7.3 to 0.7.5 (#904)
* build(deps): bump crates-index from 0.19.8 to 0.19.13 (#903)
* cargo-lock: MSRV 1.65 (#907)
* build(deps): bump openssl from 0.10.52 to 0.10.55 (#906)
* cargo-audit+rustsec: MSRV 1.65 (#905)
* build(deps): bump chrono from 0.4.24 to 0.4.25 (#894)
* Fix edge case in git source dependency resolution
* Update cargo-audit changelog
* Update rustsec crate changelog
* commit Cargo.lock version bump
* Bump rustsec version following the cargo-lock bump
* 🔥 Remove $ from install snippet on README (#879)
* Cargo.lock: update dependencies (#876)
* Bump `cargo-lock` to v0.9 + auditable deps (#875)
* build(deps): bump home from 0.5.4 to 0.5.5 (#874)
* build(deps): bump atom_syndication from 0.12.0 to 0.12.1 (#851)
* build(deps): bump softprops/action-gh-release (#852)
* build(deps): bump rust-embed from 6.6.0 to 6.6.1 (#849)
* build(deps): bump crates-index from 0.19.7 to 0.19.8 (#864)
* cargo-lock v9.0.0 (#870)
* Fix docs build (#871)
* Fix review comments
* Various improvements to the "cargo-lock tree" subcommand
* Fix is_default_registry for sparse index (#859)
* Remove build script for platforms, it's now unused (#856)
* build(deps): bump comrak from 0.16.0 to 0.18.0
* Link to rustsec/audit-check (#854)
* Fix formatting to `cargo fmt` spec.
* Fix #736 - Cargo audit self advisories repeated
* build(deps): bump openssl from 0.10.47 to 0.10.48
* build(deps): bump semver from 1.0.16 to 1.0.17
* cargo fmt
* Wrap binfarce::Format in our own struct to make `binfarce` an optional dependency
* placate clippy
* cargo fmt
* Fix no-default-features compilation by making binfarce an unconditional dependency
* Start fixing up compilation with no default features
* Expand TODO
* Fix filtering by binary type but this makes the dependency on binfarce unconditional (for now)
* Add a FIXME explaining why it's not working
* wire up filtering by binary type
* Initial code for binary-type-based filtering; not wired up yet
-------------------------------------------------------------------
Mon Mar 27 02:52:07 UTC 2023 - william.brown@suse.com
- Update to version 0.17.5~git0.dc8ec71:
* Set the release date in changelog
* Bump `cargo-audit` version
* Bump `rustsec` crate requirement to 0.26.5, to mandate the version with the fixed libgit2
* Fill in the CHANGELOG
* Do not run all tests from the default feature set twice
* cargo fmt
* Fix version reporting
* Update openssl in Cargo.lock files
* More changelog entries
* cargo fmt
* Fix type inference error
* Fill in changelog
* Bump version to 0.26.5
* build(deps): bump regex from 1.7.1 to 1.7.2
* build(deps): bump rust-embed from 6.4.2 to 6.6.0
* build(deps): bump chrono from 0.4.23 to 0.4.24
* Bump crates-index to 0.19
* rustsec: Fix git2 via cargo-edit-9 fork
* fix(cargo-audit): set clap bin_name to cargo (#824)
* fix(cargo-audit): Better the formatting of severity output
* Add vulnerability severity to the cargo-audit report presenter
* test(cargo-audit): Ensure informational warnings are shown by default
* fix(cargo-audit): Add unsound and notice to default informational warnings
* Resolves #622
* fix(cargo-audit): Remove latest commit signature check
* Re-enable MacOS CI with `--all-features`
* Bump `platforms` version
* Regenerate the `platforms` crate for rustc 1.69.0-nightly (8996ea93b 2023-02-09)
* build(deps): bump toml from 0.7.1 to 0.7.2 (#811)
* build(deps): bump petgraph from 0.6.2 to 0.6.3 (#810)
* Use new feature/dependency syntax (#809)
* build(deps): bump toml from 0.7.0 to 0.7.1 (#806)
* build(deps): bump toml from 0.6.0 to 0.7.0 (#805)
* admin: bump `chrono` to v0.4.23 (#803)
* build(deps): bump atom_syndication from 0.11.0 to 0.12.0 (#777)
* build(deps): bump comrak from 0.15.0 to 0.16.0 (#802)
* build(deps): bump toml from 0.5.9 to 0.6.0 (#797)
* Bump `toml` crate dependency to v0.6 (#800)
* Cargo.lock: bump dependencies (#799)
* build(deps): bump regex from 1.6.0 to 1.7.1 (#785)
* cvss: bump MSRV to 1.60 (#798)
* build(deps): bump fs-err from 2.8.1 to 2.9.0 (#744)
* build(deps): bump termcolor from 1.1.3 to 1.2.0 (#791)
* cargo-audit: refactor OS-specific CI configuration (#796)
* cargo-lock: use `Display` for `io::ErrorKind`; MSRV 1.60 (#794)
* cargo-lock: mark `SourceKind` as `#[non_exhaustive]` (#793)
* cargo-lock: support sparse registry references in Lockfiles (#780)
* release rustsec-admin 0.8.5 (#789)
* release rustsec-admin 0.8.5 (#788)
* Escape search term to prevent reflected XSS (#787)
* Add top-level severity field to OSV advisories
* cargo-lock: implement From<Name> for String (#776)
* build(deps): bump comrak from 0.14.0 to 0.15.0 (#760)
* Bump rust-embed from 6.4.2 to 6.5.0 (#766)
* Bump semver from 1.0.14 to 1.0.16 (#772)
* Bump softprops/action-gh-release (#770)
* cargo-lock v8.0.3 (#768)
* Fixed inconsistency in encoding lockfiles where there's only one registry for all packages (#767)
* Prepare rustsec-admin release 0.8.4 (#765)
* release rustsec 0.26.4
* Make URL a hyperlink
* Add CHANGELOG.md entry
* Store crates.io index versions as strings instead of semver
* Revert "Skip invalid semver in crates.io index"
* Skip invalid semver in crates.io index
* Appease clippy
* Appease clippy
* Add publication date
-------------------------------------------------------------------
Wed Nov 09 00:01:18 UTC 2022 - william.brown@suse.com
- Update to version 0.17.4~git0.0b05e18:
* Set 0.17.4 date in changelog
* Bump `cargo-audit` to 0.17.4
* Update documentation for 0.17.4; `cargo audit bin` is now officially enabled by default
* Fix homepage style on mobile (#755)
* Add comment
* Only attempt to check for yanked crates for crates coming from crates.io
* Remove an unused inport
* placate Clippy
* cargo fmt
* Fix #747 in `cargo-audit instead, and don't silence errors that occur during checking for yanked crates`
* Revert "Only check if a package is yanked if it comes from crates.io; fixes #747" This is a significant behavioral change that should only come with a semver bump
* Add tests validating yank behavior so that #747 can't regress again
* Only check if a package is yanked if it comes from crates.io; fixes #747
* Add a test fixture depending on a yanked crate
* Consolidate CODE_OF_CONDUCT.d files into one; switch to Rust code of conduct (#751)
* Release rustsec-admit 0.8.3
* fix links in admin/CHANGELOG.md
* bump `platforms` to 3.0.2
* regenerate `platforms` crate
* Prepare rustsec-admin release
-------------------------------------------------------------------
Tue Nov 01 22:30:54 UTC 2022 - william.brown@suse.com
- Update to version 0.17.3~git0.fdb9752:
* Set release date in CHANGELOG.md
* Clarify changelog
* Depend on rustsec 0.26.3 which added the CachedIndex used in `cargo audit bin`
* bump cargo-audit to 0.17.3
* bump rustsec to 0.26.3
* More complete changelog for rustsec crate
* Drop obsolete comment - html_root_url no longer exists
* Add cargo-auditable to home page
-------------------------------------------------------------------
Thu Oct 06 23:44:44 UTC 2022 - william.brown@suse.com
- Update to version 0.17.2~git0.bccf8a5:
* Don't use --locked in release workflow to allow publishing again
* cargo-audit: Update CHANGELOG
* Fix `bin` screenshot URL in the README
* Skip dotfiles in advisory-db checkout
* Set the release date in CHANGELOG.md
* Add the `cargo audit bin` screenshot to README
* cargo fmt
* Migrate to the released version of auditable-info
-------------------------------------------------------------------
Mon Oct 3 23:32:29 UTC 2022 - William Brown <william.brown@suse.com>
- Add _constraints to prevent random failures due to OBS resource
issues.
-------------------------------------------------------------------
Wed May 25 00:48:01 UTC 2022 - william.brown@suse.com
- Update to version 0.17.0~git0.5214457:
* cargo-audit v0.17.0 (#576)
* rustsec-admin v0.7.0 (#575)
* rustsec v0.26.0 (#574)
* rustsec: flatten `advisory::id` module; rename `IdKind` (#573)
* rustsec: flatten `warnings` module; rename `WarningKind` (#572)
* rustsec: add `doc_cfg` annotations when building on docs.rs (#571)
* cargo-audit: terminal output fixups (#570)
* cargo-lock v8.0.1 (#569)
* cargo-lock: fix dependency source extraction for V2 lockfiles (#568)
* build(deps): bump cargo-edit from 0.9.0 to 0.9.1 (#566)
-------------------------------------------------------------------
Tue May 24 04:57:51 UTC 2022 - William Brown <william.brown@suse.com>
- Automatic update of vendored dependencies
-------------------------------------------------------------------
Tue Apr 5 05:25:07 UTC 2022 - William Brown <william.brown@suse.com>
- Automatic update of vendored dependencies
-------------------------------------------------------------------
Fri Mar 18 04:46:08 UTC 2022 - William Brown <william.brown@suse.com>
- Update to use cargo-packaging
-------------------------------------------------------------------
Mon Mar 14 02:50:27 UTC 2022 - william.brown@suse.com
- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
-------------------------------------------------------------------
Wed Mar 02 03:46:39 UTC 2022 - wbrown@suse.de
- Update to vendored libraries to resolve security issues
-------------------------------------------------------------------
Fri Dec 3 01:09:15 UTC 2021 - William Brown <william.brown@suse.com>
- Fix incorrect license string
-------------------------------------------------------------------
Mon Nov 15 23:19:01 UTC 2021 - wbrown@suse.de
- Update to version 0.16.0~git0.625c965:
* cargo-audit v0.16.0 (#487)
* rustsec v0.25.1 (#486)
* platforms v2.0.0 (#485)
* platforms: make `Platform::ALL` an inherent constant (#484)
* platforms: make tier modules non-`pub` (#483)
* rustsec-admin v0.6.0 (#482)
* Update atom_syndication to 0.11 (#481)
* rustsec v0.25.0 (#480)
* Cargo.lock: bump dependencies (#479)
* rustsec: flatten API (#478)
-------------------------------------------------------------------
Wed Oct 06 01:20:31 UTC 2021 - wbrown@suse.de
- Update to version 0.15.2~git0.fe0b327:
* cargo-audit v0.15.2 (#435)
* rustsec v0.24.3 (#433)
* Don't label OSV feature as unstable, since OSV 1.0 has shipped
* cargo-audit+rustsec: add `vendored-libgit2` feature (#432)
* cargo-audit v0.15.1 (#430)
* Bump comrak from 0.12.0 to 0.12.1 (#428)
* Bump git2 from 0.13.21 to 0.13.22 (#427)
* Bump comrak from 0.11.0 to 0.12.0 (#426)
* silence Clippy - I want to be explicit here
-------------------------------------------------------------------
Mon Jul 05 05:01:17 UTC 2021 - wbrown@suse.de
- Update to version 0.15.0~git0.16c8aa4:
* cargo-audit v0.15.0 (#392)
* rustsec-admin v0.5.0 (#389)
* README.md: 🦀🛡️📦
* rustsec v0.24.0 (#388)
* OSV export (#366)
* Bump semver from 1.0.1 to 1.0.3
* Bump semver from 1.0.0 to 1.0.1 (#381)
* Bump git2 from 0.13.19 to 0.13.20 (#375)
* Bump crates-index from 0.16.6 to 0.16.7 (#380)
* cargo-lock v7.0.0 (#379)
* Bump to semver 1.0.0 (#378)
* rustsec-admin v0.4.3 (#374)
* list-affected-versions: Also print the crate in question
* Bump crates-index from 0.16.5 to 0.16.6
* Fix doc comments
* Added docs
* Clean up the code and commit stuff I forgot to add to git
* Implement list-affected-versions subcommand, works fine with current DB
* Add list-affected-versions subcommand stub
* Clarify error message
* Update the crates.io index if not up to date
* Drop ureq dependency
* cargo fmt
* Better error reporting
* Initial untested attempt to get rid of crates.io API querying completely
* Comment, thanks Alex
* cargo fmt
* Fix crates.io API interaction
* Ditched crates_io_api crate, did the same thing with ureq. Gets rid of tokio and a whole lot of other deps. Fixes breakage due to the recent crates.io API breakage, and prevents similar breakage in the future
* Add new exit status for errors (#368)
* Bump git2 from 0.13.18 to 0.13.19 (#365)
* cargo-lock: add support for V3 format (#363)
* cvss v1.0.3 (#362)
* CI: gate workflow execution for PRs on changed files
* cvss: fixups
* Update CI badges
* Add some tier 3 targets
* Workspace CI configuration
* Update repo urls in Cargo.toml files
* README.md: add new toplevel one for workspace
* platforms: sync with Rust platform support documentation
* CI configuration
* Wire up Cargo workspace
* cargo-audit: prepare for merge into RustSec monorepo
* rustsec: prepare for merge into RustSec monorepo
* platforms: prepare for merge into RustSec monorepo
* cvss: prepare for merge into RustSec monorepo
* rustsec-admin: prepare for merge into RustSec monorepo
* rustsec-admin: prepare for merge into RustSec monorepo
* Web: Add pages per package (#143)
* v0.4.2 (#142)
* web: Add back an Atom feed for advisories (#140)
* Cargo.lock: bump dependencies (#136)
* Upgrade to GitHub-native Dependabot (#134)
* v0.4.1 (#135)
* Display more information on the website (#133)
* Upgrade to GitHub-native Dependabot (#344)
* Vendor OpenSSL for arm and musl builds (#343)
* Bump git2 from 0.13.17 to 0.13.18 (#314)
* Bump crates-index from 0.16.3 to 0.16.5 (#313)
* Bump comrak from 0.9.1 to 0.10.0 (#129)
* Fix typo in comments about mips64. (#36)
* Bump rustsec from 0.23.2 to 0.23.3 (#128)
* v0.23.3 (#310)
* Workaround for stale git refs (#309)
* Bump rustsec from 0.23.0 to 0.23.2 (#127)
* v0.23.2 (#308)
* Rename advisory-db `master` branch to `main` (#307)
* CI: use actions-rs/audit-check for self-audit (#306)
* Cargo.lock: bump dependencies (#305)
* v0.4.0 (#126)
* v0.3.5 (#124)
* Use rust-embed for static assets (#122)
* Add argument to change where website is outputted (#123)
* v0.23.1 (#301)
* Bump url from 2.2.0 to 2.2.1 (#98)
* Fix parsing error on windows (#295)
* Cargo.lock: bump deps (#296)
* Bump comrak from 0.9.0 to 0.9.1 (#116)
* Use a fully Rust based solution for rendering web page (#115)
* v0.3.4 (#113)
* Bump `rustsec` crate to v0.23 (#112)
* v0.23.0 (#292)
* Cargo.toml: dependency cleanups (#291)
* Add `thread-safety` category (#290)
* Rename default branch to `main` (#289)
* v1.0.1 (#15)
* Rename default branch to `main` (#14)
* Cargo.lock: bump deps (#288)
* v6.0.1 (#96)
* Rename CI workflow (#95)
* Rename default branch to `main` (#94)
* Cargo.lock: bump deps (#93)
* Bump semver-parser from 0.10.0 to 0.10.2 (#280)
* v0.3.3 (#106)
* Cargo.lock: bump dependencies (#105)
* Rename `master` branch to `main` (#104)
* CI config improvements (#103)
* assigner: fix "new year's" bug (#102)
* Bump handlebars from 3.5.1 to 3.5.2 (#101)
* Bump platforms from 1.0.3 to 1.1.0 (#279)
* v1.1.0 (#35)
* Rename default branch to `main` (#34)
* Rename GH Actions workflow to "CI" (#33)
* Update README platform list using table gen
* Add aarch64-apple-darwin, a.k.a. Apple Silicon macOS
* Bump serde from 1.0.117 to 1.0.118 (#88)
* Bump toml from 0.5.7 to 0.5.8 (#89)
* v0.3.2 (#97)
* Bump `rustsec` crate to v0.23.0-pre (#96)
* v0.23.0-pre (#272)
* Rename `repository::GitRepository` to `repository::git::Repository` (#271)
* Rename `fetch` Cargo feature to `git` (#270)
* Use `SystemTime` instead of a `git::Timestamp` type (#269)
* Add support for omitting leading `[advisory]` table (#268)
* Mark enums as non_exhaustive (#267)
* Re-add advisory `references` as a URL list (#266)
* Replace `chrono` with `humantime` (#265)
* Bump `smol_str` to v0.1.17; MSRV 1.46+ (#264)
* Use `url` crate to parse metadata URL (#263)
* Remove `markdown` feature (#262)
* Bump termcolor from 1.1.0 to 1.1.1 (#94)
* Rename `references` to `related` (#261)
* Bump once_cell from 1.5.1 to 1.5.2 (#259)
* Bump crates-index from 0.16.0 to 0.16.2 (#260)
* Bump once_cell from 1.5.0 to 1.5.1 (#92)
* Cargo.lock: bump deps (#258)
* Bump once_cell from 1.4.1 to 1.5.1 (#257)
* .github: rename CI workflow to "CI" (#256)
* Bump once_cell from 1.4.1 to 1.5.0 (#91)
* Bump serde from 1.0.116 to 1.0.117 (#86)
* Bump url from 2.1.1 to 2.2.0 (#87)
* Bump platforms from 1.0.2 to 1.0.3 (#252)
* v1.0.3 (#30)
* fix Platform::guess_current to use actual target architecture (#29)
* v0.3.1 (#89)
* Bump `rustsec` crate to v0.22.2 (#88)
* v0.22.2 (#250)
* Revert "Refactor Advisory type handling (#246)" (#249)
* Cargo.lock: bump dependencies (#248)
* Cargo.lock: bump dependencies (#87)
* v0.22.1 (#247)
* Refactor Advisory type handling (#246)
* Bump handlebars from 3.5.0 to 3.5.1 (#84)
* Bump toml from 0.5.6 to 0.5.7 (#85)
* v0.3.0 (#86)
* Bump `rustsec` crate dependency to v0.22 (#83)
* v0.22.0 (#245)
* Bump `cargo-lock` to v6; `semver` to v0.11 (#244)
* Remove more V2 advisory format vestiges (#243)
* Remove support for the V2 advisory format (#242)
* v0.3.0-pre3 (#82)
* assign-id: fix TOML front matter parsing (#81)
* v0.3.0-pre2 (#80)
* Attempt to fix `assign-id` command (#79)
* v0.22.0-pre3 (#241)
* advisory: mark the `parser` module as `pub` (#240)
* Bump thiserror from 1.0.20 to 1.0.21 (#74)
* Bump rustsec from 0.22.0-pre to 0.22.0-pre2 (#78)
* Bump thiserror from 1.0.20 to 1.0.21 (#232)
* clippy fixes (#77)
* Bump cargo-edit from 0.6.0 to 0.7.0 (#231)
* v0.22.0-pre2 (#239)
* advisory/linter: make V2 advisories fail (#238)
* Bump crates-index from 0.15.4 to 0.16.0 (#237)
* CI: ignore RUSTSEC-2020-0053 (dirs unmaintained) (#236)
* Bump toml from 0.5.6 to 0.5.7 (#233)
* Bump toml from 0.5.6 to 0.5.7 (#85)
* v0.3.0-pre (#73)
* Bump `rustsec` crate to v0.22.0-pre (#72)
* v0.22.0-pre (#230)
* advisory: laxer function path handling (#229)
* linter: fully deprecate `obsolete` in favor of `yanked` (#228)
* advisory: `markdown` feature and `Advisory::description_html` (#227)
* Refactor changes from `fetch` feature (#213) (#226)
* linter: add support for V3 advisory format (#225)
* Bump chrono from 0.4.15 to 0.4.19 (#224)
* cargo fmt
* Linter: correctly handle crates with dashes in names
* v6.0.0 (#84)
* Bump semver from 0.10.0 to 0.11.0 (#83)
* Bump handlebars from 3.3.0 to 3.5.0 (#69)
* Bump `cargo-lock` to v5.0; semver to v0.10; MSRV 1.41+ (#217)
* v5.0.0 (#82)
* rustdoc fixups (#81)
* README.md: switch chat badge to Zulip (#80)
* 5.0.0-rc (#79)
* Add `docsrs` cfg (#78)
* Support for listing a single dependency (#77)
* Implement/extract Cargo-compatible serializer (#76)
* Add `--dependencies` and `--sources` flags to `cargo lock list` (#75)
* Implement `cargo lock tree` without arguments (#74)
* Add `dependency::Tree::roots()` method (#73)
* bin: make `list` the default command (#72)
* Have `cargo lock` command print dependency list (#71)
* Make `cli` feature non-default (#70)
* WASM support; MSRV 1.41+ (#69)
* Bump gumdrop from 0.7.0 to 0.8.0 (#55)
* Bump serde from 1.0.110 to 1.0.116 (#67)
* Bump crates-index from 0.15.3 to 0.15.4 (#215)
* Bump crates-index from 0.15.2 to 0.15.3 (#214)
* Define "fetch" feature (#213)
* Bump `platforms` crate to v1; MSRV 1.40+ (#210)
* v1.0.2 (#28)
* Remove `const fn` on `Platforms::all`; MSRV 1.40+ (#27)
* .github: add 'override: true' directives; MSRV 1.46+ (#26)
* v1.0.1 (#25)
* Make `Platform::all()` a `const fn` (#24)
* Refactor `Platform::find` and `::guess_current` (#23)
* Rename `ALL_PLATFORMS` to `Platform::all()` (#22)
* v1.0.0 (#21)
* Update LICENSE-MIT
* Ensure all types have FromStr, Display, and serde impls
* Documentation fixups
* 2018 edition updates
* Make extensible enums `non_exhaustive`; MSRV 1.40+
* Update deps; whitelist RUSTSEC-2020-0036 (#208)
* Bump git2 from 0.13.8 to 0.13.10 (#207)
* Bump git2 from 0.13.6 to 0.13.8 (#201)
* Bump chrono from 0.4.11 to 0.4.13 (#200)
* Bump crates-index from 0.15.0 to 0.15.1 (#202)
* Fix test
* Add aarch64-pc-windows-msvc
* Bump handlebars from 3.2.1 to 3.3.0 (#60)
* v0.2.1 (#63)
* Added an output mode for use with the production github action (#62)
* v0.2.0 (#57)
* Consistent `assign-id` module naming and comments (#56)
* linter: refactor into `Linter` struct; check all files (#55)
* Cargo.lock: update dependencies (#54)
* Have `assignid` command use new `Date::year` method (#53)
* Bump `rustsec` crate from 0.20.1 to 0.21 (#52)
* v0.21.0 (#198)
* Remove legacy `patched_versions` and `unaffected_versions` (#197)
* Bump crates-index from 0.14.3 to 0.15.0 (#183)
* Rename `obsolete` advisories to `yanked` (#196)
* Make `warning::Kind` a #[non_exhausive] enum; rename `Kind::Notice` (#195)
* Make `Informational` a #[non_exhausive] enum. (#194)
* Cargo.lock: update dependencies (#193)
* CHANGELOG.md: reformat for keepachangelog.com (#192)
* Add `year`, `month`, and `day` methods to `advisory::Date` (#191)
* add 'unsound' informational advisory kind (#189)
* Resolves #30
* v0.20.1 (#186)
* Add `advisory::Id::numerical_part()` (#185)
* Refer to Cargo.lock in help for translate (#62)
* Bump handlebars from 3.0.1 to 3.1.0
* Bump serde from 1.0.104 to 1.0.110
* Bump petgraph from 0.5.0 to 0.5.1
* Bump semver from 0.9.0 to 0.10.0
* Fix clippy errors
* Cargo.lock: update dependencies
* .github: ignore RUSTSEC-2020-0016
* Bump rustsec from 0.19.0 to 0.20.0
* v0.20.0
* Make `WarningInfo` into a simple type alias
* Bump thiserror from 1.0.10 to 1.0.16
* Bump rustsec from 0.18.0 to 0.19.0
* v0.19.0
* Refactor package scopes (fixes #153)
* V3 Advisory Format
* Bump thiserror from 1.0.15 to 1.0.16
* Bump git2 from 0.13.4 to 0.13.5
* Bump MSRV to 1.40
* Bump dependencies to link libgit2 dynamically
* Cargo.lock: update dependencies
* address PR comments
* addres PR comments
* clippy fix
* add WarningInfo. modify Warning struct
* Cargo.lock: update dependencies
* Cargo.lock: update dependencies
* lib.rs: fix incorrect flag in documentation
* Drop support for the V1 advisory format
* Update dependencies
* Cargo.lock: Update dependencies
* Bump rustsec from 0.17.1 to 0.18.0
* v0.18.0
* Move yanked crate auditing to `cargo-audit`
* Bump abscissa_core from 0.5.1 to 0.5.2
* security_audit.yml: Fix branch name
* Bump thiserror from 1.0.9 to 1.0.10
* Bump thiserror from 1.0.9 to 1.0.10
* Bump handlebars from 3.0.0 to 3.0.1
* Bump handlebars from 2.0.4 to 3.0.0
* Bump rustsec from 0.17.0 to 0.17.1
* v0.17.1
* Update `cargo-lock` requirement from 3.0 to 4.0
* Cargo.lock: Update to V2 lockfile format
* README.md: Document CLI `list` and `tree` subcommands
* v4.0.1
* cli: fix executable name
* v4.0.0
* cli: `list` subcommand
* cli: `tree` subcommand
* .github: add security audit
* Initial CLI with `translate` subcommand
* Add From<[u8; 32]> impl for Checksum
* Add helper methods for working with checksum metadata
* Minor documentation improvements
* Use minified version of Cargo's SourceId type
* Bump handlebars from 2.0.2 to 2.0.4
* Bump abscissa_core from 0.5.0 to 0.5.1
* Bump serde from 1.0.101 to 1.0.104
* [Security] Bump http from 0.1.18 to 0.1.21
* Overhaul encoding: use serde_derive, proper V1/V2 support
* Bump termcolor from 1.0.5 to 1.1.0
* (Re-)Add Serialize impl for Lockfile (fixes #32)
* Add support Cargo.lock `patch` and `root` (fixes #30)
* Detect V1 vs V2 Cargo.lock files (fixes #26)
* Update petgraph requirement from 0.4 to 0.5
* Add `package::Checksum`
* Bump once_cell from 1.2.0 to 1.3.1
* Bump rustsec from 0.16.0 to 0.17.0
* Cargo.lock: check in; add `actions-rs` caching
* v0.17.0
* Upgrade `cargo-edit` to v0.5.0 release; MSRV 1.39+
* Bump once_cell from 1.2.0 to 1.3.0
* Bump toml from 0.5.5 to 0.5.6
* Have `Fixer` take a reference to `Vulnerability`
* Extract `cargo audit fix` logic into `Fixer`
* Warn for yanked crates
* add badge from deps.rs
* upgrade dependencies
* Upgrade to Abscissa v0.5
* Add vendored-openssl feature
* refactored package_scope's source attribute to vector of sources
* switched from lazy_static to once_cell for database tests
* fixed formatting
* made advisory db in database test static mutex
* fixed tests for vulnerability querying and changed PackageScope to struct
* added tests for package scope consideration in vulnerability querying
* added package scope for querying vulnerabilities
* try to fix #127
* Bump MSRV to 1.36
* Try to auto-detect proxy setting
* v0.16.0
* Remove `support.toml` parsing
* v0.15.2
* version: Fix matching bug for `>` version requirements
* v0.1.1
* Upgrade to `rustsec` crate v0.15.1
* v0.15.1
* actions: Run cargo-audit, test MSRV, test on Windows
* .github: Use actions-rs GitHub Actions config
* .github: Use actions-rs GitHub Actions config
* .github: Use actions-rs GitHub Actions config
* .github: Use actions-rs GitHub Actions config
* .github: Use actions-rs GitHub Actions config
* linter: Add "informational" as an allowable [advisory] key
* repository: Expose `authentication` module
* v0.15.0
* Upgrade to `cargo-lock` crate v3
* v3.0.0
* Support [[dependencies]] without versions
* v0.14.1
* lib.rs: Remove botched `petgraph` re-export
* Upgrade to cargo-lock v2.0
* v2.0.0
* Use two-pass dependency tree computation
* v2.0.0-pre
* Remove `Lockfile::root_package()`
* Cargo.toml: Fix links
* Cargo.toml: Fix `repository` link
* cli: Move to new repository
* v0.1.0
* linter: Rename command to `lint`; use Abscissa statuses
* README.md: Header quoting fixup
* v0.2.1
* .github/workflows/rust.yml: Initial GitHub Actions config
* Import implementation from the `rustsec` crate repo
* .github/workflows/rust.yml: Initial GitHub actions config
* v0.14.0
* Initial commit
* warning: Extract into module; make more like `Vulnerability`
* Upgrade to `cvss` crate v1.0
* v1.0.0
* .github/workflows/rust.yml: Migrate to GitHub Actions
* .github/workflows/rust.yml: Update template
* Upgrade to `cargo-lock` crate v1.0
* v1.0.0
* dependency/tree: Render trees to an io::Write
* v1.0.0-pre
* metadata: Generalize into `Key` and `Value` types
* .github/workflows/rust.yml: Trigger on [push]
* .github/workflows/rust.yml: Initial Actions config
* Refactor dependency handling
* cli: Add `rustsec web` subcommand
* cli: Add `rustsec check` subcommand
* cli: Initial application boilerplate
* v0.13.0
* Finish GitHub Actions migration
* rust.yml: Initial GitHub actions config
* v0.13.0-alpha4
* linter: Ensure advisory date's year matches year in advisory ID
* v0.13.0-alpha3
* v0.2.1
* Allow empty `[metadata]` in Cargo.lock files
* Use the `cargo-lock` crate
* v0.2.0
* dependency_graph: Move petgraph types into a module
* Fix links and add badges
* v0.1.0
* Index DependencyGraph by package::Release
* Import `DependencyGraph` from the `rustsec` crate
* Import implementation from the `rustsec` crate
* .travis.yml: Initial Travis CI config
* Initial commit
* v0.13.0-alpha2
* lockfile: Add (optional) DependencyGraph analysis
* v0.13.0-alpha1
* Fix unaffected versions
* Restructure Vulnerability
* Rename 'db' module to 'database'
* report: Generate warnings for selected informational advisories
* vulnerability: Add affected_functions()
* Add advisory::Linter
* package: Parse dependencies from Cargo.lock
* Initial `report` module and built-in report-generating
* v0.3.0
* Support for re-serializing CVSS v3.0 values
* CVSS v3.0 parsing support
* severity: Add `FromStr` and `serde` support
* Use index allocation for storing advisories
* Basic query support
* Index the `rust` advisory directory from RustSec/advisory-db
* Add first-class support for GitHub Security Advisories (GHSA)
* Re-vendor Cargo's git authentication code
* Further broaden categories
* support.toml for indicating supported versions
* Add support for "informational" advisories (closes #134)
* Add `advisory::Category` (closes RustSec/advisory-db#69)
* Refactor advisory types: add [affected] and [versions] sections
* advisory: Add (optional) `cvss` field with CVSS v3.1 score
* v0.2.0
* Add `Base::exploitability` and `impact` methods; docs
* serde support
* Freshen deps: add `home`, remove `directories` and `failure`
* Cargo.toml/README.md: Fix broken/missing links
* v0.1.0
* .travis.yml: Initial configuration
* Initial commit
* Improve lints and deny policy
* Improved handling of prereleases; MSRV 1.35+
* Add `Version` and `VersionReq` newtypes
* v0.12.1
* Use new inclusive range syntax
* v0.12.0
* Update dependencies and use 2018 import conventions; Rust 1.32+
* Properly set up target::os::TARGET_OS const for unknown OS
* Re-export all types in advisory::paths::*
* v0.11.0
* Cargo.toml: Update 'platforms' crate to v0.2
* v0.2.0
* Update platforms to match RustForge
* Redo 'affected_functions' as 'affected_paths'
* Update to Rust 2018 edition
* v0.10.0
* CHANGES.md: Redo formatting
* Implement "affected_functions" advisory attribute
* AdvisoryDatabase::advisories_for_crate: Handle unaffected_versions
* Update to Rust 2018 edition
* v0.9.3
* Create parents of the advisory DB repo dir
* v0.9.2
* Handle cloning advisory DB into existing, empty dir
* Gate `no_dupes_test` under "std"
* Test all possible feature combinations
* Fix no_std support when using "serde" feature
* README.md: Move "Documentation" link up
* README.md: Use backticks instead of "scare quotes"
* use home_dir() instead of environment variable HOME
* use ~/.cargo if CARGO_HOME is unset
* Derives Deserialize for Vulnerabilities and Vulnerability
* Derive Serialize for Packages, Vulnerabilities, and Vulnerability
* v0.9.1
* Use Cargo's git authentication helper
* v0.1.4
* x86_64-apple-darwin: fix typo in target triple name
* Have markdown-table-gen output links to Platform structs on docs.rs
* v0.1.3
* Cargo.toml: Fix Travis CI badge
* v0.1.2
* markdown-table-gen: Markdown-formatted platform table generator
* v0.1.1
* impl {Display, Error} for packages::Error
* v0.9.0
* rustsec-client -> rustsec-crate
* Use "platforms" crate for platform-related functionality
* v0.1.0
* Remove duplicate target::OS::from_str() method
* Add `guess_current()`
* Optional serde support
* v0.0.1
* Initial commit
* PlatformReq documentation improvements
* v0.8.0
* CHANGES.md: Fix links
* Advisory platform requirements
* advisory/keyword.rs: Cargo-like keyword support
* v0.7.5
* Allow AdvisoryId::new() to parse "RUSTSEC-0000-0000"
* v0.7.4
* Add link to logo image for docs.rs
* v0.7.3
* Fix builds with --no-default-features
* repository/commit.rs: Comment fixup
* README.md: Tighten up title
* v0.7.2
* README.md: Badge fixups, add gitter badge
* v0.7.1
* Cargo.toml: Formatting fixups, add "readme" attribute
* v0.7.0
* v0.7.0-alpha3
* Refactor advisory iterator
* v0.7.0-alpha2
* Validate dates are well-formed
* Add AdvisoryIdKind and limited support for parsing advisory IDs
* Add a "Vulnerabilities" collection struct
* src/repository: Refactor into multiple modules
* v0.7.0-alpha1
* Support converting advisory::Date into chrono::Date
* Parse git signatures as Strings
* Parse aliases, references, and unaffected versions
* Parse (but do not yet verify) signatures on advisory-db commits
* Parse individual advisory .toml files rather than Advisories.toml
* Switch to git2-based fetcher for advisory-db
* advisory.rs: Move AdvisoryId definition below Advisory
* Use serde to parse advisories TOML and Cargo.lock files
* Use 'failure' crate for error handling
* Cargo.toml: Update dependencies
* Adopt the Contributor Covenant (version 1.4)
* Factor integration tests into the tests/ directory
* .travis.yml: Allow failures on OS X and enable fast finish
* Fix clippy 0.0.212 nits
* Run rustfmt 0.8.2-nightly (5e599251 2018-07-02)
* Remove redundant documentation link
* Bump version to 0.6.0 and update CHANGES.md
* Use semver::Version for lockfile::Package versions
* Move AdvisoryDatabase under the ::db module
* Lockfile support
* Bump version to 0.5.2 and update CHANGES.md
* Add AdvisoryDatabase::fetch_from_url()
* Bump version to 0.5.1 and update CHANGES.md
* Make "advisory" and "error" modules public
* Bump version to 0.5.0 and update CHANGES.md
* Use str version param for AdvisoryDatabase::find_vulns_for_crate()
* Bump version to 0.4.0 and update CHANGES.md
* Add AdvisoryDatabase::find_vulns_for_crate()
* Bump version to 0.3.0 and update CHANGES.md
* Rename `crate_name` back to `package`
* Bump version to 0.2.0 and update CHANGES.md
* Rename `package` TOML attribute to `crate_name`
* Add iterator support to AdvisoryDatabase
* Add docs badge to README.md
* Spell out crate name explicitly
* Add About section to README
* Bump version to 0.1.0 and update CHANGES.md
* Add AdvisoryDatabase struct
* Fix more README links
* Fix link in README
* Initial implementation
* Add LICENSEs and other README improvements
* Initial commit
-------------------------------------------------------------------
Mon Jul 05 04:53:39 UTC 2021 - wbrown@suse.de
- Update to version 0.14.1~git0.e46dce8:
* v0.14.1 (#342)
* Cargo.lock: update several dependencies (#341)
* Generate release builds with github actions (#337)
* Cargo.lock: bump various dependencies (#335)
* Bump rustsec from 0.23.2 to 0.23.3 (#333)
* v0.14.0 (#330)
* Cargo.lock: bump `rustsec` to v0.23.2 (#329)
* README.md: fix "Report Vulnerability" button (#328)
* Rename 'master' branch to 'main'
* Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
-------------------------------------------------------------------
Wed Jun 02 06:01:51 UTC 2021 - wbrown@suse.de
- Update _service to use upstream monorepo and cargo-audit
- Update to version 0.14.1~git0.e46dce8:
* v0.14.1 (#342)
* Cargo.lock: update several dependencies (#341)
* Generate release builds with github actions (#337)
* Cargo.lock: bump various dependencies (#335)
* Bump rustsec from 0.23.2 to 0.23.3 (#333)
* v0.14.0 (#330)
* Cargo.lock: bump `rustsec` to v0.23.2 (#329)
* README.md: fix "Report Vulnerability" button (#328)
* Rename 'master' branch to 'main'
* Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
-------------------------------------------------------------------
Wed Mar 17 00:41:16 UTC 2021 - wbrown@suse.de
- Update to version 0.14.0~git0.08c9f3e:
* v0.14.0 (#330)
* Cargo.lock: bump `rustsec` to v0.23.2 (#329)
* README.md: fix "Report Vulnerability" button (#328)
* Rename 'master' branch to 'main'
* Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
* Enable informational warnings with deny (#320)
* When running in no-fetch mode, allow accessing a non-git repo. (#315)
* Update README.md (#298)
* Cargo.lock: bump deps (#283)
* Bump once_cell from 1.4.1 to 1.5.0 (#282)
-------------------------------------------------------------------
Tue Mar 02 23:41:56 UTC 2021 - wbrown@suse.de
- Update to version 0.13.1~git5.7797fd5:
* When running in no-fetch mode, allow accessing a non-git repo. (#315)
* Update README.md (#298)
* Cargo.lock: bump deps (#283)
* Bump once_cell from 1.4.1 to 1.5.0 (#282)
* CHANGELOG.md: add note about #206 as part of the v0.13.0 release
-------------------------------------------------------------------
Tue Feb 23 03:11:36 UTC 2021 - William Brown <william.brown@suse.com>
- Initial submission of v0.13.1
View Git Blame Copy Permalink