You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Added
Added the advisories check and configuration section for checking crates against an advisory database to detect security vulnerabilities, unmaintained crates, and crates with security notices
A warning will now be emitted if a crate that isn't in the graph is specified in [bans.skip-tree]
Fixed
PR#58 Fixed #55 to handle license requirements for GPL, AGPL, LGPL, and GFDL better. Thanks for reporting @pikajude!
PR#62 Fixed #56, the [metadata] section in Cargo.lock is now gone in nightly to improve merging, the previous reporting mechanism that required this section has been reworked.
Changed
The check subcommand now takes multiple values eg cargo deny check bans advisories
Specifying either cargo deny check or cargo deny check all will now run the additional advisories check
Previously, if you hadn't specified the [licenses] or [bans] section then running that check would have done nothing. Now if any section (including [advisories]) is not specified, the default configuration will be used.
Deprecated
check ban has been deprecated in favor of check bans
check license has been deprecated in favor of check licenses
