Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

cargo-audit-0.21.0~git0.78f9859-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: cargo-audit Distribution: openSUSE Tumbleweed
Version: 0.21.0~git0.78f9859 Vendor: openSUSE
Release: 2.1 Build date: Tue Jan 7 01:30:30 2025
Group: Development/Languages/Rust Build host: reproducible
Size: 16630144 Source RPM: cargo-audit-0.21.0~git0.78f9859-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/RustSec/cargo-audit
Summary: Audit rust sources for known security vulnerabilities
Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.

Provides

Requires

License

( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+

Changelog

* Tue Jan 07 2025 William Brown <william.brown@suse.com>
  - add 0001-Skip-warnings.patch to allow building on rust 1.83
* Wed Oct 30 2024 william.brown@suse.com
  - Update to version 0.21.0~git0.78f9859:
    * cargo-audit v0.21.0 (#1277)
    * README.md(s): fix crate badges (#1276)
    * rustsec v0.30.0 (#1275)
    * Cargo.lock: bump dependencies (#1274)
    * Cargo.toml: bump `cargo-lock` to v10.0.1 (#1272)
    * cargo-lock v10.0.1 (#1271)
    * cargo-lock: fix issue with v4 lockfiles (#1270)
    * cargo-audit v0.21.0-rc.0 (#1267)
    * rustsec v0.30.0-rc.1 (#1266)
    * Cargo.toml(s): fix `repository` links (#1265)
    * cargo-lock v10.0.0 (#1264)
    * cargo-lock: use `doc_auto_cfg` (#1263)
    * cargo-audit: bump `abscissa` to v0.8 (#1262)
    * Bump auditable-extract in Cargo.lock for the WASM bugfix
    * build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#1259)
    * V4 is supported now (#1260)
    * rustsec v0.30.0-rc.0 (#1258)
    * cargo-lock v10.0.0-rc.0 (#1257)
    * cargo-lock: add support for V4 lockfiles (#1206)
    * Cargo.lock: bump dependencies (#1256)
    * build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#1252)
    * bump gix to 0.66 and fwe others (#1251)
    * .github: install target in release workflow
    * build(deps): bump regex from 1.10.5 to 1.10.6 (#1234)
    * build(deps): bump xml-rs from 0.8.20 to 0.8.21 (#1236)
    * cargo-audit: make `cargo-lock` a hard dependency (#1239)
    * build(deps): bump tame-index from 0.13.0 to 0.13.1
    * cargo-audit v0.21.0-pre.0 (#1233)
    * rustsec v0.30.0-pre.0 (#1232)
    * Bump `gix` => v0.64; `tame-index` => v0.13 (#1230)
    * rustsec: fix test name (#1231)
    * Bump `auditable-info` => 0.8; `auditable-serde` => v0.7 (#1229)
    * Use cargo-lock v10.0.0-pre.0 branch for `auditable-serde` (#1228)
    * cargo-lock v10.0.0-pre.0 (#1227)
    * cargo-lock: remove `toml` from the public API (#1226)
    * Bump `toml` to v0.8 (#1225)
    * Bump versions to prepare for breaking changes (#1224)
    * CI: re-enable self-audit (#1223)
    * Cargo.lock: bump dependencies (#1222)
    * build(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1154)
    * build(deps): bump xml-rs from 0.8.19 to 0.8.20 (#1163)
    * build(deps): bump rust-embed from 8.4.0 to 8.5.0 (#1210)
    * build(deps): bump tame-index from 0.12.0 to 0.12.2 (#1215)
    * rustsec: re-enable happy path test (#1221)
    * build(deps): bump regex from 1.10.4 to 1.10.5 (#1199)
    * build(deps): bump gix-attributes from 0.22.2 to 0.22.3 (#1220)
    * build(deps): bump mio from 0.8.10 to 0.8.11 (#1219)
    * rustsec: Rust 1.80 fixes (#1218)
    * deps: bump libc from 0.2.153 to 0.2.155 (#1197)
    * build(deps): bump url from 2.5.0 to 2.5.2 (#1201)
    * build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.8 (#1214)
    * chore: leverage workspace inheritance (#1209)
    * chore: cargo fmt
    * tweak help to still show default
    * feat(cli): Honor CARGO_TERM_COLOR if found for cargo-audit
    * chore: regenerate platform support and bump to platforms@3.4.1
* Tue Sep 24 2024 Xiaoguang Wang <xiaoguang.wang@suse.com>
  - Update vendor.tar.zst: gix-path improper path resolution
    (bsc#1230688 CVE-2024-45405).
* Tue Sep 10 2024 William Brown <william.brown@suse.com>
  - explicitly depend on cargo to pull in latest compiler revision
* Tue May 28 2024 william.brown@suse.com
  - Update to version 0.20.0~git66.972ac93:
    * build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193)
    * build(deps): bump softprops/action-gh-release (#1192)
    * build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191)
    * build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190)
    * build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189)
    * update `gix` to v0.63 for security fixes
    * Upgrade to auditable-info 0.7.2
    * build(deps): bump rust-embed from 8.2.0 to 8.3.0
    * build(deps): bump semver from 1.0.21 to 1.0.23
    * Fix typo `then` -> `them` in index.html
    * Drop unused import
    * Fix typos
    * Use clap to properly parse --color argument
    * Remove duplicated arguments from bin subcommand
    * Support specifying multiple target arches and oses in cargo-audit
    * Make Query's target arch & os a Vec<T> instead of Option<T>
    * build(deps): bump tame-index from 0.11.0 to 0.11.1
    * Apply clippy suggestions
    * Adjust binary type filter for WASM
    * WIP WASM auditing support
    * Fix warnings added in Rust 1.78
    * Regenerate Cargo.lock
    * Bump rustsec version
    * Drop is-terminal line from rustsec changelog; it's a cargo-audit only change
    * Update changelog
    * build(deps): bump chrono from 0.4.34 to 0.4.38
    * build(deps): bump time from 0.3.34 to 0.3.36
    * fix after gix update
    * update gix and tame-index
    * fix cargo clippy warning and error
    * cargo-audit: remove is-terminal dep
    * build(deps): bump regex from 1.10.3 to 1.10.4
    * Regenerate Cargo.lock
    * Bump tame-index and gix versions
    * chore: regenerate platform support and bump to platforms@3.4.0
    * Document to use cargo install with --locked (fixes #1152)
    * Release `rustsec` 0.29.1
    * Revert rustsec-admin Cargo.toml entirely
    * Bump required tame-index version in admin as well
    * Upgrade to gix 0.60 to fix build
    * build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1135)
    * build(deps): bump auditable-serde from 0.6.0 to 0.6.1
    * build(deps): bump toml_edit from 0.22.5 to 0.22.6
    * build(deps): bump time from 0.3.32 to 0.3.34
* Tue May 28 2024 william.brown@suse.com
  - Update to version 0.20.0~git0.6f4ca87:
    * Bump version numbers
    * Mention enterprise firewall issue in cargo-audit changelog too
    * Fill in cargo-audit changelog
    * Expand upon the rewrite description in rustsec changelog
    * Fill in rustsec changelog
    * Fix link
    * build(deps): bump softprops/action-gh-release (#1114)
    * build(deps): bump toml_edit from 0.21.1 to 0.22.5 (#1123)
    * Bump askama to 0.12
    * Update yanked package
    * Drop libgit2 advisory from ignore list now that we got rid of libgit2
    * build(deps): bump toml_edit from 0.19.15 to 0.21.1
    * build(deps): bump chrono from 0.4.33 to 0.4.34
    * build(deps): bump is-terminal from 0.4.11 to 0.4.12
    * Improve fixer documentation
    * Move Cargo path detection out of rustsec and into cargo-audit, to make rustsec more flexible
    * Remove rustsec `fix` feature and always enable the fixer, now that it doesn't pull in additional dependencies
    * Fix syntax
    * Apply review suggestion (style)
    * Update cargo-audit/src/commands/audit/fix.rs
    * Run `cargo update` in the same dir as Cargo.lock
    * Revert 'fix' being a default feature
    * Placate clippy
    * Print a nice summary at the end
    * Better wording
    * Remove extraneous newline
    * prettier printing
    * More detailed reporting
    * Set the correct(ish) exit status in dry run mode
    * Keep track of unpatchable vulns and failures
    * Warn about vulnerabilities without patched versions and do not attempt to upgrade those crates
    * Only attempt to upgrade vulnerable versions of a given package
    * Fix: run `cargo update`, not just `cargo`
    * Add a note that `fix` is experimental
    * Update cargo.lock in the wake of cargo-edit removal
    * Drop the now-unused dependency cargo-edit
    * Drop obsolete Cargo.toml locating logic that breaks in presence of workspaces
    * Do not require passing manifest path
    * Drop unused imports
    * Adapt `cargo audit fix` to the changed rustsec fix api
    * Simplify rustsec part of `cargo audit fix`
    * cargo fmt
    * WIP
    * No need to generate lockfile explicitly now that we call `cargo update`, remove that code
    * WIP conversion of cargo-audit to the new rustsec fixer API
    * cargo fmt
    * Do not run `cargo update` when auditing
    * Better docs on fixer
    * Drop lifetimes from the fixer struct; they are a pointless flex - the cost of cloning is absolutely dwarfed by the cost of calling a subprocess.
    * Implement initial prototype of `cargo update`-based package upgrading
    * .cargo/audit.toml: ignore RUSTSEC-2024-0013 (#1111)
    * WIP
    * WIP
    * Accept a &Path without allocating for giggles
    * Comment out soon-to-be-removed code and make lifetimes work out
    * Fix pkgid function signature to accept an immutable borrow
    * Bump rustsec to 0.28.6
    * Add pkgid function
    * Temporarily make 'fix' feature default to ease development
    * build(deps): bump is-terminal from 0.4.10 to 0.4.11 (#1105)
    * Bump rustsec-admin to 0.8.9
    * Rebase
    * Remove PYSEC ids
    * Update sync for various changes
    * HTTPS download for OSV export
    * Improve output format
    * Add a command to synchronize advisory data from osv.dev/GHSA
    * build(deps): bump tame-index from 0.9.2 to 0.9.3
* Wed Feb 07 2024 william.brown@suse.com
  - Update to version 0.19.0~git0.c9d1fbe:
    * Bump version to 0.19.0
    * Update changelog to 0.19
    * Fill in link URLs
    * Bump version
    * populate changelog
    * bump version
    * Update changelog
    * Bump gix to 0.58
    * Revert "Merge pull request #1094 from rustsec/revert-1081-gix-upgrade"
    * build(deps): bump comrak from 0.18.0 to 0.21.0 (#1090)
    * build(deps): bump rust-embed from 6.8.1 to 8.2.0 (#1080)
    * Cargo.toml: use `resolver = "2"` (#1095)
    * Update abscissa_core and clap; MSRV 1.70 (#1092)
    * Revert "gix upgrade to v0.56"
    * Fix "error: the borrowed expression implements the required traits" lint
    * build(deps): bump actions/cache from 3.0.11 to 4.0.0 (#1088)
    * thanks clippy
    * upgrade `gix` to v0.56 and `tame-index` to v0.9 to match it
    * Bump platforms version to 3.3.0
    * Regenerate platforms crate
    * build(deps): bump url from 2.4.1 to 2.5.0 (#1071)
    * Add a `source` field to `rustsec::Error`, and use it in simple cases. (#1067)
    * build(deps): bump fs-err from 2.10.0 to 2.11.0 (#1069)
    * Bump rustsec version
    * Update changelog
    * Turn link into an automatic link
    * Display the chain of sources for errors in `cargo audit`
    * bump cargo-lock msrv in another place too
    * bump cargo-lock msrv again from 1.66 to 1.67
    * bump cargo-lock msrv from 1.65 to 1.66
    * cargo update
    * Update to tame-index 0.8.x and gix 0.55.x
    * build(deps): bump rustix from 0.37.21 to 0.37.27
    * fix typo html in advisory scores (#1059)
    * https://github.com/rustsec/rustsec/pull/1057#pullrequestreview-1714037690
    * fix https://github.com/rustsec/rustsec/issues/503
    * bump version
    * regenerate platforms crate
* Thu Jan 04 2024 William Brown <william.brown@suse.com>
  - bsc#1218227 - update vendored dependencies for ssh terrapin attack
* Fri Oct 27 2023 william.brown@suse.com
  - Update to version 0.18.3~git0.3544515:
    * Bump version
    * Populate changelog
    * Update the `fix` subcommand to the new API
    * Fix deadlock on missing lockfile
    * build(deps): bump regex from 1.9.5 to 1.10.2
    * Update rustsec changelog
    * Configure `gix` with `max-performance-safe` feature
    * feat: let `Severity` implement `Hash`
    * Bump rustsec version to 0.28.3
    * Bump date
    * Changelog for 0.28.3
    * fix typo
    * fix typo
    * Update rustsec/src/repository/git/repository.rs
    * Expand documentation on locking
    * build(deps): bump webpki from 0.22.1 to 0.22.2
    * Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors
    * cargo fmt
    * Use Result instead of an unwrap()
    * Fix DB directory locking
    * Regenerate Cargo.lock
    * Add comment
    * Migrade rustsec-admin to tame-index 0.7
    * bump gix version in admin too
    * cargo fmt
    * Switch from Git-compatible locks to OS locks in database checkout
    * Purge gix lock to rustsec error conversion; I am removing gix locks
    * Only create LockTimeout error variant from tame-index locks
    * cargo fmt
    * Update docs
    * regenerate Cargo.lock
    * Initial conversion to tame-index 0.7.1. Compiles but untested.
    * Bump admin version
    * Populate changelog for admin
    * Update Clippy to fix useless warnings
    * admin: use `gix` max-performance-safe instead of max-performance
    * configure `gix` for best performance
    * Bump version to 0.18.2
    * thanks clippy
    * Populate changelog for cargo-audit
    * Require rustsec 0.28.2 in cargo-audit to fix RUSTSEC-2023-0064
    * change edition to 2021
    * Use tame-index which switches `rustsec-admin` to `gix`.
    * Bump version to 0.28.2
    * Populate changelog
    * Drop hyperlinks to gix in documentation because we don't have the necessary features enabled. Temporary hack to unblock a release with a security fix
    * Fix up code to deal with API changes
    * Bump tame-index, explicitly depend on `gix` to enable the necessary features
    * Fix error reporting on stale lockfile
    * build(deps): bump termcolor from 1.2.0 to 1.3.0 (#1009)
    * build(deps): bump chrono from 0.4.30 to 0.4.31
    * build(deps): bump xml-rs from 0.8.17 to 0.8.18
    * Fix `deny = ["warnings"]` being ignored (#995)
    * rustsec-admin 0.8.7 (#998)
    * Additional information in advisory content (#997)
    * build(deps): bump chrono from 0.4.29 to 0.4.30
    * commit Cargo.lock
    * bump rustsec crate to 0.28.1
    * bump tame-index version requirement to 0.5.5, it contains the HTTP/2 change
    * Populate changelog
    * cargo fmt
    * Do not require http2 when establishing the connection
    * build(deps): bump chrono from 0.4.27 to 0.4.29
    * Appease clippy
    * Do not re-lookup packages that are already cached
    * build(deps): bump regex from 1.9.4 to 1.9.5
    * build(deps): bump xml-rs from 0.8.16 to 0.8.17
    * build(deps): bump actions/checkout from 3 to 4
    * review feedback: reduce boilerplate
    * replace feature default, with v3 and std
    * make 'cargo test --no-default-features' run without errors
    * Add manual trigger mechanism to release workflow
    * Drop remaining 'fix' features
    * cargo-audit v0.18.1 (#981)
    * Release workflow: don't enable `fix` and `vendored-openssl` features
    * Bump versions
    * Fill in release date in changelogs
    * commit Cargo.lock
    * bump rustsec requirement in admin
    * Commit Cargo.lock
    * bump cargo-audit version to 0.18.0-rc.1
    * Bump rustsec to 0.28.0-rc.1
    * Mention `fix` feature not being converted in changelog
    * Fill in cargo-audit changelog
    * build(deps): bump time from 0.3.27 to 0.3.28
    * build(deps): bump chrono from 0.4.26 to 0.4.27
    * build(deps): bump url from 2.4.0 to 2.4.1
    * build(deps): bump regex from 1.9.3 to 1.9.4
    * Exclude auto-generation scripts from the published package
    * Ignore the file downloaded by the regeneration script
    * Bump `platforms` version
    * Add myself to authors, I've built out the whole autogeneration infrastructure
    * Re-run the generation script
    * Bring back the hyperlinks in README.md
    * Automatically regenerate the table of known platforms in README
    * Turn links into hyperlinks to stop recent rustdoc from complaining (#965)
    * Bump version
    * Regenerate platforms crate
    * Bump MSRV in README.md
    * Add another PR
    * Also filter warnings by binary type in `cargo audit bin`
    * fix build
    * Add `affected` field to warnings in `rustsec` so that we could enable platform filtering in `cargo audit bin`
    * Correctly state MSRV in changelog
    * Populate changelog for the rustsec crate
    * remove redundant clone as advised by clippy
    * placate clippy
    * placate clippy
    * Cargo fmt
    * Add more methods to CommitHash
    * Add forgotten file
    * WIP wrapper for gix::ObjectId
    * cargo fmt
    * Do not expose `toml` types through the public API
    * Drop `toml` crate from the public API as well
    * Drop unused Error conversion impl
    * Add a TODO
    * Slightly better doc comments
    * Do not expose gix types in the Error public API
    * Use a private function for converting from tame_index::Error to rustsec::Error
    * don't pub use gix, we do not want it to leak into the public API
    * cargo fmt
    * Put import at the top to fix doc links
    * Feature-gate tame_inxed import
    * cargo fmt
    * Fix build
    * build(deps): bump time from 0.3.26 to 0.3.27
    * build(deps): bump tame-index from 0.5.3 to 0.5.4
    * cargo fmt
    * Handle #[non_exhaustive] enum from tame-index
    * Fix remaining discrepancies
    * WIP conversion to tame-index 0.5.x and gix 0.52.x
    * Fix unknown license handling (#956)
    * Print the GHSA URL for GHSA advisories, take 2
    * Revert "Print the GHSA URL for GHSA advisories"
    * Print the GHSA URL for GHSA advisories
    * Expose License type
    * Rename license variants
    * Implement license + url
    * Bump hermit-abi to move away from a yanked version
    * Bump rustls-webpki to resolve RUSTSEC-2023-0053
    * build(deps): bump regex from 1.9.1 to 1.9.3
    * build(deps): bump toml from 0.7.5 to 0.7.6
    * build(deps): bump regex from 1.8.4 to 1.9.1
    * build(deps): bump time from 0.3.25 to 0.3.26
    * Regenerate Cargo.lock
    * Use native certificates for TLS
    * build(deps): bump petgraph from 0.6.3 to 0.6.4
    * build(deps): bump tame-index from 0.4.0 to 0.4.1
    * Document locking considerations
    * More consistent status printing
    * cargo fmt
    * Warn before waiting on crates.io cache locks. Verbose but cannot be expressed via a higher-order function, and macros would make it much worse.
    * Add lock timeout parameter to open() and fetch()
    * Split creating a new remote index into a separate function in preparation for more complex logic around it
    * Add a comment
    * Drop manual map_err now that the conversion is implemented on rustsec::Error
    * cargo fmt made the code more succinct for once, drop my comment complaining about verbosity
    * cargo fmt
    * Convert from lock error rather than from its immutable borrow
    * Implement From conversions for LockTimeout error variant, since we will need to reuse it
    * build(deps): bump tame-index from 0.3.1 to 0.4.0
    * Fix doc links
    * More clear documentation
    * Less esoteric pattern matching
    * silence unused variable warnings
    * Convert cargo-audit to use explicit locking
    * Update docs to match code
    * Drop unused import
    * Create a separate error kind for lock timeouts, and expose configurable lock timeouts from the advanced fetching function only
    * Fix docs
    * cargo fmt
    * Provide a rationale for the bulk API
    * Hide index implementation details and remove the performance pitfall of calling is_yanked on individual packages
    * Migrate check_for_yanked_crates() to the bulk API
    * cargo fmt
    * Do not short-cirquit on index update failure
    * Rework bulk yank-checking code to report errors granularly instead of short-cirquiting on first error it encounters
    * Transparently populate cache from `find_yanked`
    * Documentation tweaks
    * Even more caching for even faster CI
    * Fix intra-doc links
    * Explicitly document locking considerations
    * Revert "Re-enable self-audit"
    * Re-unify CI matrix, fulfilling a TODO
    * Attempt to fix CI by explicitly generating the lockfile
    * Re-enable self-audit
    * Dummy commit to trigger a CI re-run
    * Add rust-cache job properly now
    * Revert "Add Rust-specific caching job to see if that speeds up CI"
    * Dummy commit to trigger a CI re-run
    * Add Rust-specific caching job to see if that speeds up CI
    * Switch rustsec crate CI back to MSRV to see what happens
    * Drop --release from rustsec CI, the tests execute really quickly in debug mode
    * No need to reimplement CmdRunner::default() now that binary scanning is a default feature
    * Drop the --release flag so that the compilation artifacts could be reused - Abscissa doesn't seem to have an option to run acceptance tests with `cargo run --release`
    * Switch to Rust 1.71.0 for select jobs
    * Placate both versions of rustfmt
    * cargo fmt
    * build(deps): bump semver from 1.0.17 to 1.0.18
    * Add a TODO
    * Re-add some of the comments
    * Normalize time offsets to UTC
    * Justify clippy opt-out
    * Undo autoformat
    * Finish up transition to gix
    * WIP
    * build(deps): bump xml-rs from 0.8.14 to 0.8.16
    * Ignore clippy lint
    * Checkpoint
    * Update error message
    * Use `AsyncRemoteSparseIndex::krates_blocking`
    * Oops
    * Make sparse index cache population parallel
    * Fix remaining lints
    * Make public
    * Fix lint
    * Allow clippy lint
    * Bump CI
    * Bump MSRV to 1.67.0
    * Transition from `crates-index` -> `tame-index`
    * build(deps): bump atom_syndication from 0.12.1 to 0.12.2 (#921)
    * Add license and attribution fields to advisories
    * rustsec-admin 0.8.6 (#915)
    * Case-insensitive search on website
    * build(deps): bump rust-embed from 6.7.0 to 6.8.1 (#909)
    * Cargo.lock: bump dependencies (#908)
    * build(deps): bump toml from 0.7.3 to 0.7.5 (#904)
    * build(deps): bump crates-index from 0.19.8 to 0.19.13 (#903)
    * cargo-lock: MSRV 1.65 (#907)
    * build(deps): bump openssl from 0.10.52 to 0.10.55 (#906)
    * cargo-audit+rustsec: MSRV 1.65 (#905)
    * build(deps): bump chrono from 0.4.24 to 0.4.25 (#894)
    * Fix edge case in git source dependency resolution
    * Update cargo-audit changelog
    * Update rustsec crate changelog
    * commit Cargo.lock version bump
    * Bump rustsec version following the cargo-lock bump
    * 🔥 Remove $ from install snippet on README (#879)
    * Cargo.lock: update dependencies (#876)
    * Bump `cargo-lock` to v0.9 + auditable deps (#875)
    * build(deps): bump home from 0.5.4 to 0.5.5 (#874)
    * build(deps): bump atom_syndication from 0.12.0 to 0.12.1 (#851)
    * build(deps): bump softprops/action-gh-release (#852)
    * build(deps): bump rust-embed from 6.6.0 to 6.6.1 (#849)
    * build(deps): bump crates-index from 0.19.7 to 0.19.8 (#864)
    * cargo-lock v9.0.0 (#870)
    * Fix docs build (#871)
    * Fix review comments
    * Various improvements to the "cargo-lock tree" subcommand
    * Fix is_default_registry for sparse index (#859)
    * Remove build script for platforms, it's now unused (#856)
    * build(deps): bump comrak from 0.16.0 to 0.18.0
    * Link to rustsec/audit-check (#854)
    * Fix formatting to `cargo fmt` spec.
    * Fix #736 - Cargo audit self advisories repeated
    * build(deps): bump openssl from 0.10.47 to 0.10.48
    * build(deps): bump semver from 1.0.16 to 1.0.17
    * cargo fmt
    * Wrap binfarce::Format in our own struct to make `binfarce` an optional dependency
    * placate clippy
    * cargo fmt
    * Fix no-default-features compilation by making binfarce an unconditional dependency
    * Start fixing up compilation with no default features
    * Expand TODO
    * Fix filtering by binary type but this makes the dependency on binfarce unconditional (for now)
    * Add a FIXME explaining why it's not working
    * wire up filtering by binary type
    * Initial code for binary-type-based filtering; not wired up yet
* Mon Mar 27 2023 william.brown@suse.com
  - Update to version 0.17.5~git0.dc8ec71:
    * Set the release date in changelog
    * Bump `cargo-audit` version
    * Bump `rustsec` crate requirement to 0.26.5, to mandate the version with the fixed libgit2
    * Fill in the CHANGELOG
    * Do not run all tests from the default feature set twice
    * cargo fmt
    * Fix version reporting
    * Update openssl in Cargo.lock files
    * More changelog entries
    * cargo fmt
    * Fix type inference error
    * Fill in changelog
    * Bump version to 0.26.5
    * build(deps): bump regex from 1.7.1 to 1.7.2
    * build(deps): bump rust-embed from 6.4.2 to 6.6.0
    * build(deps): bump chrono from 0.4.23 to 0.4.24
    * Bump crates-index to 0.19
    * rustsec: Fix git2 via cargo-edit-9 fork
    * fix(cargo-audit): set clap bin_name to cargo (#824)
    * fix(cargo-audit): Better the formatting of severity output
    * Add vulnerability severity to the cargo-audit report presenter
    * test(cargo-audit): Ensure informational warnings are shown by default
    * fix(cargo-audit): Add unsound and notice to default informational warnings
    * Resolves #622
    * fix(cargo-audit): Remove latest commit signature check
    * Re-enable MacOS CI with `--all-features`
    * Bump `platforms` version
    * Regenerate the `platforms` crate for rustc 1.69.0-nightly (8996ea93b 2023-02-09)
    * build(deps): bump toml from 0.7.1 to 0.7.2 (#811)
    * build(deps): bump petgraph from 0.6.2 to 0.6.3 (#810)
    * Use new feature/dependency syntax (#809)
    * build(deps): bump toml from 0.7.0 to 0.7.1 (#806)
    * build(deps): bump toml from 0.6.0 to 0.7.0 (#805)
    * admin: bump `chrono` to v0.4.23 (#803)
    * build(deps): bump atom_syndication from 0.11.0 to 0.12.0 (#777)
    * build(deps): bump comrak from 0.15.0 to 0.16.0 (#802)
    * build(deps): bump toml from 0.5.9 to 0.6.0 (#797)
    * Bump `toml` crate dependency to v0.6 (#800)
    * Cargo.lock: bump dependencies (#799)
    * build(deps): bump regex from 1.6.0 to 1.7.1 (#785)
    * cvss: bump MSRV to 1.60 (#798)
    * build(deps): bump fs-err from 2.8.1 to 2.9.0 (#744)
    * build(deps): bump termcolor from 1.1.3 to 1.2.0 (#791)
    * cargo-audit: refactor OS-specific CI configuration (#796)
    * cargo-lock: use `Display` for `io::ErrorKind`; MSRV 1.60 (#794)
    * cargo-lock: mark `SourceKind` as `#[non_exhaustive]` (#793)
    * cargo-lock: support sparse registry references in Lockfiles (#780)
    * release rustsec-admin 0.8.5 (#789)
    * release rustsec-admin 0.8.5 (#788)
    * Escape search term to prevent reflected XSS (#787)
    * Add top-level severity field to OSV advisories
    * cargo-lock: implement From<Name> for String (#776)
    * build(deps): bump comrak from 0.14.0 to 0.15.0 (#760)
    * Bump rust-embed from 6.4.2 to 6.5.0 (#766)
    * Bump semver from 1.0.14 to 1.0.16 (#772)
    * Bump softprops/action-gh-release (#770)
    * cargo-lock v8.0.3 (#768)
    * Fixed inconsistency in encoding lockfiles where there's only one registry for all packages (#767)
    * Prepare rustsec-admin release 0.8.4 (#765)
    * release rustsec 0.26.4
    * Make URL a hyperlink
    * Add CHANGELOG.md entry
    * Store crates.io index versions as strings instead of semver
    * Revert "Skip invalid semver in crates.io index"
    * Skip invalid semver in crates.io index
    * Appease clippy
    * Appease clippy
    * Add publication date
* Wed Nov 09 2022 william.brown@suse.com
  - Update to version 0.17.4~git0.0b05e18:
    * Set 0.17.4 date in changelog
    * Bump `cargo-audit` to 0.17.4
    * Update documentation for 0.17.4; `cargo audit bin` is now officially enabled by default
    * Fix homepage style on mobile (#755)
    * Add comment
    * Only attempt to check for yanked crates for crates coming from crates.io
    * Remove an unused inport
    * placate Clippy
    * cargo fmt
    * Fix #747 in `cargo-audit instead, and don't silence errors that occur during checking for yanked crates`
    * Revert "Only check if a package is yanked if it comes from crates.io; fixes #747" This is a significant behavioral change that should only come with a semver bump
    * Add tests validating yank behavior so that #747 can't regress again
    * Only check if a package is yanked if it comes from crates.io; fixes #747
    * Add a test fixture depending on a yanked crate
    * Consolidate CODE_OF_CONDUCT.d files into one; switch to Rust code of conduct (#751)
    * Release rustsec-admit 0.8.3
    * fix links in admin/CHANGELOG.md
    * bump `platforms` to 3.0.2
    * regenerate `platforms` crate
    * Prepare rustsec-admin release
* Tue Nov 01 2022 william.brown@suse.com
  - Update to version 0.17.3~git0.fdb9752:
    * Set release date in CHANGELOG.md
    * Clarify changelog
    * Depend on rustsec 0.26.3 which added the CachedIndex used in `cargo audit bin`
    * bump cargo-audit to 0.17.3
    * bump rustsec to 0.26.3
    * More complete changelog for rustsec crate
    * Drop obsolete comment - html_root_url no longer exists
    * Add cargo-auditable to home page
* Thu Oct 06 2022 william.brown@suse.com
  - Update to version 0.17.2~git0.bccf8a5:
    * Don't use --locked in release workflow to allow publishing again
    * cargo-audit: Update CHANGELOG
    * Fix `bin` screenshot URL in the README
    * Skip dotfiles in advisory-db checkout
    * Set the release date in CHANGELOG.md
    * Add the `cargo audit bin` screenshot to README
    * cargo fmt
    * Migrate to the released version of auditable-info
* Mon Oct 03 2022 William Brown <william.brown@suse.com>
  - Add _constraints to prevent random failures due to OBS resource
    issues.
* Wed May 25 2022 william.brown@suse.com
  - Update to version 0.17.0~git0.5214457:
    * cargo-audit v0.17.0 (#576)
    * rustsec-admin v0.7.0 (#575)
    * rustsec v0.26.0 (#574)
    * rustsec: flatten `advisory::id` module; rename `IdKind` (#573)
    * rustsec: flatten `warnings` module; rename `WarningKind` (#572)
    * rustsec: add `doc_cfg` annotations when building on docs.rs (#571)
    * cargo-audit: terminal output fixups (#570)
    * cargo-lock v8.0.1 (#569)
    * cargo-lock: fix dependency source extraction for V2 lockfiles (#568)
    * build(deps): bump cargo-edit from 0.9.0 to 0.9.1 (#566)
* Tue May 24 2022 William Brown <william.brown@suse.com>
  - Automatic update of vendored dependencies
* Tue Apr 05 2022 William Brown <william.brown@suse.com>
  - Automatic update of vendored dependencies
* Fri Mar 18 2022 William Brown <william.brown@suse.com>
  - Update to use cargo-packaging
* Mon Mar 14 2022 william.brown@suse.com
  - Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
* Wed Mar 02 2022 wbrown@suse.de
  - Update to vendored libraries to resolve security issues
* Fri Dec 03 2021 William Brown <william.brown@suse.com>
  - Fix incorrect license string
* Mon Nov 15 2021 wbrown@suse.de
  - Update to version 0.16.0~git0.625c965:
    * cargo-audit v0.16.0 (#487)
    * rustsec v0.25.1 (#486)
    * platforms v2.0.0 (#485)
    * platforms: make `Platform::ALL` an inherent constant (#484)
    * platforms: make tier modules non-`pub` (#483)
    * rustsec-admin v0.6.0 (#482)
    * Update atom_syndication to 0.11 (#481)
    * rustsec v0.25.0 (#480)
    * Cargo.lock: bump dependencies (#479)
    * rustsec: flatten API (#478)
* Wed Oct 06 2021 wbrown@suse.de
  - Update to version 0.15.2~git0.fe0b327:
    * cargo-audit v0.15.2 (#435)
    * rustsec v0.24.3 (#433)
    * Don't label OSV feature as unstable, since OSV 1.0 has shipped
    * cargo-audit+rustsec: add `vendored-libgit2` feature (#432)
    * cargo-audit v0.15.1 (#430)
    * Bump comrak from 0.12.0 to 0.12.1 (#428)
    * Bump git2 from 0.13.21 to 0.13.22 (#427)
    * Bump comrak from 0.11.0 to 0.12.0 (#426)
    * silence Clippy - I want to be explicit here
* Mon Jul 05 2021 wbrown@suse.de
  - Update to version 0.15.0~git0.16c8aa4:
    * cargo-audit v0.15.0 (#392)
    * rustsec-admin v0.5.0 (#389)
    * README.md: 🦀🛡️📦
    * rustsec v0.24.0 (#388)
    * OSV export (#366)
    * Bump semver from 1.0.1 to 1.0.3
    * Bump semver from 1.0.0 to 1.0.1 (#381)
    * Bump git2 from 0.13.19 to 0.13.20 (#375)
    * Bump crates-index from 0.16.6 to 0.16.7 (#380)
    * cargo-lock v7.0.0 (#379)
    * Bump to semver 1.0.0 (#378)
    * rustsec-admin v0.4.3 (#374)
    * list-affected-versions: Also print the crate in question
    * Bump crates-index from 0.16.5 to 0.16.6
    * Fix doc comments
    * Added docs
    * Clean up the code and commit stuff I forgot to add to git
    * Implement list-affected-versions subcommand, works fine with current DB
    * Add list-affected-versions subcommand stub
    * Clarify error message
    * Update the crates.io index if not up to date
    * Drop ureq dependency
    * cargo fmt
    * Better error reporting
    * Initial untested attempt to get rid of crates.io API querying completely
    * Comment, thanks Alex
    * cargo fmt
    * Fix crates.io API interaction
    * Ditched crates_io_api crate, did the same thing with ureq. Gets rid of tokio and a whole lot of other deps. Fixes breakage due to the recent crates.io API breakage, and prevents similar breakage in the future
    * Add new exit status for errors (#368)
    * Bump git2 from 0.13.18 to 0.13.19 (#365)
    * cargo-lock: add support for V3 format (#363)
    * cvss v1.0.3 (#362)
    * CI: gate workflow execution for PRs on changed files
    * cvss: fixups
    * Update CI badges
    * Add some tier 3 targets
    * Workspace CI configuration
    * Update repo urls in Cargo.toml files
    * README.md: add new toplevel one for workspace
    * platforms: sync with Rust platform support documentation
    * CI configuration
    * Wire up Cargo workspace
    * cargo-audit: prepare for merge into RustSec monorepo
    * rustsec: prepare for merge into RustSec monorepo
    * platforms: prepare for merge into RustSec monorepo
    * cvss: prepare for merge into RustSec monorepo
    * rustsec-admin: prepare for merge into RustSec monorepo
    * rustsec-admin: prepare for merge into RustSec monorepo
    * Web: Add pages per package (#143)
    * v0.4.2 (#142)
    * web: Add back an Atom feed for advisories (#140)
    * Cargo.lock: bump dependencies (#136)
    * Upgrade to GitHub-native Dependabot (#134)
    * v0.4.1 (#135)
    * Display more information on the website (#133)
    * Upgrade to GitHub-native Dependabot (#344)
    * Vendor OpenSSL for arm and musl builds (#343)
    * Bump git2 from 0.13.17 to 0.13.18 (#314)
    * Bump crates-index from 0.16.3 to 0.16.5 (#313)
    * Bump comrak from 0.9.1 to 0.10.0 (#129)
    * Fix typo in comments about mips64. (#36)
    * Bump rustsec from 0.23.2 to 0.23.3 (#128)
    * v0.23.3 (#310)
    * Workaround for stale git refs (#309)
    * Bump rustsec from 0.23.0 to 0.23.2 (#127)
    * v0.23.2 (#308)
    * Rename advisory-db `master` branch to `main` (#307)
    * CI: use actions-rs/audit-check for self-audit (#306)
    * Cargo.lock: bump dependencies (#305)
    * v0.4.0 (#126)
    * v0.3.5 (#124)
    * Use rust-embed for static assets (#122)
    * Add argument to change where website is outputted (#123)
    * v0.23.1 (#301)
    * Bump url from 2.2.0 to 2.2.1 (#98)
    * Fix parsing error on windows (#295)
    * Cargo.lock: bump deps (#296)
    * Bump comrak from 0.9.0 to 0.9.1 (#116)
    * Use a fully Rust based solution for rendering web page (#115)
    * v0.3.4 (#113)
    * Bump `rustsec` crate to v0.23 (#112)
    * v0.23.0 (#292)
    * Cargo.toml: dependency cleanups (#291)
    * Add `thread-safety` category (#290)
    * Rename default branch to `main` (#289)
    * v1.0.1 (#15)
    * Rename default branch to `main` (#14)
    * Cargo.lock: bump deps (#288)
    * v6.0.1 (#96)
    * Rename CI workflow (#95)
    * Rename default branch to `main` (#94)
    * Cargo.lock: bump deps (#93)
    * Bump semver-parser from 0.10.0 to 0.10.2 (#280)
    * v0.3.3 (#106)
    * Cargo.lock: bump dependencies (#105)
    * Rename `master` branch to `main` (#104)
    * CI config improvements (#103)
    * assigner: fix "new year's" bug (#102)
    * Bump handlebars from 3.5.1 to 3.5.2 (#101)
    * Bump platforms from 1.0.3 to 1.1.0 (#279)
    * v1.1.0 (#35)
    * Rename default branch to `main` (#34)
    * Rename GH Actions workflow to "CI" (#33)
    * Update README platform list using table gen
    * Add aarch64-apple-darwin, a.k.a. Apple Silicon macOS
    * Bump serde from 1.0.117 to 1.0.118 (#88)
    * Bump toml from 0.5.7 to 0.5.8 (#89)
    * v0.3.2 (#97)
    * Bump `rustsec` crate to v0.23.0-pre (#96)
    * v0.23.0-pre (#272)
    * Rename `repository::GitRepository` to `repository::git::Repository` (#271)
    * Rename `fetch` Cargo feature to `git` (#270)
    * Use `SystemTime` instead of a `git::Timestamp` type (#269)
    * Add support for omitting leading `[advisory]` table (#268)
    * Mark enums as non_exhaustive (#267)
    * Re-add advisory `references` as a URL list (#266)
    * Replace `chrono` with `humantime` (#265)
    * Bump `smol_str` to v0.1.17; MSRV 1.46+ (#264)
    * Use `url` crate to parse metadata URL (#263)
    * Remove `markdown` feature (#262)
    * Bump termcolor from 1.1.0 to 1.1.1 (#94)
    * Rename `references` to `related` (#261)
    * Bump once_cell from 1.5.1 to 1.5.2 (#259)
    * Bump crates-index from 0.16.0 to 0.16.2 (#260)
    * Bump once_cell from 1.5.0 to 1.5.1 (#92)
    * Cargo.lock: bump deps (#258)
    * Bump once_cell from 1.4.1 to 1.5.1 (#257)
    * .github: rename CI workflow to "CI" (#256)
    * Bump once_cell from 1.4.1 to 1.5.0 (#91)
    * Bump serde from 1.0.116 to 1.0.117 (#86)
    * Bump url from 2.1.1 to 2.2.0 (#87)
    * Bump platforms from 1.0.2 to 1.0.3 (#252)
    * v1.0.3 (#30)
    * fix Platform::guess_current to use actual target architecture (#29)
    * v0.3.1 (#89)
    * Bump `rustsec` crate to v0.22.2 (#88)
    * v0.22.2 (#250)
    * Revert "Refactor Advisory type handling (#246)" (#249)
    * Cargo.lock: bump dependencies (#248)
    * Cargo.lock: bump dependencies (#87)
    * v0.22.1 (#247)
    * Refactor Advisory type handling (#246)
    * Bump handlebars from 3.5.0 to 3.5.1 (#84)
    * Bump toml from 0.5.6 to 0.5.7 (#85)
    * v0.3.0 (#86)
    * Bump `rustsec` crate dependency to v0.22 (#83)
    * v0.22.0 (#245)
    * Bump `cargo-lock` to v6; `semver` to v0.11 (#244)
    * Remove more V2 advisory format vestiges (#243)
    * Remove support for the V2 advisory format (#242)
    * v0.3.0-pre3 (#82)
    * assign-id: fix TOML front matter parsing (#81)
    * v0.3.0-pre2 (#80)
    * Attempt to fix `assign-id` command (#79)
    * v0.22.0-pre3 (#241)
    * advisory: mark the `parser` module as `pub` (#240)
    * Bump thiserror from 1.0.20 to 1.0.21 (#74)
    * Bump rustsec from 0.22.0-pre to 0.22.0-pre2 (#78)
    * Bump thiserror from 1.0.20 to 1.0.21 (#232)
    * clippy fixes (#77)
    * Bump cargo-edit from 0.6.0 to 0.7.0 (#231)
    * v0.22.0-pre2 (#239)
    * advisory/linter: make V2 advisories fail (#238)
    * Bump crates-index from 0.15.4 to 0.16.0 (#237)
    * CI: ignore RUSTSEC-2020-0053 (dirs unmaintained) (#236)
    * Bump toml from 0.5.6 to 0.5.7 (#233)
    * Bump toml from 0.5.6 to 0.5.7 (#85)
    * v0.3.0-pre (#73)
    * Bump `rustsec` crate to v0.22.0-pre (#72)
    * v0.22.0-pre (#230)
    * advisory: laxer function path handling (#229)
    * linter: fully deprecate `obsolete` in favor of `yanked` (#228)
    * advisory: `markdown` feature and `Advisory::description_html` (#227)
    * Refactor changes from `fetch` feature (#213) (#226)
    * linter: add support for V3 advisory format (#225)
    * Bump chrono from 0.4.15 to 0.4.19 (#224)
    * cargo fmt
    * Linter: correctly handle crates with dashes in names
    * v6.0.0 (#84)
    * Bump semver from 0.10.0 to 0.11.0 (#83)
    * Bump handlebars from 3.3.0 to 3.5.0 (#69)
    * Bump `cargo-lock` to v5.0; semver to v0.10; MSRV 1.41+ (#217)
    * v5.0.0 (#82)
    * rustdoc fixups (#81)
    * README.md: switch chat badge to Zulip (#80)
    * 5.0.0-rc (#79)
    * Add `docsrs` cfg (#78)
    * Support for listing a single dependency (#77)
    * Implement/extract Cargo-compatible serializer (#76)
    * Add `--dependencies` and `--sources` flags to `cargo lock list` (#75)
    * Implement `cargo lock tree` without arguments (#74)
    * Add `dependency::Tree::roots()` method (#73)
    * bin: make `list` the default command (#72)
    * Have `cargo lock` command print dependency list (#71)
    * Make `cli` feature non-default (#70)
    * WASM support; MSRV 1.41+ (#69)
    * Bump gumdrop from 0.7.0 to 0.8.0 (#55)
    * Bump serde from 1.0.110 to 1.0.116 (#67)
    * Bump crates-index from 0.15.3 to 0.15.4 (#215)
    * Bump crates-index from 0.15.2 to 0.15.3 (#214)
    * Define "fetch" feature (#213)
    * Bump `platforms` crate to v1; MSRV 1.40+ (#210)
    * v1.0.2 (#28)
    * Remove `const fn` on `Platforms::all`; MSRV 1.40+ (#27)
    * .github: add 'override: true' directives; MSRV 1.46+ (#26)
    * v1.0.1 (#25)
    * Make `Platform::all()` a `const fn` (#24)
    * Refactor `Platform::find` and `::guess_current` (#23)
    * Rename `ALL_PLATFORMS` to `Platform::all()` (#22)
    * v1.0.0 (#21)
    * Update LICENSE-MIT
    * Ensure all types have FromStr, Display, and serde impls
    * Documentation fixups
    * 2018 edition updates
    * Make extensible enums `non_exhaustive`; MSRV 1.40+
    * Update deps; whitelist RUSTSEC-2020-0036 (#208)
    * Bump git2 from 0.13.8 to 0.13.10 (#207)
    * Bump git2 from 0.13.6 to 0.13.8 (#201)
    * Bump chrono from 0.4.11 to 0.4.13 (#200)
    * Bump crates-index from 0.15.0 to 0.15.1 (#202)
    * Fix test
    * Add aarch64-pc-windows-msvc
    * Bump handlebars from 3.2.1 to 3.3.0 (#60)
    * v0.2.1 (#63)
    * Added an output mode for use with the production github action (#62)
    * v0.2.0 (#57)
    * Consistent `assign-id` module naming and comments (#56)
    * linter: refactor into `Linter` struct; check all files (#55)
    * Cargo.lock: update dependencies (#54)
    * Have `assignid` command use new `Date::year` method (#53)
    * Bump `rustsec` crate from 0.20.1 to 0.21 (#52)
    * v0.21.0 (#198)
    * Remove legacy `patched_versions` and `unaffected_versions` (#197)
    * Bump crates-index from 0.14.3 to 0.15.0 (#183)
    * Rename `obsolete` advisories to `yanked` (#196)
    * Make `warning::Kind` a #[non_exhausive] enum; rename `Kind::Notice` (#195)
    * Make `Informational` a #[non_exhausive] enum. (#194)
    * Cargo.lock: update dependencies (#193)
    * CHANGELOG.md: reformat for keepachangelog.com (#192)
    * Add `year`, `month`, and `day` methods to `advisory::Date` (#191)
    * add 'unsound' informational advisory kind (#189)
    * Resolves #30
    * v0.20.1 (#186)
    * Add `advisory::Id::numerical_part()` (#185)
    * Refer to Cargo.lock in help for translate (#62)
    * Bump handlebars from 3.0.1 to 3.1.0
    * Bump serde from 1.0.104 to 1.0.110
    * Bump petgraph from 0.5.0 to 0.5.1
    * Bump semver from 0.9.0 to 0.10.0
    * Fix clippy errors
    * Cargo.lock: update dependencies
    * .github: ignore RUSTSEC-2020-0016
    * Bump rustsec from 0.19.0 to 0.20.0
    * v0.20.0
    * Make `WarningInfo` into a simple type alias
    * Bump thiserror from 1.0.10 to 1.0.16
    * Bump rustsec from 0.18.0 to 0.19.0
    * v0.19.0
    * Refactor package scopes (fixes #153)
    * V3 Advisory Format
    * Bump thiserror from 1.0.15 to 1.0.16
    * Bump git2 from 0.13.4 to 0.13.5
    * Bump MSRV to 1.40
    * Bump dependencies to link libgit2 dynamically
    * Cargo.lock: update dependencies
    * address PR comments
    * addres PR comments
    * clippy fix
    * add WarningInfo. modify Warning struct
    * Cargo.lock: update dependencies
    * Cargo.lock: update dependencies
    * lib.rs: fix incorrect flag in documentation
    * Drop support for the V1 advisory format
    * Update dependencies
    * Cargo.lock: Update dependencies
    * Bump rustsec from 0.17.1 to 0.18.0
    * v0.18.0
    * Move yanked crate auditing to `cargo-audit`
    * Bump abscissa_core from 0.5.1 to 0.5.2
    * security_audit.yml: Fix branch name
    * Bump thiserror from 1.0.9 to 1.0.10
    * Bump thiserror from 1.0.9 to 1.0.10
    * Bump handlebars from 3.0.0 to 3.0.1
    * Bump handlebars from 2.0.4 to 3.0.0
    * Bump rustsec from 0.17.0 to 0.17.1
    * v0.17.1
    * Update `cargo-lock` requirement from 3.0 to 4.0
    * Cargo.lock: Update to V2 lockfile format
    * README.md: Document CLI `list` and `tree` subcommands
    * v4.0.1
    * cli: fix executable name
    * v4.0.0
    * cli: `list` subcommand
    * cli: `tree` subcommand
    * .github: add security audit
    * Initial CLI with `translate` subcommand
    * Add From<[u8; 32]> impl for Checksum
    * Add helper methods for working with checksum metadata
    * Minor documentation improvements
    * Use minified version of Cargo's SourceId type
    * Bump handlebars from 2.0.2 to 2.0.4
    * Bump abscissa_core from 0.5.0 to 0.5.1
    * Bump serde from 1.0.101 to 1.0.104
    * [Security] Bump http from 0.1.18 to 0.1.21
    * Overhaul encoding: use serde_derive, proper V1/V2 support
    * Bump termcolor from 1.0.5 to 1.1.0
    * (Re-)Add Serialize impl for Lockfile (fixes #32)
    * Add support Cargo.lock `patch` and `root` (fixes #30)
    * Detect V1 vs V2 Cargo.lock files (fixes #26)
    * Update petgraph requirement from 0.4 to 0.5
    * Add `package::Checksum`
    * Bump once_cell from 1.2.0 to 1.3.1
    * Bump rustsec from 0.16.0 to 0.17.0
    * Cargo.lock: check in; add `actions-rs` caching
    * v0.17.0
    * Upgrade `cargo-edit` to v0.5.0 release; MSRV 1.39+
    * Bump once_cell from 1.2.0 to 1.3.0
    * Bump toml from 0.5.5 to 0.5.6
    * Have `Fixer` take a reference to `Vulnerability`
    * Extract `cargo audit fix` logic into `Fixer`
    * Warn for yanked crates
    * add badge from deps.rs
    * upgrade dependencies
    * Upgrade to Abscissa v0.5
    * Add vendored-openssl feature
    * refactored package_scope's source attribute to vector of sources
    * switched from lazy_static to once_cell for database tests
    * fixed formatting
    * made advisory db in database test static mutex
    * fixed tests for vulnerability querying and changed PackageScope to struct
    * added tests for package scope consideration in vulnerability querying
    * added package scope for querying vulnerabilities
    * try to fix #127
    * Bump MSRV to 1.36
    * Try to auto-detect proxy setting
    * v0.16.0
    * Remove `support.toml` parsing
    * v0.15.2
    * version: Fix matching bug for `>` version requirements
    * v0.1.1
    * Upgrade to `rustsec` crate v0.15.1
    * v0.15.1
    * actions: Run cargo-audit, test MSRV, test on Windows
    * .github: Use actions-rs GitHub Actions config
    * .github: Use actions-rs GitHub Actions config
    * .github: Use actions-rs GitHub Actions config
    * .github: Use actions-rs GitHub Actions config
    * .github: Use actions-rs GitHub Actions config
    * linter: Add "informational" as an allowable [advisory] key
    * repository: Expose `authentication` module
    * v0.15.0
    * Upgrade to `cargo-lock` crate v3
    * v3.0.0
    * Support [[dependencies]] without versions
    * v0.14.1
    * lib.rs: Remove botched `petgraph` re-export
    * Upgrade to cargo-lock v2.0
    * v2.0.0
    * Use two-pass dependency tree computation
    * v2.0.0-pre
    * Remove `Lockfile::root_package()`
    * Cargo.toml: Fix links
    * Cargo.toml: Fix `repository` link
    * cli: Move to new repository
    * v0.1.0
    * linter: Rename command to `lint`; use Abscissa statuses
    * README.md: Header quoting fixup
    * v0.2.1
    * .github/workflows/rust.yml: Initial GitHub Actions config
    * Import implementation from the `rustsec` crate repo
    * .github/workflows/rust.yml: Initial GitHub actions config
    * v0.14.0
    * Initial commit
    * warning: Extract into module; make more like `Vulnerability`
    * Upgrade to `cvss` crate v1.0
    * v1.0.0
    * .github/workflows/rust.yml: Migrate to GitHub Actions
    * .github/workflows/rust.yml: Update template
    * Upgrade to `cargo-lock` crate v1.0
    * v1.0.0
    * dependency/tree: Render trees to an io::Write
    * v1.0.0-pre
    * metadata: Generalize into `Key` and `Value` types
    * .github/workflows/rust.yml: Trigger on [push]
    * .github/workflows/rust.yml: Initial Actions config
    * Refactor dependency handling
    * cli: Add `rustsec web` subcommand
    * cli: Add `rustsec check` subcommand
    * cli: Initial application boilerplate
    * v0.13.0
    * Finish GitHub Actions migration
    * rust.yml: Initial GitHub actions config
    * v0.13.0-alpha4
    * linter: Ensure advisory date's year matches year in advisory ID
    * v0.13.0-alpha3
    * v0.2.1
    * Allow empty `[metadata]` in Cargo.lock files
    * Use the `cargo-lock` crate
    * v0.2.0
    * dependency_graph: Move petgraph types into a module
    * Fix links and add badges
    * v0.1.0
    * Index DependencyGraph by package::Release
    * Import `DependencyGraph` from the `rustsec` crate
    * Import implementation from the `rustsec` crate
    * .travis.yml: Initial Travis CI config
    * Initial commit
    * v0.13.0-alpha2
    * lockfile: Add (optional) DependencyGraph analysis
    * v0.13.0-alpha1
    * Fix unaffected versions
    * Restructure Vulnerability
    * Rename 'db' module to 'database'
    * report: Generate warnings for selected informational advisories
    * vulnerability: Add affected_functions()
    * Add advisory::Linter
    * package: Parse dependencies from Cargo.lock
    * Initial `report` module and built-in report-generating
    * v0.3.0
    * Support for re-serializing CVSS v3.0 values
    * CVSS v3.0 parsing support
    * severity: Add `FromStr` and `serde` support
    * Use index allocation for storing advisories
    * Basic query support
    * Index the `rust` advisory directory from RustSec/advisory-db
    * Add first-class support for GitHub Security Advisories (GHSA)
    * Re-vendor Cargo's git authentication code
    * Further broaden categories
    * support.toml for indicating supported versions
    * Add support for "informational" advisories (closes #134)
    * Add `advisory::Category` (closes RustSec/advisory-db#69)
    * Refactor advisory types: add [affected] and [versions] sections
    * advisory: Add (optional) `cvss` field with CVSS v3.1 score
    * v0.2.0
    * Add `Base::exploitability` and `impact` methods; docs
    * serde support
    * Freshen deps: add `home`, remove `directories` and `failure`
    * Cargo.toml/README.md: Fix broken/missing links
    * v0.1.0
    * .travis.yml: Initial configuration
    * Initial commit
    * Improve lints and deny policy
    * Improved handling of prereleases; MSRV 1.35+
    * Add `Version` and `VersionReq` newtypes
    * v0.12.1
    * Use new inclusive range syntax
    * v0.12.0
    * Update dependencies and use 2018 import conventions; Rust 1.32+
    * Properly set up target::os::TARGET_OS const for unknown OS
    * Re-export all types in advisory::paths::*
    * v0.11.0
    * Cargo.toml: Update 'platforms' crate to v0.2
    * v0.2.0
    * Update platforms to match RustForge
    * Redo 'affected_functions' as 'affected_paths'
    * Update to Rust 2018 edition
    * v0.10.0
    * CHANGES.md: Redo formatting
    * Implement "affected_functions" advisory attribute
    * AdvisoryDatabase::advisories_for_crate: Handle unaffected_versions
    * Update to Rust 2018 edition
    * v0.9.3
    * Create parents of the advisory DB repo dir
    * v0.9.2
    * Handle cloning advisory DB into existing, empty dir
    * Gate `no_dupes_test` under "std"
    * Test all possible feature combinations
    * Fix no_std support when using "serde" feature
    * README.md: Move "Documentation" link up
    * README.md: Use backticks instead of "scare quotes"
    * use home_dir() instead of environment variable HOME
    * use ~/.cargo if CARGO_HOME is unset
    * Derives Deserialize for Vulnerabilities and Vulnerability
    * Derive Serialize for Packages, Vulnerabilities, and Vulnerability
    * v0.9.1
    * Use Cargo's git authentication helper
    * v0.1.4
    * x86_64-apple-darwin: fix typo in target triple name
    * Have markdown-table-gen output links to Platform structs on docs.rs
    * v0.1.3
    * Cargo.toml: Fix Travis CI badge
    * v0.1.2
    * markdown-table-gen: Markdown-formatted platform table generator
    * v0.1.1
    * impl {Display, Error} for packages::Error
    * v0.9.0
    * rustsec-client -> rustsec-crate
    * Use "platforms" crate for platform-related functionality
    * v0.1.0
    * Remove duplicate target::OS::from_str() method
    * Add `guess_current()`
    * Optional serde support
    * v0.0.1
    * Initial commit
    * PlatformReq documentation improvements
    * v0.8.0
    * CHANGES.md: Fix links
    * Advisory platform requirements
    * advisory/keyword.rs: Cargo-like keyword support
    * v0.7.5
    * Allow AdvisoryId::new() to parse "RUSTSEC-0000-0000"
    * v0.7.4
    * Add link to logo image for docs.rs
    * v0.7.3
    * Fix builds with --no-default-features
    * repository/commit.rs: Comment fixup
    * README.md: Tighten up title
    * v0.7.2
    * README.md: Badge fixups, add gitter badge
    * v0.7.1
    * Cargo.toml: Formatting fixups, add "readme" attribute
    * v0.7.0
    * v0.7.0-alpha3
    * Refactor advisory iterator
    * v0.7.0-alpha2
    * Validate dates are well-formed
    * Add AdvisoryIdKind and limited support for parsing advisory IDs
    * Add a "Vulnerabilities" collection struct
    * src/repository: Refactor into multiple modules
    * v0.7.0-alpha1
    * Support converting advisory::Date into chrono::Date
    * Parse git signatures as Strings
    * Parse aliases, references, and unaffected versions
    * Parse (but do not yet verify) signatures on advisory-db commits
    * Parse individual advisory .toml files rather than Advisories.toml
    * Switch to git2-based fetcher for advisory-db
    * advisory.rs: Move AdvisoryId definition below Advisory
    * Use serde to parse advisories TOML and Cargo.lock files
    * Use 'failure' crate for error handling
    * Cargo.toml: Update dependencies
    * Adopt the Contributor Covenant (version 1.4)
    * Factor integration tests into the tests/ directory
    * .travis.yml: Allow failures on OS X and enable fast finish
    * Fix clippy 0.0.212 nits
    * Run rustfmt 0.8.2-nightly (5e599251 2018-07-02)
    * Remove redundant documentation link
    * Bump version to 0.6.0 and update CHANGES.md
    * Use semver::Version for lockfile::Package versions
    * Move AdvisoryDatabase under the ::db module
    * Lockfile support
    * Bump version to 0.5.2 and update CHANGES.md
    * Add AdvisoryDatabase::fetch_from_url()
    * Bump version to 0.5.1 and update CHANGES.md
    * Make "advisory" and "error" modules public
    * Bump version to 0.5.0 and update CHANGES.md
    * Use str version param for AdvisoryDatabase::find_vulns_for_crate()
    * Bump version to 0.4.0 and update CHANGES.md
    * Add AdvisoryDatabase::find_vulns_for_crate()
    * Bump version to 0.3.0 and update CHANGES.md
    * Rename `crate_name` back to `package`
    * Bump version to 0.2.0 and update CHANGES.md
    * Rename `package` TOML attribute to `crate_name`
    * Add iterator support to AdvisoryDatabase
    * Add docs badge to README.md
    * Spell out crate name explicitly
    * Add About section to README
    * Bump version to 0.1.0 and update CHANGES.md
    * Add AdvisoryDatabase struct
    * Fix more README links
    * Fix link in README
    * Initial implementation
    * Add LICENSEs and other README improvements
    * Initial commit
* Mon Jul 05 2021 wbrown@suse.de
  - Update to version 0.14.1~git0.e46dce8:
    * v0.14.1 (#342)
    * Cargo.lock: update several dependencies (#341)
    * Generate release builds with github actions (#337)
    * Cargo.lock: bump various dependencies (#335)
    * Bump rustsec from 0.23.2 to 0.23.3 (#333)
    * v0.14.0 (#330)
    * Cargo.lock: bump `rustsec` to v0.23.2 (#329)
    * README.md: fix "Report Vulnerability" button (#328)
    * Rename 'master' branch to 'main'
    * Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
* Wed Jun 02 2021 wbrown@suse.de
  - Update _service to use upstream monorepo and cargo-audit
  - Update to version 0.14.1~git0.e46dce8:
    * v0.14.1 (#342)
    * Cargo.lock: update several dependencies (#341)
    * Generate release builds with github actions (#337)
    * Cargo.lock: bump various dependencies (#335)
    * Bump rustsec from 0.23.2 to 0.23.3 (#333)
    * v0.14.0 (#330)
    * Cargo.lock: bump `rustsec` to v0.23.2 (#329)
    * README.md: fix "Report Vulnerability" button (#328)
    * Rename 'master' branch to 'main'
    * Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
* Wed Mar 17 2021 wbrown@suse.de
  - Update to version 0.14.0~git0.08c9f3e:
    * v0.14.0 (#330)
    * Cargo.lock: bump `rustsec` to v0.23.2 (#329)
    * README.md: fix "Report Vulnerability" button (#328)
    * Rename 'master' branch to 'main'
    * Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327)
    * Enable informational warnings with deny (#320)
    * When running in no-fetch mode, allow accessing a non-git repo. (#315)
    * Update README.md (#298)
    * Cargo.lock: bump deps (#283)
    * Bump once_cell from 1.4.1 to 1.5.0 (#282)
* Tue Mar 02 2021 wbrown@suse.de
  - Update to version 0.13.1~git5.7797fd5:
    * When running in no-fetch mode, allow accessing a non-git repo. (#315)
    * Update README.md (#298)
    * Cargo.lock: bump deps (#283)
    * Bump once_cell from 1.4.1 to 1.5.0 (#282)
    * CHANGELOG.md: add note about #206 as part of the v0.13.0 release
* Tue Feb 23 2021 William Brown <william.brown@suse.com>
  - Initial submission of v0.13.1

Files

/usr/bin/cargo-audit


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 01:37:12 2025