| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: cargo-audit | Distribution: openSUSE Tumbleweed |
| Version: 0.21.1~git0.bd6fb0f | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Feb 4 01:59:28 2025 |
| Group: Development/Languages/Rust | Build host: reproducible |
| Size: 17002920 | Source RPM: cargo-audit-0.21.1~git0.bd6fb0f-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/RustSec/cargo-audit | |
| Summary: Audit rust sources for known security vulnerabilities | |
Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.
( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+
* Tue Feb 04 2025 william.brown@suse.com
- Remove 0001-Skip-warnings.patch
- Update to version 0.21.1~git0.bd6fb0f:
* bump cargo-audit version in cargo toml, I forgot
* Bump minor version of cargo-lock according to the msrv policy of the crate
* Populate changelogs
* Bump versions of crates to be published
* Documentation tweaks
* Move binary scanning into its own top-level module, improve documentation
* More informative doc strings on BinaryFormat variants
* Fix conditional compilation by always exposing binary format struct in rustsec
* cfg-out binary format type only available with binary scanning enabled
* Remove binary scanning from rustsec default features
* Correctly pass through the binary-scanning feature to rustsec crate
* Do not assert in tests that there are no vulnerabilities in our own Cargo.lock
* lower cargo-lock MSRV to 1.73, that's all that our locked dependencies require
* Bump cargo-lock MSRV to 1.74 following the bump in dependency versions
* Bump other dependencies with vulns, preserving MSRV
* Upgrade url crate to fix self-audit issue
* cargo fmt
* Comment out hanging test
* allow(lint) for allow(lint), how deep does the rabbit hole go?
* Fix typo
* Don't fail the build if something in acceptance test code is missing documentation
* Suppress useless warnings that break the build due to deny(warnings)
* fix: formatting for `*.rs` files
* style: simplify some statements for readability
* cargo fmt
* Fix handling of the database.fetch option
* fix(cargo-lock): normalize everything for git-ref in dependencies
* test(cargo-lock): show tag in dependencies is not normalized
* test(cargo-lock): show branch in dependencies is normalized
* test(cargo-lock): make lockfile loading inline
* update
* move binary-scanning to rustsec api
* Additionnal clippy and fmt fixes
* Make cargo-audit's binary_deps module public
* Do not serialize schema version as 'null' if not set to fix OSV JSON schema compliance
* Fix links to CVSS calculator
* Wording tweak in README
* Document recursive scanning recipe in README.md
* Nicer link
* Document the changes for 0.20.1
* Populate cargo-audit v0.21 changelog
* Commit Cargo.lock changes
* Bump platforms to v3.5.0 following #1278
* chore: regenerate platform support and bump to platforms@3.4.2
* Tue Jan 07 2025 William Brown <william.brown@suse.com>
- add 0001-Skip-warnings.patch to allow building on rust 1.83
* Wed Oct 30 2024 william.brown@suse.com
- Update to version 0.21.0~git0.78f9859:
* cargo-audit v0.21.0 (#1277)
* README.md(s): fix crate badges (#1276)
* rustsec v0.30.0 (#1275)
* Cargo.lock: bump dependencies (#1274)
* Cargo.toml: bump `cargo-lock` to v10.0.1 (#1272)
* cargo-lock v10.0.1 (#1271)
* cargo-lock: fix issue with v4 lockfiles (#1270)
* cargo-audit v0.21.0-rc.0 (#1267)
* rustsec v0.30.0-rc.1 (#1266)
* Cargo.toml(s): fix `repository` links (#1265)
* cargo-lock v10.0.0 (#1264)
* cargo-lock: use `doc_auto_cfg` (#1263)
* cargo-audit: bump `abscissa` to v0.8 (#1262)
* Bump auditable-extract in Cargo.lock for the WASM bugfix
* build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#1259)
* V4 is supported now (#1260)
* rustsec v0.30.0-rc.0 (#1258)
* cargo-lock v10.0.0-rc.0 (#1257)
* cargo-lock: add support for V4 lockfiles (#1206)
* Cargo.lock: bump dependencies (#1256)
* build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#1252)
* bump gix to 0.66 and fwe others (#1251)
* .github: install target in release workflow
* build(deps): bump regex from 1.10.5 to 1.10.6 (#1234)
* build(deps): bump xml-rs from 0.8.20 to 0.8.21 (#1236)
* cargo-audit: make `cargo-lock` a hard dependency (#1239)
* build(deps): bump tame-index from 0.13.0 to 0.13.1
* cargo-audit v0.21.0-pre.0 (#1233)
* rustsec v0.30.0-pre.0 (#1232)
* Bump `gix` => v0.64; `tame-index` => v0.13 (#1230)
* rustsec: fix test name (#1231)
* Bump `auditable-info` => 0.8; `auditable-serde` => v0.7 (#1229)
* Use cargo-lock v10.0.0-pre.0 branch for `auditable-serde` (#1228)
* cargo-lock v10.0.0-pre.0 (#1227)
* cargo-lock: remove `toml` from the public API (#1226)
* Bump `toml` to v0.8 (#1225)
* Bump versions to prepare for breaking changes (#1224)
* CI: re-enable self-audit (#1223)
* Cargo.lock: bump dependencies (#1222)
* build(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1154)
* build(deps): bump xml-rs from 0.8.19 to 0.8.20 (#1163)
* build(deps): bump rust-embed from 8.4.0 to 8.5.0 (#1210)
* build(deps): bump tame-index from 0.12.0 to 0.12.2 (#1215)
* rustsec: re-enable happy path test (#1221)
* build(deps): bump regex from 1.10.4 to 1.10.5 (#1199)
* build(deps): bump gix-attributes from 0.22.2 to 0.22.3 (#1220)
* build(deps): bump mio from 0.8.10 to 0.8.11 (#1219)
* rustsec: Rust 1.80 fixes (#1218)
* deps: bump libc from 0.2.153 to 0.2.155 (#1197)
* build(deps): bump url from 2.5.0 to 2.5.2 (#1201)
* build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.8 (#1214)
* chore: leverage workspace inheritance (#1209)
* chore: cargo fmt
* tweak help to still show default
* feat(cli): Honor CARGO_TERM_COLOR if found for cargo-audit
* chore: regenerate platform support and bump to platforms@3.4.1
* Tue Sep 24 2024 Xiaoguang Wang <xiaoguang.wang@suse.com>
- Update vendor.tar.zst: gix-path improper path resolution
(bsc#1230688 CVE-2024-45405).
* Tue Sep 10 2024 William Brown <william.brown@suse.com>
- explicitly depend on cargo to pull in latest compiler revision
* Tue May 28 2024 william.brown@suse.com
- Update to version 0.20.0~git66.972ac93:
* build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193)
* build(deps): bump softprops/action-gh-release (#1192)
* build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191)
* build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190)
* build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189)
* update `gix` to v0.63 for security fixes
* Upgrade to auditable-info 0.7.2
* build(deps): bump rust-embed from 8.2.0 to 8.3.0
* build(deps): bump semver from 1.0.21 to 1.0.23
* Fix typo `then` -> `them` in index.html
* Drop unused import
* Fix typos
* Use clap to properly parse --color argument
* Remove duplicated arguments from bin subcommand
* Support specifying multiple target arches and oses in cargo-audit
* Make Query's target arch & os a Vec<T> instead of Option<T>
* build(deps): bump tame-index from 0.11.0 to 0.11.1
* Apply clippy suggestions
* Adjust binary type filter for WASM
* WIP WASM auditing support
* Fix warnings added in Rust 1.78
* Regenerate Cargo.lock
* Bump rustsec version
* Drop is-terminal line from rustsec changelog; it's a cargo-audit only change
* Update changelog
* build(deps): bump chrono from 0.4.34 to 0.4.38
* build(deps): bump time from 0.3.34 to 0.3.36
* fix after gix update
* update gix and tame-index
* fix cargo clippy warning and error
* cargo-audit: remove is-terminal dep
* build(deps): bump regex from 1.10.3 to 1.10.4
* Regenerate Cargo.lock
* Bump tame-index and gix versions
* chore: regenerate platform support and bump to platforms@3.4.0
* Document to use cargo install with --locked (fixes #1152)
* Release `rustsec` 0.29.1
* Revert rustsec-admin Cargo.toml entirely
* Bump required tame-index version in admin as well
* Upgrade to gix 0.60 to fix build
* build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1135)
* build(deps): bump auditable-serde from 0.6.0 to 0.6.1
* build(deps): bump toml_edit from 0.22.5 to 0.22.6
* build(deps): bump time from 0.3.32 to 0.3.34
* Tue May 28 2024 william.brown@suse.com
- Update to version 0.20.0~git0.6f4ca87:
* Bump version numbers
* Mention enterprise firewall issue in cargo-audit changelog too
* Fill in cargo-audit changelog
* Expand upon the rewrite description in rustsec changelog
* Fill in rustsec changelog
* Fix link
* build(deps): bump softprops/action-gh-release (#1114)
* build(deps): bump toml_edit from 0.21.1 to 0.22.5 (#1123)
* Bump askama to 0.12
* Update yanked package
* Drop libgit2 advisory from ignore list now that we got rid of libgit2
* build(deps): bump toml_edit from 0.19.15 to 0.21.1
* build(deps): bump chrono from 0.4.33 to 0.4.34
* build(deps): bump is-terminal from 0.4.11 to 0.4.12
* Improve fixer documentation
* Move Cargo path detection out of rustsec and into cargo-audit, to make rustsec more flexible
* Remove rustsec `fix` feature and always enable the fixer, now that it doesn't pull in additional dependencies
* Fix syntax
* Apply review suggestion (style)
* Update cargo-audit/src/commands/audit/fix.rs
* Run `cargo update` in the same dir as Cargo.lock
* Revert 'fix' being a default feature
* Placate clippy
* Print a nice summary at the end
* Better wording
* Remove extraneous newline
* prettier printing
* More detailed reporting
* Set the correct(ish) exit status in dry run mode
* Keep track of unpatchable vulns and failures
* Warn about vulnerabilities without patched versions and do not attempt to upgrade those crates
* Only attempt to upgrade vulnerable versions of a given package
* Fix: run `cargo update`, not just `cargo`
* Add a note that `fix` is experimental
* Update cargo.lock in the wake of cargo-edit removal
* Drop the now-unused dependency cargo-edit
* Drop obsolete Cargo.toml locating logic that breaks in presence of workspaces
* Do not require passing manifest path
* Drop unused imports
* Adapt `cargo audit fix` to the changed rustsec fix api
* Simplify rustsec part of `cargo audit fix`
* cargo fmt
* WIP
* No need to generate lockfile explicitly now that we call `cargo update`, remove that code
* WIP conversion of cargo-audit to the new rustsec fixer API
* cargo fmt
* Do not run `cargo update` when auditing
* Better docs on fixer
* Drop lifetimes from the fixer struct; they are a pointless flex - the cost of cloning is absolutely dwarfed by the cost of calling a subprocess.
* Implement initial prototype of `cargo update`-based package upgrading
* .cargo/audit.toml: ignore RUSTSEC-2024-0013 (#1111)
* WIP
* WIP
* Accept a &Path without allocating for giggles
* Comment out soon-to-be-removed code and make lifetimes work out
* Fix pkgid function signature to accept an immutable borrow
* Bump rustsec to 0.28.6
* Add pkgid function
* Temporarily make 'fix' feature default to ease development
* build(deps): bump is-terminal from 0.4.10 to 0.4.11 (#1105)
* Bump rustsec-admin to 0.8.9
* Rebase
* Remove PYSEC ids
* Update sync for various changes
* HTTPS download for OSV export
* Improve output format
* Add a command to synchronize advisory data from osv.dev/GHSA
* build(deps): bump tame-index from 0.9.2 to 0.9.3
* Wed Feb 07 2024 william.brown@suse.com
- Update to version 0.19.0~git0.c9d1fbe:
* Bump version to 0.19.0
* Update changelog to 0.19
* Fill in link URLs
* Bump version
* populate changelog
* bump version
* Update changelog
* Bump gix to 0.58
* Revert "Merge pull request #1094 from rustsec/revert-1081-gix-upgrade"
* build(deps): bump comrak from 0.18.0 to 0.21.0 (#1090)
* build(deps): bump rust-embed from 6.8.1 to 8.2.0 (#1080)
* Cargo.toml: use `resolver = "2"` (#1095)
* Update abscissa_core and clap; MSRV 1.70 (#1092)
* Revert "gix upgrade to v0.56"
* Fix "error: the borrowed expression implements the required traits" lint
* build(deps): bump actions/cache from 3.0.11 to 4.0.0 (#1088)
* thanks clippy
* upgrade `gix` to v0.56 and `tame-index` to v0.9 to match it
* Bump platforms version to 3.3.0
* Regenerate platforms crate
* build(deps): bump url from 2.4.1 to 2.5.0 (#1071)
* Add a `source` field to `rustsec::Error`, and use it in simple cases. (#1067)
* build(deps): bump fs-err from 2.10.0 to 2.11.0 (#1069)
* Bump rustsec version
* Update changelog
* Turn link into an automatic link
* Display the chain of sources for errors in `cargo audit`
* bump cargo-lock msrv in another place too
* bump cargo-lock msrv again from 1.66 to 1.67
* bump cargo-lock msrv from 1.65 to 1.66
* cargo update
* Update to tame-index 0.8.x and gix 0.55.x
* build(deps): bump rustix from 0.37.21 to 0.37.27
* fix typo html in advisory scores (#1059)
* https://github.com/rustsec/rustsec/pull/1057#pullrequestreview-1714037690
* fix https://github.com/rustsec/rustsec/issues/503
* bump version
* regenerate platforms crate
* Thu Jan 04 2024 William Brown <william.brown@suse.com>
- bsc#1218227 - update vendored dependencies for ssh terrapin attack
* Fri Oct 27 2023 william.brown@suse.com
- Update to version 0.18.3~git0.3544515:
* Bump version
* Populate changelog
* Update the `fix` subcommand to the new API
* Fix deadlock on missing lockfile
* build(deps): bump regex from 1.9.5 to 1.10.2
* Update rustsec changelog
* Configure `gix` with `max-performance-safe` feature
* feat: let `Severity` implement `Hash`
* Bump rustsec version to 0.28.3
* Bump date
* Changelog for 0.28.3
* fix typo
* fix typo
* Update rustsec/src/repository/git/repository.rs
* Expand documentation on locking
* build(deps): bump webpki from 0.22.1 to 0.22.2
* Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors
* cargo fmt
* Use Result instead of an unwrap()
* Fix DB directory locking
* Regenerate Cargo.lock
* Add comment
* Migrade rustsec-admin to tame-index 0.7
* bump gix version in admin too
* cargo fmt
* Switch from Git-compatible locks to OS locks in database checkout
* Purge gix lock to rustsec error conversion; I am removing gix locks
* Only create LockTimeout error variant from tame-index locks
* cargo fmt
* Update docs
* regenerate Cargo.lock
* Initial conversion to tame-index 0.7.1. Compiles but untested.
* Bump admin version
* Populate changelog for admin
* Update Clippy to fix useless warnings
* admin: use `gix` max-performance-safe instead of max-performance
* configure `gix` for best performance
* Bump version to 0.18.2
* thanks clippy
* Populate changelog for cargo-audit
* Require rustsec 0.28.2 in cargo-audit to fix RUSTSEC-2023-0064
* change edition to 2021
* Use tame-index which switches `rustsec-admin` to `gix`.
* Bump version to 0.28.2
* Populate changelog
* Drop hyperlinks to gix in documentation because we don't have the necessary features enabled. Temporary hack to unblock a release with a security fix
* Fix up code to deal with API changes
* Bump tame-index, explicitly depend on `gix` to enable the necessary features
* Fix error reporting on stale lockfile
* build(deps): bump termcolor from 1.2.0 to 1.3.0 (#1009)
* build(deps): bump chrono from 0.4.30 to 0.4.31
* build(deps): bump xml-rs from 0.8.17 to 0.8.18
* Fix `deny = ["warnings"]` being ignored (#995)
* rustsec-admin 0.8.7 (#998)
* Additional information in advisory content (#997)
* build(deps): bump chrono from 0.4.29 to 0.4.30
* commit Cargo.lock
* bump rustsec crate to 0.28.1
* bump tame-index version requirement to 0.5.5, it contains the HTTP/2 change
* Populate changelog
* cargo fmt
* Do not require http2 when establishing the connection
* build(deps): bump chrono from 0.4.27 to 0.4.29
* Appease clippy
* Do not re-lookup packages that are already cached
* build(deps): bump regex from 1.9.4 to 1.9.5
* build(deps): bump xml-rs from 0.8.16 to 0.8.17
* build(deps): bump actions/checkout from 3 to 4
* review feedback: reduce boilerplate
* replace feature default, with v3 and std
* make 'cargo test --no-default-features' run without errors
* Add manual trigger mechanism to release workflow
* Drop remaining 'fix' features
* cargo-audit v0.18.1 (#981)
* Release workflow: don't enable `fix` and `vendored-openssl` features
* Bump versions
* Fill in release date in changelogs
* commit Cargo.lock
* bump rustsec requirement in admin
* Commit Cargo.lock
* bump cargo-audit version to 0.18.0-rc.1
* Bump rustsec to 0.28.0-rc.1
* Mention `fix` feature not being converted in changelog
* Fill in cargo-audit changelog
* build(deps): bump time from 0.3.27 to 0.3.28
* build(deps): bump chrono from 0.4.26 to 0.4.27
* build(deps): bump url from 2.4.0 to 2.4.1
* build(deps): bump regex from 1.9.3 to 1.9.4
* Exclude auto-generation scripts from the published package
* Ignore the file downloaded by the regeneration script
* Bump `platforms` version
* Add myself to authors, I've built out the whole autogeneration infrastructure
* Re-run the generation script
* Bring back the hyperlinks in README.md
* Automatically regenerate the table of known platforms in README
* Turn links into hyperlinks to stop recent rustdoc from complaining (#965)
* Bump version
* Regenerate platforms crate
* Bump MSRV in README.md
* Add another PR
* Also filter warnings by binary type in `cargo audit bin`
* fix build
* Add `affected` field to warnings in `rustsec` so that we could enable platform filtering in `cargo audit bin`
* Correctly state MSRV in changelog
* Populate changelog for the rustsec crate
* remove redundant clone as advised by clippy
* placate clippy
* placate clippy
* Cargo fmt
* Add more methods to CommitHash
* Add forgotten file
* WIP wrapper for gix::ObjectId
* cargo fmt
* Do not expose `toml` types through the public API
* Drop `toml` crate from the public API as well
* Drop unused Error conversion impl
* Add a TODO
* Slightly better doc comments
* Do not expose gix types in the Error public API
* Use a private function for converting from tame_index::Error to rustsec::Error
* don't pub use gix, we do not want it to leak into the public API
* cargo fmt
* Put import at the top to fix doc links
* Feature-gate tame_inxed import
* cargo fmt
* Fix build
* build(deps): bump time from 0.3.26 to 0.3.27
* build(deps): bump tame-index from 0.5.3 to 0.5.4
* cargo fmt
* Handle #[non_exhaustive] enum from tame-index
* Fix remaining discrepancies
* WIP conversion to tame-index 0.5.x and gix 0.52.x
* Fix unknown license handling (#956)
* Print the GHSA URL for GHSA advisories, take 2
* Revert "Print the GHSA URL for GHSA advisories"
* Print the GHSA URL for GHSA advisories
* Expose License type
* Rename license variants
* Implement license + url
* Bump hermit-abi to move away from a yanked version
* Bump rustls-webpki to resolve RUSTSEC-2023-0053
* build(deps): bump regex from 1.9.1 to 1.9.3
* build(deps): bump toml from 0.7.5 to 0.7.6
* build(deps): bump regex from 1.8.4 to 1.9.1
* build(deps): bump time from 0.3.25 to 0.3.26
* Regenerate Cargo.lock
* Use native certificates for TLS
* build(deps): bump petgraph from 0.6.3 to 0.6.4
* build(deps): bump tame-index from 0.4.0 to 0.4.1
* Document locking considerations
* More consistent status printing
* cargo fmt
* Warn before waiting on crates.io cache locks. Verbose but cannot be expressed via a higher-order function, and macros would make it much worse.
* Add lock timeout parameter to open() and fetch()
* Split creating a new remote index into a separate function in preparation for more complex logic around it
* Add a comment
* Drop manual map_err now that the conversion is implemented on rustsec::Error
* cargo fmt made the code more succinct for once, drop my comment complaining about verbosity
* cargo fmt
* Convert from lock error rather than from its immutable borrow
* Implement From conversions for LockTimeout error variant, since we will need to reuse it
* build(deps): bump tame-index from 0.3.1 to 0.4.0
* Fix doc links
* More clear documentation
* Less esoteric pattern matching
* silence unused variable warnings
* Convert cargo-audit to use explicit locking
* Update docs to match code
* Drop unused import
* Create a separate error kind for lock timeouts, and expose configurable lock timeouts from the advanced fetching function only
* Fix docs
* cargo fmt
* Provide a rationale for the bulk API
* Hide index implementation details and remove the performance pitfall of calling is_yanked on individual packages
* Migrate check_for_yanked_crates() to the bulk API
* cargo fmt
* Do not short-cirquit on index update failure
* Rework bulk yank-checking code to report errors granularly instead of short-cirquiting on first error it encounters
* Transparently populate cache from `find_yanked`
* Documentation tweaks
* Even more caching for even faster CI
* Fix intra-doc links
* Explicitly document locking considerations
* Revert "Re-enable self-audit"
* Re-unify CI matrix, fulfilling a TODO
* Attempt to fix CI by explicitly generating the lockfile
* Re-enable self-audit
* Dummy commit to trigger a CI re-run
* Add rust-cache job properly now
* Revert "Add Rust-specific caching job to see if that speeds up CI"
* Dummy commit to trigger a CI re-run
* Add Rust-specific caching job to see if that speeds up CI
* Switch rustsec crate CI back to MSRV to see what happens
* Drop --release from rustsec CI, the tests execute really quickly in debug mode
* No need to reimplement CmdRunner::default() now that binary scanning is a default feature
* Drop the --release flag so that the compilation artifacts could be reused - Abscissa doesn't seem to have an option to run acceptance tests with `cargo run --release`
* Switch to Rust 1.71.0 for select jobs
* Placate both versions of rustfmt
* cargo fmt
* build(deps): bump semver from 1.0.17 to 1.0.18
* Add a TODO
* Re-add some of the comments
* Normalize time offsets to UTC
* Justify clippy opt-out
* Undo autoformat
* Finish up transition to gix
* WIP
* build(deps): bump xml-rs from 0.8.14 to 0.8.16
* Ignore clippy lint
* Checkpoint
* Update error message
* Use `AsyncRemoteSparseIndex::krates_blocking`
* Oops
* Make sparse index cache population parallel
* Fix remaining lints
* Make public
* Fix lint
* Allow clippy lint
* Bump CI
* Bump MSRV to 1.67.0
* Transition from `crates-index` -> `tame-index`
* build(deps): bump atom_syndication from 0.12.1 to 0.12.2 (#921)
* Add license and attribution fields to advisories
* rustsec-admin 0.8.6 (#915)
* Case-insensitive search on website
* build(deps): bump rust-embed from 6.7.0 to 6.8.1 (#909)
* Cargo.lock: bump dependencies (#908)
* build(deps): bump toml from 0.7.3 to 0.7.5 (#904)
* build(deps): bump crates-index from 0.19.8 to 0.19.13 (#903)
* cargo-lock: MSRV 1.65 (#907)
* build(deps): bump openssl from 0.10.52 to 0.10.55 (#906)
* cargo-audit+rustsec: MSRV 1.65 (#905)
* build(deps): bump chrono from 0.4.24 to 0.4.25 (#894)
* Fix edge case in git source dependency resolution
* Update cargo-audit changelog
* Update rustsec crate changelog
* commit Cargo.lock version bump
* Bump rustsec version following the cargo-lock bump
* 🔥 Remove $ from install snippet on README (#879)
* Cargo.lock: update dependencies (#876)
* Bump `cargo-lock` to v0.9 + auditable deps (#875)
* build(deps): bump home from 0.5.4 to 0.5.5 (#874)
* build(deps): bump atom_syndication from 0.12.0 to 0.12.1 (#851)
* build(deps): bump softprops/action-gh-release (#852)
* build(deps): bump rust-embed from 6.6.0 to 6.6.1 (#849)
* build(deps): bump crates-index from 0.19.7 to 0.19.8 (#864)
* cargo-lock v9.0.0 (#870)
* Fix docs build (#871)
* Fix review comments
* Various improvements to the "cargo-lock tree" subcommand
* Fix is_default_registry for sparse index (#859)
* Remove build script for platforms, it's now unused (#856)
* build(deps): bump comrak from 0.16.0 to 0.18.0
* Link to rustsec/audit-check (#854)
* Fix formatting to `cargo fmt` spec.
* Fix #736 - Cargo audit self advisories repeated
* build(deps): bump openssl from 0.10.47 to 0.10.48
* build(deps): bump semver from 1.0.16 to 1.0.17
* cargo fmt
* Wrap binfarce::Format in our own struct to make `binfarce` an optional dependency
* placate clippy
* cargo fmt
* Fix no-default-features compilation by making binfarce an unconditional dependency
* Start fixing up compilation with no default features
* Expand TODO
* Fix filtering by binary type but this makes the dependency on binfarce unconditional (for now)
* Add a FIXME explaining why it's not working
* wire up filtering by binary type
* Initial code for binary-type-based filtering; not wired up yet
* Mon Mar 27 2023 william.brown@suse.com
- Update to version 0.17.5~git0.dc8ec71:
* Set the release date in changelog
* Bump `cargo-audit` version
* Bump `rustsec` crate requirement to 0.26.5, to mandate the version with the fixed libgit2
* Fill in the CHANGELOG
* Do not run all tests from the default feature set twice
* cargo fmt
* Fix version reporting
* Update openssl in Cargo.lock files
* More changelog entries
* cargo fmt
* Fix type inference error
* Fill in changelog
* Bump version to 0.26.5
* build(deps): bump regex from 1.7.1 to 1.7.2
* build(deps): bump rust-embed from 6.4.2 to 6.6.0
* build(deps): bump chrono from 0.4.23 to 0.4.24
* Bump crates-index to 0.19
* rustsec: Fix git2 via cargo-edit-9 fork
* fix(cargo-audit): set clap bin_name to cargo (#824)
* fix(cargo-audit): Better the formatting of severity output
* Add vulnerability severity to the cargo-audit report presenter
* test(cargo-audit): Ensure informational warnings are shown by default
* fix(cargo-audit): Add unsound and notice to default informational warnings
* Resolves #622
* fix(cargo-audit): Remove latest commit signature check
* Re-enable MacOS CI with `--all-features`
* Bump `platforms` version
* Regenerate the `platforms` crate for rustc 1.69.0-nightly (8996ea93b 2023-02-09)
* build(deps): bump toml from 0.7.1 to 0.7.2 (#811)
* build(deps): bump petgraph from 0.6.2 to 0.6.3 (#810)
* Use new feature/dependency syntax (#809)
* build(deps): bump toml from 0.7.0 to 0.7.1 (#806)
* build(deps): bump toml from 0.6.0 to 0.7.0 (#805)
* admin: bump `chrono` to v0.4.23 (#803)
* build(deps): bump atom_syndication from 0.11.0 to 0.12.0 (#777)
* build(deps): bump comrak from 0.15.0 to 0.16.0 (#802)
* build(deps): bump toml from 0.5.9 to 0.6.0 (#797)
* Bump `toml` crate dependency to v0.6 (#800)
* Cargo.lock: bump dependencies (#799)
* build(deps): bump regex from 1.6.0 to 1.7.1 (#785)
* cvss: bump MSRV to 1.60 (#798)
* build(deps): bump fs-err from 2.8.1 to 2.9.0 (#744)
* build(deps): bump termcolor from 1.1.3 to 1.2.0 (#791)
* cargo-audit: refactor OS-specific CI configuration (#796)
* cargo-lock: use `Display` for `io::ErrorKind`; MSRV 1.60 (#794)
* cargo-lock: mark `SourceKind` as `#[non_exhaustive]` (#793)
* cargo-lock: support sparse registry references in Lockfiles (#780)
* release rustsec-admin 0.8.5 (#789)
* release rustsec-admin 0.8.5 (#788)
* Escape search term to prevent reflected XSS (#787)
* Add top-level severity field to OSV advisories
* cargo-lock: implement From<Name> for String (#776)
* build(deps): bump comrak from 0.14.0 to 0.15.0 (#760)
* Bump rust-embed from 6.4.2 to 6.5.0 (#766)
* Bump semver from 1.0.14 to 1.0.16 (#772)
* Bump softprops/action-gh-release (#770)
* cargo-lock v8.0.3 (#768)
* Fixed inconsistency in encoding lockfiles where there's only one registry for all packages (#767)
* Prepare rustsec-admin release 0.8.4 (#765)
* release rustsec 0.26.4
* Make URL a hyperlink
* Add CHANGELOG.md entry
* Store crates.io index versions as strings instead of semver
* Revert "Skip invalid semver in crates.io index"
* Skip invalid semver in crates.io index
* Appease clippy
* Appease clippy
* Add publication date
* Wed Nov 09 2022 william.brown@suse.com
- Update to version 0.17.4~git0.0b05e18:
* Set 0.17.4 date in changelog
* Bump `cargo-audit` to 0.17.4
* Update documentation for 0.17.4; `cargo audit bin` is now officially enabled by default
* Fix homepage style on mobile (#755)
* Add comment
* Only attempt to check for yanked crates for crates coming from crates.io
* Remove an unused inport
* placate Clippy
* cargo fmt
* Fix #747 in `cargo-audit instead, and don't silence errors that occur during checking for yanked crates`
* Revert "Only check if a package is yanked if it comes from crates.io; fixes #747" This is a significant behavioral change that should only come with a semver bump
* Add tests validating yank behavior so that #747 can't regress again
* Only check if a package is yanked if it comes from crates.io; fixes #747
* Add a test fixture depending on a yanked crate
* Consolidate CODE_OF_CONDUCT.d files into one; switch to Rust code of conduct (#751)
* Release rustsec-admit 0.8.3
* fix links in admin/CHANGELOG.md
* bump `platforms` to 3.0.2
* regenerate `platforms` crate
* Prepare rustsec-admin release
* Tue Nov 01 2022 william.brown@suse.com
- Update to version 0.17.3~git0.fdb9752:
* Set release date in CHANGELOG.md
* Clarify changelog
* Depend on rustsec 0.26.3 which added the CachedIndex used in `cargo audit bin`
* bump cargo-audit to 0.17.3
* bump rustsec to 0.26.3
* More complete changelog for rustsec crate
* Drop obsolete comment - html_root_url no longer exists
* Add cargo-auditable to home page
* Thu Oct 06 2022 william.brown@suse.com
- Update to version 0.17.2~git0.bccf8a5:
* Don't use --locked in release workflow to allow publishing again
* cargo-audit: Update CHANGELOG
* Fix `bin` screenshot URL in the README
* Skip dotfiles in advisory-db checkout
* Set the release date in CHANGELOG.md
* Add the `cargo audit bin` screenshot to README
* cargo fmt
* Migrate to the released version of auditable-info
* Mon Oct 03 2022 William Brown <william.brown@suse.com>
- Add _constraints to prevent random failures due to OBS resource
issues.
* Wed May 25 2022 william.brown@suse.com
- Update to version 0.17.0~git0.5214457:
* cargo-audit v0.17.0 (#576)
* rustsec-admin v0.7.0 (#575)
* rustsec v0.26.0 (#574)
* rustsec: flatten `advisory::id` module; rename `IdKind` (#573)
* rustsec: flatten `warnings` module; rename `WarningKind` (#572)
* rustsec: add `doc_cfg` annotations when building on docs.rs (#571)
* cargo-audit: terminal output fixups (#570)
* cargo-lock v8.0.1 (#569)
* cargo-lock: fix dependency source extraction for V2 lockfiles (#568)
* build(deps): bump cargo-edit from 0.9.0 to 0.9.1 (#566)
* Tue May 24 2022 William Brown <william.brown@suse.com>
- Automatic update of vendored dependencies
* Tue Apr 05 2022 William Brown <william.brown@suse.com>
- Automatic update of vendored dependencies
* Fri Mar 18 2022 William Brown <william.brown@suse.com>
- Update to use cargo-packaging
* Mon Mar 14 2022 william.brown@suse.com
- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
* Wed Mar 02 2022 wbrown@suse.de
- Update to vendored libraries to resolve security issues
/usr/bin/cargo-audit
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Feb 9 01:19:28 2025