Skip to content

Commit

Permalink
Prep release (#676)
Browse files Browse the repository at this point in the history
  • Loading branch information
Jake-Shadle authored Jul 25, 2024
1 parent 33241a6 commit de40608
Show file tree
Hide file tree
Showing 14 changed files with 101 additions and 164 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ jobs:
# Also, build and run with musl, this lets us ensure that
# musl still works, which is important for the linux binaries
# we release, but wasn't exercised until now
run: cargo install --path . --debug --target ${{ matrix.target }}
run: cargo install --locked --path . --debug --target ${{ matrix.target }}
- name: self check
run: cargo deny -L debug --all-features --locked check
# - name: check external users
Expand Down
13 changes: 13 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

<!-- next-header -->
## [Unreleased] - ReleaseDate
### Added
- [PR#673](https://github.com/EmbarkStudios/cargo-deny/pull/673) added linting of `[workspace.dependencies]`, resolving [#436](https://github.com/EmbarkStudios/cargo-deny/issues/436) and [#525](https://github.com/EmbarkStudios/cargo-deny/issues/525).
- Added lint [`workspace-duplicates`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-workspace-duplicates-field-optional), which allows checking for missing usage of `workspace = true` for direct workspace dependencies that are used more than once in the workspace.
- Added lint [`unused-workspace-dependencies`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-unused-workspace-dependencies-field-optional), which allows checking for dependencies declared in `[workspace.dependencies]` that aren't actually used.

### Changed
- [PR#673](https://github.com/EmbarkStudios/cargo-deny/pull/673) changed how span information for workspace dependencies worked, which meant improvements were made to the output for the `bans.wildcards` lint. Previously fake cargo manifests were created that weren't even necessarily valid toml files, however now the actual cargo manifests are used, meaning that the lint will now point to the correct file and line location of the dependency declaration that uses a wildcard.
- [PR#675](https://github.com/EmbarkStudios/cargo-deny/pull/675) changed the utf-8 characters used in rendering diagnostics, inspired by [rust-lang/rust#126597](https://github.com/rust-lang/rust/pull/126597).
- [PR#676](https://github.com/EmbarkStudios/cargo-deny/pull/676) updated notably `gix` -> 0.64 (and tame-index).

### Fixed
- [PR#668](https://github.com/EmbarkStudios/cargo-deny/pull/668) resolved [#667](https://github.com/EmbarkStudios/cargo-deny/issues/667) by adding a missing feature flag to allow local cargo registry support.

## [0.14.24] - 2024-05-24
### Changed
- [PR#663](https://github.com/EmbarkStudios/cargo-deny/pull/663) updated some crates, notably `gix` -> 0.63 (and tame-index).
Expand Down
95 changes: 47 additions & 48 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ spdx = "0.10"
# Lazy
strum = { version = "0.26", features = ["derive"] }
# Index retrieval and querying
tame-index = { version = "0.12", default-features = false, features = [
tame-index = { version = "0.13", default-features = false, features = [
"git",
"local",
"sparse",
Expand All @@ -125,7 +125,7 @@ walkdir = "2.3"

# We clone/fetch advisory databases
[dependencies.gix]
version = "0.63"
version = "0.64"
default-features = false
features = [
"blocking-http-transport-reqwest",
Expand All @@ -139,7 +139,7 @@ features = [
fs_extra = "1.3"
# Snapshot testing
insta = { version = "1.21", features = ["json"] }
tame-index = { version = "0.12", features = ["local-builder"] }
tame-index = { version = "0.13", features = ["local-builder"] }
time = { version = "0.3", features = ["serde"] }
toml-span = { version = "0.3", features = ["serde"] }
# We use this for creating fake crate directories for crawling license files on disk
Expand Down
1 change: 1 addition & 0 deletions docs/src/checks/advisories/diags.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# Advisories Diagnostics

<!-- markdownlint-disable-next-line heading-increment -->
### `vulnerability`

A [`vulnerability`](cfg.md#the-vulnerability-field-optional) advisory was detected for a crate.
Expand Down
16 changes: 16 additions & 0 deletions docs/src/checks/bans/cfg.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,22 @@ If specified, alters how the `wildcard` field behaves:

Being limited to private crates is due to crates.io not allowing packages to be published with `path` or `git` dependencies except for `dev-dependencies`.

### The `workspace-duplicates` field (optional)

Determines what happens when a more than 1 direct workspace dependency is resolved to the same crate and 1 or more declarations do not use `workspace = true`

* `deny` - Will emit an error for each dependency declaration that does not use `workspace = true`
* `warn` (default) - Will emit a warning for each dependency declaration that does not use `workspace = true`, but does not fail the check.
* `allow` - Ignores checking for `workspace = true`

### The `unused-workspace-dependencies` field (optional)

Determines what happens when a dependency in [`[workspace.dependencies]`](https://doc.rust-lang.org/cargo/reference/workspaces.html#the-dependencies-table) is not used in the workspace.

* `deny` - Will emit an error for each dependency that is not actually used in the workspace.
* `warn` - Will emit a warning for each dependency that is not actually used in the workspace, but does not fail the check.
* `allow` - (default) Ignores checking for unused workspace dependencies.

### The `highlight` field (optional)

When multiple versions of the same crate are encountered and `multiple-versions` is set to `warn` or `deny`, using the `-g <dir>` option will print out a [dotgraph](https://www.graphviz.org/) of each of the versions and how they were included into the graph. This field determines how the graph is colored to help you quickly spot good candidates for removal or updating.
Expand Down
Loading

0 comments on commit de40608

Please sign in to comment.