diff --git a/CHANGELOG.md b/CHANGELOG.md index 85ed19f9..4da28f67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] - ReleaseDate +### Fixed +- [PR#491](https://github.com/EmbarkStudios/cargo-deny/pull/491) resolved [#490](https://github.com/EmbarkStudios/cargo-deny/issues/490) by building libgit2 from vendored sources instead of relying on potentially outdated packages. + ## [0.13.6] - 2023-01-11 ### Changed - [PR#489](https://github.com/EmbarkStudios/cargo-deny/pull/489) updated dependencies, notably `clap`, `cargo`, and `git2` diff --git a/Cargo.lock b/Cargo.lock index e3d9cd99..18f92f0c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1007,9 +1007,9 @@ checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" [[package]] name = "libgit2-sys" -version = "0.14.0+1.5.0" +version = "0.14.1+1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47a00859c70c8a4f7218e6d1cc32875c4b55f6799445b842b0d8ed5e4c3d959b" +checksum = "4a07fb2692bc3593bda59de45a502bb3071659f2c515e28c71e728306b038e17" dependencies = [ "cc", "libc", diff --git a/Cargo.toml b/Cargo.toml index ddc8f372..7223e9b6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ name = "cargo-deny" path = "src/cargo-deny/main.rs" [features] -default = ["vendored-openssl"] +default = ["vendored-openssl", "vendored-libgit2"] # Allows the use of a vendored version openssl when compiling libgit, which allows # us to compile static executables (eg musl) and avoid system dependencies vendored-openssl = [ @@ -33,6 +33,7 @@ vendored-openssl = [ "crates-index/vendored-openssl", "git2/vendored-openssl", ] +vendored-libgit2 = ["cargo?/vendored-libgit2", "git2/vendored-libgit2"] # Allows embedding cargo as a library so that we can run in minimal (eg container) # environments that don't need to have cargo/rust installed on them for cargo-deny # to still function