cargo-deny

Version updated for EmbarkStudios/cargo-deny-action to version v1.5.5.

• This publisher is shown as erified by GitHub.
• This action is used across all versions by 2,483 repositories.

Go to the GitHub Marketplace to find the latest changes.

Release notes

Added

• PR#545 added the ability to specify additional license exceptions via additional configuration files.
• PR#549 added the bans.build configuration option, opting in to checking for file extensions, native executables, and interpreted scripts. This resolved #43.

Changed

• PR#557 introduced changes to how dev-dependencies are handled. By default, crates that are only used as dev-dependencies (ie, there are no normal nor build dependency edges linking them to other crates) will no longer be considered when checking for multiple-versions violations. This can be re-enabled via the bans.multiple-versions-include-dev config field. Additionally, licenses are no longer checked for dev-dependencies, but can be re-enabled via licenses.include-dev the config field. dev-dependencies can also be completely disabled altogether, but this applies to all checks, including advisories and sources, so is not enabled by default. This behavior can be enabled by using the exclude-dev field, or the --exclude-dev command line flag. This change resolved #322, #329, #413 and #497.

Fixed

• PR#549 fixed #548 by correctly locating cargo registry indices from an git ssh url.
• PR#549 fixed #552 by correctly handling signal interrupts and removing the advisory-dbs lock file.
• PR#549 fixed #553 by adding the native-certs feature flag that can enable the OS native certificate store.

Deprecated

• PR#549 moved bans.allow-build-scripts to bans.build.allow-build-scripts. bans.allow-build-scripts is still supported, but emits a warning.

• EmbarkStudios
• GitHub Actions