PublicArchive/cargo
2
0
Fork 0
mirror of https://github.com/rust-lang/cargo.git synced 2026-05-06 08:36:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): update embarkstudios/cargo-deny-action action to v2.0.17 (#16953)

Browse Source 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[EmbarkStudios/cargo-deny-action](https://redirect.github.com/EmbarkStudios/cargo-deny-action)
| action | patch | `v2.0.15` → `v2.0.17` |

---

### Release Notes

<details>
<summary>EmbarkStudios/cargo-deny-action
(EmbarkStudios/cargo-deny-action)</summary>

###
[`v2.0.17`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.17):
Release 2.0.17 - cargo-deny 0.19.2

[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.16...v2.0.17)

##### Fixed

-
[PR#845](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/845)
fixed structural issues with SARIF output, resolving
[#&#8203;818](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/818).
Thanks
[@&#8203;KyleChamberlin](https://redirect.github.com/KyleChamberlin)!

###
[`v2.0.16`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.16):
Release 2.0.16 - cargo-deny 0.19.1

[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.15...v2.0.16)

##### Fixed

-
[PR#833](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/833)
fixed an issue where the maximum advisory database staleness was over 14
years instead of the intended 90 days.
-
[PR#839](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/839)
fixed an issue where unsound advisories would appear for transitive
dependencies despite requesting them only for workspace dependencies,
resolving
[#&#8203;829](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/829).
-
[PR#840](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/840)
resolved
[#&#8203;797](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/797)
by passing `--filter-platform` when collecting cargo metadata if only a
single target was requested either in the config or via the command
line.
-
[PR#841](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/841)
fixed an issue where `--frozen` would not disable fetching of the
advisory DB, resolving
[#&#8203;759](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/759).
-
[PR#842](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/842)
and
[PR#844](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/844)
updated crates. Notably `krates` was updated to resolve two issues with
crates being pruned from the graph used when running checks. Resolving
these two issues may mean that updating cargo-deny may highlight issues
that were previously hidden.
-
[EmbarkStudios/krates#106](https://redirect.github.com/EmbarkStudios/krates/issues/106)
would fail to pull in crates brought in via a feature if that crate had
its `lib` target renamed by the package author.
-
[EmbarkStudios/krates#109](https://redirect.github.com/EmbarkStudios/krates/issues/109)
would fail to bring in optional dependencies if they were brought in by
a weak feature in a crate *also* brought in by a weak feature.

##### Changed

-
[PR#830](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/830)
removed `gix` in favor of shelling out to `git`. This massively improves
build times and eases maintenance as `gix` bumps minor versions quite
frequently. If cargo-deny is used in an environment that for some reason
allows internet access but doesn't have `git` available, the advisory
database would need to be updated before calling cargo-deny.
-
[PR#838](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/838)
removed `rustsec` in favor of manually implemented advisory parsing and
checking, with a nightly cron job that checks that the implementation
exactly matches rustsec on the official rustsec advisory db.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - "before 5am on the first day of the month"
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/rust-lang/cargo).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
This commit is contained in:
Eric Huss
2026-05-01 10:04:37 +00:00
committed by GitHub
parent 60960cbe41 fab92f5e06
commit cb222b49a9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/audit.yml
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
- bans licenses sources
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15
- uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
with: