You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PR#802 made relative paths passed to --config be resolved relative to the current working directory (rather than the resolved manifest path's directory).
PR#825 updated gix, reqwest, and tame-index to newer versions. The reqwest 0.13 changes means it is no longer possible to choose the source of root certificates for gix, so that decision is now left to rustls-platform-verifier. The native-certs feature has thus been removed, and cargo-deny no longer defaults to using webpki-roots.
Fixed
PR#802 fixed path handling of paths passed to --config, resolving #748.
PR#819 added locations to all SARIF results since that's mandatory for valid SARIF.
PR#795 added [bans.allow-workspace] to allow workspace crates while denying all external crates.
PR#800 added [licenses.include-build] to toggle whether build dependencies are included in the license check.
PR#823 added [advisories.unused-ignored-advisory] to disable the warning when an advisory is ignored but not encountered in the crate graph.
PR#826 added [advisories.unsound] to determine which crates can show unsound advisories, similarly to the unmaintained field. Defaults to workspace crates, ignoring unsound advisories for transitive dependencies, resolving #824.
