pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/security/cargo-audit
From: Thomas Klausner
Date: 2023-04-27 13:58:19
Message id: 20230427115820.0D80EFA87@cvs.NetBSD.org

Log Message:
cargo-audit: update to 0.17.5.

0.17.5 (2023-03-23)

Added

    Vulnerability severity is now included in the cargo audit output, if known (#825)

Changed

    Advisories marked informational = unsound are now reported by default, but \ 
only as warnings (#819). They do not cause the audit to fail, i.e. the exit code \ 
of the process is still 0. This behavior can be suppressed through the \ 
configuration file.

Fixed

    The help text now correctly refers to the command as cargo audit instead of \ 
cargo audit audit (#824)
    The --version argument now works correctly, reporting the current version (#838)

0.17.4 (2022-11-08)

Fixed

    Checks for yanked crates were broken since 0.17.0. This release restores \ 
them and adds tests to prevent future regressions.

Changed

    Binary scanning is enabled by default and documented as such. It can still \ 
be disabled by disabling the binary-scanning feature.

0.17.3 (2022-11-01)

Added

    cargo audit bin now attempts to detect dependencies in binaries not built \ 
with cargo auditable by parsing the panic messages (#729). This only detects \ 
about a half of the dependency list and never detects C code such as OpenSSL, \ 
but works on any Rust binaries built with cargo.
    Added integration tests for the --deny=warnings flag.

Fixed

    cargo audit bin --deny=warnings no longer exits after finding the first \ 
binary with warnings.

Changed

    Up to 5x faster cargo audit bin when scanning multiple files thanks to \ 
caching crates.io index lookups (implemented in rustsec crate).
    Notices about cargo audit or rustsec will now result in a scanning error \ 
being reported (exit code 2) as opposed to reporting them as vulnerabilities in \ 
the scanned binary (exit code 1). They are treated as warnings by default, so \ 
--deny=warnings is required to observe the new behavior.
    The binary-scanning feature that adds the cargo audit bin subcommand is now \ 
enabled by default, but is not documented as such.

0.17.2 (2022-10-07)

Changed

    Fixed the screenshot URL in README.md

0.17.1 (2022-10-07)

Added

    Initial support for scanning binaries built with cargo auditable

Files:

Revision	Action	file
1.5	modify	pkgsrc/security/cargo-audit/Makefile
1.3	modify	pkgsrc/security/cargo-audit/cargo-depends.mk
1.4	modify	pkgsrc/security/cargo-audit/distinfo