./security/cargo-audit, Audit Cargo.lock files for crates with security vulnerabilities

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.21.0, Package name: cargo-audit-0.21.0, Maintainer: pkgsrc-users

Cargo-audit allows you to audit Cargo.lock files for crates with
security vulnerabilities reported to the RustSec Advisory Database.

Cargo-audit is provided as the cargo subcommand "audit".


Master sites:

Filesize: 1041.216 KB

Version history: (Expand)


CVS history: (Expand)


   2024-12-16 20:12:17 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
cargo-audit: fix building with Rust 1.83.0
   2024-11-21 10:39:06 by pin | Files touched by this commit (3) | Package updated
Log message:
security/cargo-audit: update to 0.21.0

No changelog provided.
   2024-10-15 05:39:30 by pin | Files touched by this commit (3) | Package updated
Log message:
security/cargo-audit: update to 0.20.1

No ChangeLog provided, but should fix:
http://shadow.netbsd.org/pub/pkgsrc/packages/reports/HEAD/NetBSD-10.0-x86_64/20241014.0745/cargo-audit-0.20.0/build.log
   2024-03-22 13:06:44 by pin | Files touched by this commit (3) | Package updated
Log message:
security/cargo-audit: update to 0.20.0

v0.20.0
 - New breaking releases of `cargo audit` v0.20 and `rustsec` v0.29

v0.19.0
 - Release `cargo audit` 0.19.0
   2023-10-26 10:02:21 by pin | Files touched by this commit (3) | Package updated
Log message:
security/cargo-audit: update to 0.18.3

Bring it up-to-date, v0.17.6 -> v0.18.3

No ChangeLogs provided.
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-05-16 21:40:53 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
cargo-audit: update to 0.17.6.

Changes not found.
   2023-04-27 13:58:19 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
cargo-audit: update to 0.17.5.

0.17.5 (2023-03-23)

Added

    Vulnerability severity is now included in the cargo audit output, if known (#825)

Changed

    Advisories marked informational = unsound are now reported by default, but \ 
only as warnings (#819). They do not cause the audit to fail, i.e. the exit code \ 
of the process is still 0. This behavior can be suppressed through the \ 
configuration file.

Fixed

    The help text now correctly refers to the command as cargo audit instead of \ 
cargo audit audit (#824)
    The --version argument now works correctly, reporting the current version (#838)

0.17.4 (2022-11-08)

Fixed

    Checks for yanked crates were broken since 0.17.0. This release restores \ 
them and adds tests to prevent future regressions.

Changed

    Binary scanning is enabled by default and documented as such. It can still \ 
be disabled by disabling the binary-scanning feature.

0.17.3 (2022-11-01)

Added

    cargo audit bin now attempts to detect dependencies in binaries not built \ 
with cargo auditable by parsing the panic messages (#729). This only detects \ 
about a half of the dependency list and never detects C code such as OpenSSL, \ 
but works on any Rust binaries built with cargo.
    Added integration tests for the --deny=warnings flag.

Fixed

    cargo audit bin --deny=warnings no longer exits after finding the first \ 
binary with warnings.

Changed

    Up to 5x faster cargo audit bin when scanning multiple files thanks to \ 
caching crates.io index lookups (implemented in rustsec crate).
    Notices about cargo audit or rustsec will now result in a scanning error \ 
being reported (exit code 2) as opposed to reporting them as vulnerabilities in \ 
the scanned binary (exit code 1). They are treated as warnings by default, so \ 
--deny=warnings is required to observe the new behavior.
    The binary-scanning feature that adds the cargo audit bin subcommand is now \ 
enabled by default, but is not documented as such.

0.17.2 (2022-10-07)

Changed

    Fixed the screenshot URL in README.md

0.17.1 (2022-10-07)

Added

    Initial support for scanning binaries built with cargo auditable