All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
cargo audit bin
now attempts to detect dependencies in binaries not built withcargo auditable
by parsing the panic messages (#729). This only detects about a half of the dependency list and never detects C code such as OpenSSL, but works on any Rust binaries built withcargo
.- Added integration tests for the
--deny=warnings
flag.
cargo audit bin --deny=warnings
no longer exits after finding the first binary with warnings.
- Up to 5x faster
cargo audit bin
when scanning multiple files thanks to caching crates.io index lookups (implemented inrustsec
crate). - Notices about
cargo audit
orrustsec
will now result in a scanning error being reported (exit code 2) as opposed to reporting them as vulnerabilities in the scanned binary (exit code 1). They are treated as warnings by default, so--deny=warnings
is required to observe the new behavior.
- Fixed the screenshot URL in README.md
- Initial support for scanning binaries built with
cargo auditable
- Update Abscissa to 0.6; replace
gumdrop
withclap
v3 (#525) - 2021 edition upgrade (#539)
- MSRV 1.57 (#539, #574)
- Bump
rustsec
to v0.26 (#574)
- Terminal output fixups (#570)
- Bump
rustsec
dependency to v0.25; MSRV 1.52 (#480)
- Parse
--color=auto
correctly (#436)
vendored-libgit2
feature (#432)
- Pin
thiserror
andzeroize
to avoid MSRV breakages (#415)
- New exit status (
2
) for Cargo.lock parsing errors (#368)
- Bump
rustsec
crate dependency to v0.24 (#388)
- Generate release builds with github actions (#337)
- Bump rustsec from 0.23.2 to 0.23.3 (#333)
- When running in no-fetch mode, allow accessing a non-git repo (#315)
- Enable informational warnings with deny (#320)
- Bump
rustsec
dependency to v0.23 (#327) - MSRV 1.46+ (#327)
- Split
-D
/--deny
and--deny-warnings
(#278) - Bump
rustsec
crate to v0.22.2 ([#277])
- JSON serialization ([#277])
- Support for project specific config directories (#252)
- Bump
rustsec
crate to v0.22; MSRV 1.41+ (#271) - JSON report format changes (#271)
- Presenter improvements (#268)
- Make warning types an argument (#206)
fix --dry-run
no longer requires argument (#231)
- Update
rustsec
crate to v0.20 (#221) - Regenerate lockfile after
cargo audit fix
(#219) - Update dependencies; MSRV 1.40+ (#216)
- Improve yanked crate auditing messages and config (#200)
- Fix
-c
/--color
command line argument (#199)
- Add
vendored-openssl
feature (#193)
- Update
rustsec
crate to v0.17 release; MSRV 1.39+ (#186, #188) - Warn for yanked crates (#180)
- Respect sources of dependencies when auditing (#175)
- Upgrade to
abscissa
v0.5 (#174) cargo audit fix
subcommand (#157, #166, #181)
- Update to
rustsec
crate v0.15.2 (#149) - presenter: Cleanups for informational advisories (#148)
- presenter: Print better message when no solution is available (#144)
- Update to
rustsec
crate v0.15 (#138)
- Update to
rustsec
crate v0.14.1 (#134)
- Add
--deny-warnings
option (#128) - Upgrade to
rustsec
crate v0.14 (#126) - Configuration file:
~/.cargo/audit.toml
(#123, #125) - Fix
--help
(#113) - Warn for outdated
rustsec
crate versions (#112) - Display warnings for select informational advisories (#110)
- Display dependency trees with each advisory (#109)
- Fix
--version
(#101)
- Use the Abscissa application framework (#85, #87, #92, #94)
- Implement
--no-fetch
(#97) - Add support for reading lockfiles from STDIN (#98)
- Switch from
term
totermcolor
crate (#83) - Update
gumdrop
to v0.6,rustsec
crate to v0.12; min Rust 1.32+ (#82) - Produce valid JSON when no vulnerabilities are detected (#77)
- Implement
--ignore
option (#75)
- Fix option parsing (#64)
- Update to Rust 2018 edition (#61)
- Update to
rustsec
crate v0.10 (#59) - Prevent
--help
from exiting with error (#57) - Add
--json
flag for JSON output (#41)
- Have
cargo audit version
exit with status0
(#38)
- Refactoring and UI improvements (#37)
- Upgrade
rustsec
crate to 0.9 (#36)
- Honor the
affected_platforms
attribute (#35) - Update
rustsec
crate dependency to0.8
series (#34) - Update
term
crate dependency to0.5
series (#31)
- README.md: Use
<img>
tag for screenshot so it renders on crates.io (#28)
- Near rewrite of cargo-audit using
rustsec
0.7.0 (#22)
- Use crate isatty to resolve Windows build errors (#14)
- Upgrade to rustsec 0.6.0 crate (#12)
- Configurable colors (#10)
- Avoid panicking if there are no dependencies (#8)
- Handle error and instruct the user to generate a lockfile before audit (#6)
- Make cargo-audit a proper cargo subcommand (#2)
- Initial release