Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2023-10-27 22:28:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cargo-audit" Fri Oct 27 22:28:28 2023 rev:16 rq:1120659 version:0.18.3~git0.3544515 Changes: -------- --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2023-03-27 18:16:51.939291945 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.17445/cargo-audit.changes 2023-10-27 22:28:59.297264124 +0200 @@ -1,0 +2,274 @@ +Fri Oct 27 03:17:26 UTC 2023 - [email protected] + +- Update to version 0.18.3~git0.3544515: + * Bump version + * Populate changelog + * Update the `fix` subcommand to the new API + * Fix deadlock on missing lockfile + * build(deps): bump regex from 1.9.5 to 1.10.2 + * Update rustsec changelog + * Configure `gix` with `max-performance-safe` feature + * feat: let `Severity` implement `Hash` + * Bump rustsec version to 0.28.3 + * Bump date + * Changelog for 0.28.3 + * fix typo + * fix typo + * Update rustsec/src/repository/git/repository.rs + * Expand documentation on locking + * build(deps): bump webpki from 0.22.1 to 0.22.2 + * Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors + * cargo fmt + * Use Result instead of an unwrap() + * Fix DB directory locking + * Regenerate Cargo.lock + * Add comment + * Migrade rustsec-admin to tame-index 0.7 + * bump gix version in admin too + * cargo fmt + * Switch from Git-compatible locks to OS locks in database checkout + * Purge gix lock to rustsec error conversion; I am removing gix locks + * Only create LockTimeout error variant from tame-index locks + * cargo fmt + * Update docs + * regenerate Cargo.lock + * Initial conversion to tame-index 0.7.1. Compiles but untested. + * Bump admin version + * Populate changelog for admin + * Update Clippy to fix useless warnings + * admin: use `gix` max-performance-safe instead of max-performance + * configure `gix` for best performance + * Bump version to 0.18.2 + * thanks clippy + * Populate changelog for cargo-audit + * Require rustsec 0.28.2 in cargo-audit to fix RUSTSEC-2023-0064 + * change edition to 2021 + * Use tame-index which switches `rustsec-admin` to `gix`. + * Bump version to 0.28.2 + * Populate changelog + * Drop hyperlinks to gix in documentation because we don't have the necessary features enabled. Temporary hack to unblock a release with a security fix + * Fix up code to deal with API changes + * Bump tame-index, explicitly depend on `gix` to enable the necessary features + * Fix error reporting on stale lockfile + * build(deps): bump termcolor from 1.2.0 to 1.3.0 (#1009) + * build(deps): bump chrono from 0.4.30 to 0.4.31 + * build(deps): bump xml-rs from 0.8.17 to 0.8.18 + * Fix `deny = ["warnings"]` being ignored (#995) + * rustsec-admin 0.8.7 (#998) + * Additional information in advisory content (#997) + * build(deps): bump chrono from 0.4.29 to 0.4.30 + * commit Cargo.lock + * bump rustsec crate to 0.28.1 + * bump tame-index version requirement to 0.5.5, it contains the HTTP/2 change + * Populate changelog + * cargo fmt + * Do not require http2 when establishing the connection + * build(deps): bump chrono from 0.4.27 to 0.4.29 + * Appease clippy + * Do not re-lookup packages that are already cached + * build(deps): bump regex from 1.9.4 to 1.9.5 + * build(deps): bump xml-rs from 0.8.16 to 0.8.17 + * build(deps): bump actions/checkout from 3 to 4 + * review feedback: reduce boilerplate + * replace feature default, with v3 and std + * make 'cargo test --no-default-features' run without errors + * Add manual trigger mechanism to release workflow + * Drop remaining 'fix' features + * cargo-audit v0.18.1 (#981) + * Release workflow: don't enable `fix` and `vendored-openssl` features + * Bump versions + * Fill in release date in changelogs + * commit Cargo.lock + * bump rustsec requirement in admin + * Commit Cargo.lock + * bump cargo-audit version to 0.18.0-rc.1 + * Bump rustsec to 0.28.0-rc.1 + * Mention `fix` feature not being converted in changelog + * Fill in cargo-audit changelog + * build(deps): bump time from 0.3.27 to 0.3.28 + * build(deps): bump chrono from 0.4.26 to 0.4.27 + * build(deps): bump url from 2.4.0 to 2.4.1 + * build(deps): bump regex from 1.9.3 to 1.9.4 + * Exclude auto-generation scripts from the published package + * Ignore the file downloaded by the regeneration script + * Bump `platforms` version + * Add myself to authors, I've built out the whole autogeneration infrastructure + * Re-run the generation script + * Bring back the hyperlinks in README.md + * Automatically regenerate the table of known platforms in README + * Turn links into hyperlinks to stop recent rustdoc from complaining (#965) + * Bump version + * Regenerate platforms crate + * Bump MSRV in README.md + * Add another PR + * Also filter warnings by binary type in `cargo audit bin` + * fix build + * Add `affected` field to warnings in `rustsec` so that we could enable platform filtering in `cargo audit bin` + * Correctly state MSRV in changelog + * Populate changelog for the rustsec crate + * remove redundant clone as advised by clippy + * placate clippy + * placate clippy + * Cargo fmt + * Add more methods to CommitHash + * Add forgotten file + * WIP wrapper for gix::ObjectId + * cargo fmt + * Do not expose `toml` types through the public API + * Drop `toml` crate from the public API as well + * Drop unused Error conversion impl + * Add a TODO + * Slightly better doc comments + * Do not expose gix types in the Error public API + * Use a private function for converting from tame_index::Error to rustsec::Error + * don't pub use gix, we do not want it to leak into the public API + * cargo fmt + * Put import at the top to fix doc links + * Feature-gate tame_inxed import + * cargo fmt + * Fix build + * build(deps): bump time from 0.3.26 to 0.3.27 + * build(deps): bump tame-index from 0.5.3 to 0.5.4 + * cargo fmt + * Handle #[non_exhaustive] enum from tame-index + * Fix remaining discrepancies + * WIP conversion to tame-index 0.5.x and gix 0.52.x + * Fix unknown license handling (#956) + * Print the GHSA URL for GHSA advisories, take 2 + * Revert "Print the GHSA URL for GHSA advisories" + * Print the GHSA URL for GHSA advisories + * Expose License type + * Rename license variants + * Implement license + url + * Bump hermit-abi to move away from a yanked version + * Bump rustls-webpki to resolve RUSTSEC-2023-0053 + * build(deps): bump regex from 1.9.1 to 1.9.3 + * build(deps): bump toml from 0.7.5 to 0.7.6 + * build(deps): bump regex from 1.8.4 to 1.9.1 + * build(deps): bump time from 0.3.25 to 0.3.26 + * Regenerate Cargo.lock + * Use native certificates for TLS + * build(deps): bump petgraph from 0.6.3 to 0.6.4 + * build(deps): bump tame-index from 0.4.0 to 0.4.1 + * Document locking considerations + * More consistent status printing + * cargo fmt + * Warn before waiting on crates.io cache locks. Verbose but cannot be expressed via a higher-order function, and macros would make it much worse. + * Add lock timeout parameter to open() and fetch() + * Split creating a new remote index into a separate function in preparation for more complex logic around it + * Add a comment + * Drop manual map_err now that the conversion is implemented on rustsec::Error + * cargo fmt made the code more succinct for once, drop my comment complaining about verbosity + * cargo fmt + * Convert from lock error rather than from its immutable borrow + * Implement From conversions for LockTimeout error variant, since we will need to reuse it + * build(deps): bump tame-index from 0.3.1 to 0.4.0 + * Fix doc links + * More clear documentation + * Less esoteric pattern matching + * silence unused variable warnings + * Convert cargo-audit to use explicit locking + * Update docs to match code + * Drop unused import + * Create a separate error kind for lock timeouts, and expose configurable lock timeouts from the advanced fetching function only + * Fix docs + * cargo fmt + * Provide a rationale for the bulk API + * Hide index implementation details and remove the performance pitfall of calling is_yanked on individual packages + * Migrate check_for_yanked_crates() to the bulk API + * cargo fmt + * Do not short-cirquit on index update failure + * Rework bulk yank-checking code to report errors granularly instead of short-cirquiting on first error it encounters + * Transparently populate cache from `find_yanked` + * Documentation tweaks + * Even more caching for even faster CI + * Fix intra-doc links + * Explicitly document locking considerations + * Revert "Re-enable self-audit" + * Re-unify CI matrix, fulfilling a TODO + * Attempt to fix CI by explicitly generating the lockfile + * Re-enable self-audit + * Dummy commit to trigger a CI re-run + * Add rust-cache job properly now + * Revert "Add Rust-specific caching job to see if that speeds up CI" + * Dummy commit to trigger a CI re-run + * Add Rust-specific caching job to see if that speeds up CI + * Switch rustsec crate CI back to MSRV to see what happens + * Drop --release from rustsec CI, the tests execute really quickly in debug mode + * No need to reimplement CmdRunner::default() now that binary scanning is a default feature + * Drop the --release flag so that the compilation artifacts could be reused - Abscissa doesn't seem to have an option to run acceptance tests with `cargo run --release` + * Switch to Rust 1.71.0 for select jobs + * Placate both versions of rustfmt + * cargo fmt + * build(deps): bump semver from 1.0.17 to 1.0.18 + * Add a TODO + * Re-add some of the comments + * Normalize time offsets to UTC + * Justify clippy opt-out + * Undo autoformat + * Finish up transition to gix + * WIP + * build(deps): bump xml-rs from 0.8.14 to 0.8.16 + * Ignore clippy lint + * Checkpoint + * Update error message + * Use `AsyncRemoteSparseIndex::krates_blocking` + * Oops + * Make sparse index cache population parallel + * Fix remaining lints + * Make public + * Fix lint + * Allow clippy lint + * Bump CI + * Bump MSRV to 1.67.0 + * Transition from `crates-index` -> `tame-index` + * build(deps): bump atom_syndication from 0.12.1 to 0.12.2 (#921) + * Add license and attribution fields to advisories + * rustsec-admin 0.8.6 (#915) + * Case-insensitive search on website + * build(deps): bump rust-embed from 6.7.0 to 6.8.1 (#909) + * Cargo.lock: bump dependencies (#908) + * build(deps): bump toml from 0.7.3 to 0.7.5 (#904) + * build(deps): bump crates-index from 0.19.8 to 0.19.13 (#903) + * cargo-lock: MSRV 1.65 (#907) + * build(deps): bump openssl from 0.10.52 to 0.10.55 (#906) + * cargo-audit+rustsec: MSRV 1.65 (#905) + * build(deps): bump chrono from 0.4.24 to 0.4.25 (#894) + * Fix edge case in git source dependency resolution + * Update cargo-audit changelog + * Update rustsec crate changelog + * commit Cargo.lock version bump + * Bump rustsec version following the cargo-lock bump + * ð¥ Remove $ from install snippet on README (#879) + * Cargo.lock: update dependencies (#876) + * Bump `cargo-lock` to v0.9 + auditable deps (#875) + * build(deps): bump home from 0.5.4 to 0.5.5 (#874) + * build(deps): bump atom_syndication from 0.12.0 to 0.12.1 (#851) + * build(deps): bump softprops/action-gh-release (#852) + * build(deps): bump rust-embed from 6.6.0 to 6.6.1 (#849) + * build(deps): bump crates-index from 0.19.7 to 0.19.8 (#864) + * cargo-lock v9.0.0 (#870) + * Fix docs build (#871) + * Fix review comments + * Various improvements to the "cargo-lock tree" subcommand + * Fix is_default_registry for sparse index (#859) + * Remove build script for platforms, it's now unused (#856) + * build(deps): bump comrak from 0.16.0 to 0.18.0 + * Link to rustsec/audit-check (#854) + * Fix formatting to `cargo fmt` spec. + * Fix #736 - Cargo audit self advisories repeated + * build(deps): bump openssl from 0.10.47 to 0.10.48 + * build(deps): bump semver from 1.0.16 to 1.0.17 + * cargo fmt + * Wrap binfarce::Format in our own struct to make `binfarce` an optional dependency + * placate clippy + * cargo fmt + * Fix no-default-features compilation by making binfarce an unconditional dependency + * Start fixing up compilation with no default features + * Expand TODO + * Fix filtering by binary type but this makes the dependency on binfarce unconditional (for now) + * Add a FIXME explaining why it's not working + * wire up filtering by binary type + * Initial code for binary-type-based filtering; not wired up yet + +------------------------------------------------------------------- Old: ---- rustsec-0.17.5~git0.dc8ec71.tar.zst New: ---- rustsec-0.18.3~git0.3544515.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cargo-audit.spec ++++++ --- /var/tmp/diff_new_pack.aV3STP/_old 2023-10-27 22:29:00.753317526 +0200 +++ /var/tmp/diff_new_pack.aV3STP/_new 2023-10-27 22:29:00.757317673 +0200 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version: 0.17.5~git0.dc8ec71 +Version: 0.18.3~git0.3544515 Release: 0 Summary: Audit rust sources for known security vulnerabilities License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++++++ _service ++++++ --- /var/tmp/diff_new_pack.aV3STP/_old 2023-10-27 22:29:00.797319140 +0200 +++ /var/tmp/diff_new_pack.aV3STP/_new 2023-10-27 22:29:00.801319287 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/RustSec/rustsec.git</param> <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="scm">git</param> - <param name="revision">cargo-audit/v0.17.5</param> + <param name="revision">cargo-audit/v0.18.3</param> <param name="match-tag">cargo-audit*</param> <param name="versionrewrite-pattern">.*v(\d+\.\d+\.\d+)</param> <param name="versionrewrite-replacement">\1</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.aV3STP/_old 2023-10-27 22:29:00.821320020 +0200 +++ /var/tmp/diff_new_pack.aV3STP/_new 2023-10-27 22:29:00.821320020 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/RustSec/rustsec.git</param> - <param name="changesrevision">dc8ec71098bd202c9e1177329f512173a4ffa029</param></service></servicedata> + <param name="changesrevision">3544515990b09441ecc12df8d0291bc6f23d3d30</param></service></servicedata> (No newline at EOF) ++++++ cargo_config ++++++ --- /var/tmp/diff_new_pack.aV3STP/_old 2023-10-27 22:29:00.841320754 +0200 +++ /var/tmp/diff_new_pack.aV3STP/_new 2023-10-27 22:29:00.845320901 +0200 @@ -3,5 +3,4 @@ [source.vendored-sources] directory = "vendor" -(No newline at EOF) ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.aV3STP/_old and /var/tmp/diff_new_pack.aV3STP/_new differ
