File cargo-auditable.changes of Package cargo-auditable
------------------------------------------------------------------- Fri Nov 29 02:28:10 UTC 2024 - william.brown@suse.com - Update to version 0.6.6~0: * Bump version in Cargo.toml * Note the `object` upgrade in the changelog * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint * Update dependencies in the lock file * Populate changelog * apply clippy lint * add another --emit parsing test * shorter code with cargo fmt * Actually fix cargo-c compatibility * Attempt to fix cargo-capi incompatibility * Refactoring in preparation for fixes * Also read the --emit flag to rustc * Fill in changelogs * Bump versions * Drop cfg'd out tests * Drop obsolete doc line * Move dependency cycle tests from auditable-serde to cargo-auditable crate * Remove cargo_metadata from auditable-serde API surface. I can expose it as a separate crate if anyone tells me they need it. * Apply clippy lint * Upgrade miniz_oxide to 0.8.0 * Insulate our semver from miniz_oxide semver * Add support for Rust 2024 edition * Update tests * More robust OS detection for riscv feature detection * bump version * update changelog for auditable-extract 0.3.5 * Fix wasm component auditable data extraction * Update blocker description in README.md * Add openSUSE to adopters * Update list of know adopters * Fix detection of `riscv64-linux-android` target features * Silence noisy lint * Bump version requirement in rust-audit-info * Fill in changelogs * Bump semver of auditable-info * Drop obsolete comment now that wasm is enabled by default * Remove dependency on cargo-lock * Brag about adoption in the README * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc * Also build musl binaries * dist: update dist config for future releases * dist(cargo-auditable): ignore auditable2cdx for now * chore: add cargo-dist ------------------------------------------------------------------- Fri Jul 19 03:11:26 UTC 2024 - William Brown <william.brown@suse.com> - Resolve build failure when backported to 15-SP3 ------------------------------------------------------------------- Fri Jul 19 02:02:31 UTC 2024 - William Brown <william.brown@suse.com> - Depend on provides of rust to allow older compiler version usage ------------------------------------------------------------------- Tue May 28 04:48:14 UTC 2024 - william.brown@suse.com - Update to version 0.6.4~0: * Release cargo-auditable v0.6.4 * Correctly attribute changelog file addition in changelog * Add changelog for auditable-extract * Verify various feature combinations in CI * Upgrade wasmparser to remove dependencies with `unsafe` * Add LoongArch support * cargo fmt * Move doc headers to README.md and point rustdoc to them, so that we have nice crates.io pages * Expand on the note about WebAssembly parsing * Populate changelogs * Resume bragging about all dependencies being safe, now that there is a caveat below * drop fuzz Cargo.lock to always fuzz against latest versions * Bump `cargo auditable` version * Mention WASM support in README * Revert "Be super duper extra sure both MinGW and MSVC are tested on CI" * Be super duper extra sure both MinGW and MSVC are tested on CI * Add wasm32 targets to CI for more platforms * Don't pass --target twice in tests * Install WASM toolchain in CI * cargo fmt * Add WASM end-to-end test * cargo fmt * Update documentation to mention the WASM feature * cargo fmt * Plumb WASM parsing feature through the whole stack * Make WASM parsing an optional, non-default feature * Add a fuzzing harness for WASM parsing * Rewritten WASM parsing to avoid heap allocations * Initial WASM extraction support * Nicer assertion * Drop obsolete comment * Clarify that embedding the compiler version has shipped. * Fixed section name for WASM * Unified and more robust platform detection. Fixed wasm build process * Initial WASM support * More robust platform detection for picking the binary format * Fix Windows CI to run both -msvc and -gnu * Use the correct link.exe flag for preserving the specified symbol even if it is unused * Fix Windows * Fix tests on Rust 1.77 * Placate clippy * Oopps, I meant components field * Also remove the dependencies field if empty * Use serde_json with order preservation feature to get a more compressible JSON after workarounds * Work around cyclonedx-bom limitations to produce minified JSON * Also record the dependency kind * cyclonedx-bom: also record PURL * Also write the dependency tree * Clear the serial number in the minimal CycloneDX variant * Prototype impl of auditable2cdx * Fill in auditable2cdx dependencies * Initial auditable2cdx boilerplace * add #![forbid(unsafe_code)] * Initial implementation of auditable-to-cyclonedx conversion * Add the necessary dependencies to auditable-cyclonedx * Initial dummy package for auditable-cyclonedx ------------------------------------------------------------------- Tue Mar 5 01:17:29 UTC 2024 - Soc Virnyl Estela <uncomfy+openbuildservice@uncomfyhalomacro.pl> - Update specfile: * remove cargo_config file - Update service file: * replace obsoleted "disabled" mode with "manual" - Update to version 0.6.2~0: * Update the lockfile * New releases of cargo-auditable and auditable-serde * Use a separate project for the custom rustc path tests. Fixes intermittent test failures due to race conditions * Revert "add commit hashes to git sources" * Fix cyclic dependency graph being encoded * Revert "An unsuccessful attempt to fix cycles caused by dev-dependencies" * An unsuccessful attempt to fix cycles caused by dev-dependencies * Fix typo * Add comment * Add a test for an issue with cyclic dependencies reported at https://github.com/rustsec/rustsec/issues/1043 * Fix auditable-serde example not building * upgrade dependency miniz_oxide to 0.6.0 * fix formatting errors * apply clippy lints for --all-features * improve the internal docs and comments * apply clippy lints * add missing sources for one of test fixtures * add commit hashes to git sources * Run all tests on CI * cargo fmt * Run `cargo clean` in tests to get rid of stale binaries * Fix date in changelog * Populate changelog * Bump auditable-info version in rust-audit-info * Add auditable-info changelog * Bump versions following cargo-lock bump * auditable-serde: bump `cargo-lock` to v9 * switch to UNRELEASED * Update CHANGELOG.md * Print a better error if calling rustc fails * Drop unused import * placate Clippy * Don't inject audit info if --print argument is passed to rustc * Reflect the version change in Cargo.lock * Remove space from keywords * bump version to 0.6.1 * Fix date in changelog * Update CHANGELOG.md * Add publish=false * Commit the generated manpage * Add the code for generating a manpage; rather rudimentary so far, but it's a starting point * Explain relation to supply chain attacks * Add keywords to the Cargo manifest * Revert "generate a man page for cargo auditable" * fix formatting * fix review feedback, relocate file to under OUT_DIR, don't use anyhow and also commit the lock file * generate a man page for cargo auditable * Add Clippy suppression * placate clippy * commit Cargo.lock * Sync to latest object file writing code from rustc * Fix examples in docs * Allow redundant field names * Apply clippy suggestion: match -> if let * Check for clippy and format in CI * Apply clippy suggestions * Run CI with --locked ------------------------------------------------------------------- Thu Feb 23 14:27:09 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com> - Update to version 0.6.0~0: * README and documentation improvements * Read the rustc path passed by Cargo; fixes #90 * Read location of Cargo from the environment variable Cargo sets for third-party subcommands * Add a note on sccache version compatibility to CHANGELOG.md * Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error * Specifying the binary-scanning feature is no longer needed * Pass options such as --offline to `cargo metadata` * Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83 * Bump rust-audit-info to 0.5.2 * Bump auditable-serde version to 0.5.2 * Correctly fill in the source even in dependency entries when converting to cargo-lock data format * Drop the roundtrip through &str in semver::Version; now that semver 1.0 has shipped the versions are API-compatible and this is no longer necessary * Release auditable-info 0.6.1 * Bump all the version requirements for things depending on auditable-info * Fix audit_info_from_slice function signature ------------------------------------------------------------------- Thu Nov 3 04:31:16 UTC 2022 - William Brown <william.brown@suse.com> - Initial commit
