Merge pull request #885 from rustsec/sparse-index-release

New release to support sparse index
rustsec · May 10, 2023 · 6f82509 · 6f82509
2 parents 1c8c609 + e3a374a
commit 6f82509
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 6 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/admin/Cargo.toml b/admin/Cargo.toml
@@ -18,7 +18,7 @@ clap = "3"
 comrak = { version = "0.18", default-features = false }
 crates-index = "0.19"
 rust-embed = "6.6.1"
-rustsec = { version = "0.26", features = ["osv-export"] }
+rustsec = { version = "0.27", features = ["osv-export"] }
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = "1"
 termcolor = "1"

diff --git a/cargo-audit/CHANGELOG.md b/cargo-audit/CHANGELOG.md
@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.17.6 (2023-05-10)
+
+### Added
+
+ - Upgraded to `cargo-lock` v9.0.0, which enables support for sparse registries.
+ - When scanning binary files, the binary's platform is taken into account. This prevents scenarios such as Windows-only vulnerabilities being reported on Linux binaries ([#814])
+
+### Fixed
+
+ - Advisories about `cargo audit` itself are no longer printed multiple times when scanning multiple files ([#848])
+
+[#848]: https://github.com/rustsec/rustsec/pull/848
+
 ## 0.17.5 (2023-03-23)
 
 ### Added

diff --git a/cargo-audit/Cargo.toml b/cargo-audit/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name         = "cargo-audit"
 description  = "Audit Cargo.lock for crates with security vulnerabilities"
-version      = "0.17.5"
+version      = "0.17.6"
 authors      = ["Tony Arcieri <[email protected]>"]
 license      = "Apache-2.0 OR MIT"
 homepage     = "https://rustsec.org"
@@ -20,7 +20,7 @@ maintenance = { status = "actively-developed" }
 abscissa_core = "0.6"
 clap = "3"
 home = "0.5"
-rustsec = { version = "0.26.5", features = ["dependency-tree"] }
+rustsec = { version = "0.27.0", features = ["dependency-tree"] }
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = "1"
 thiserror = "1"

diff --git a/rustsec/CHANGELOG.md b/rustsec/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.27.0 (2023-05-10)
+
+### Added
+
+ - Upgraded to `cargo-lock` v9.0.0, which enables support for sparse registries.
+
 ## 0.26.5 (2023-03-22)
 ### Changed
 

diff --git a/rustsec/Cargo.toml b/rustsec/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name         = "rustsec"
 description  = "Client library for the RustSec security advisory database"
-version      = "0.26.5"
+version      = "0.27.0"
 authors      = ["Tony Arcieri <[email protected]>"]
 license      = "Apache-2.0 OR MIT"
 homepage     = "https://rustsec.org"