Skip to content

chore(deps): update pre-commit hook embarkstudios/cargo-deny to v0.19.1#24

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/embarkstudios-cargo-deny-0.x
Open

chore(deps): update pre-commit hook embarkstudios/cargo-deny to v0.19.1#24
renovate[bot] wants to merge 1 commit intomainfrom
renovate/embarkstudios-cargo-deny-0.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Apr 13, 2026

This PR contains the following updates:

Package Type Update Change
EmbarkStudios/cargo-deny repository patch 0.19.00.19.1

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

EmbarkStudios/cargo-deny (EmbarkStudios/cargo-deny)

v0.19.1

Compare Source

Fixed
  • PR#833 fixed an issue where the maximum advisory database staleness was over 14 years instead of the intended 90 days.
  • PR#839 fixed an issue where unsound advisories would appear for transitive dependencies despite requesting them only for workspace dependencies, resolving #​829.
  • PR#840 resolved #​797 by passing --filter-platform when collecting cargo metadata if only a single target was requested either in the config or via the command line.
  • PR#841 fixed an issue where --frozen would not disable fetching of the advisory DB, resolving #​759.
  • PR#842 and PR#844 updated crates. Notably krates was updated to resolve two issues with crates being pruned from the graph used when running checks. Resolving these two issues may mean that updating cargo-deny may highlight issues that were previously hidden.
    • EmbarkStudios/krates#106 would fail to pull in crates brought in via a feature if that crate had its lib target renamed by the package author.
    • EmbarkStudios/krates#109 would fail to bring in optional dependencies if they were brought in by a weak feature in a crate also brought in by a weak feature.
Changed
  • PR#830 removed gix in favor of shelling out to git. This massively improves build times and eases maintenance as gix bumps minor versions quite frequently. If cargo-deny is used in an environment that for some reason allows internet access but doesn't have git available, the advisory database would need to be updated before calling cargo-deny.
  • PR#838 removed rustsec in favor of manually implemented advisory parsing and checking, with a nightly cron job that checks that the implementation exactly matches rustsec on the official rustsec advisory db.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants