cargo vet check --frozen(a disabled network) will infer the existence of crates using versions in audits when checking audit-as-crates-io policies (#661)
- Added support for declaring wildcard audits and trusted entries for crates published using "Trusted Publishing" (#671)
cargo vetwill no longer prompt to renew expiring wildcard audits for inactive crates (#648)cargo vet renew --expiringwill no longer renew expiring wildcard audits for inactive crates (#649)
-
Various improvements to the diff and inspect subcommands:
- Added support for using diff.rs with the diff and inspect subcommands (#625, #633, #635)
- The diff and inspect subcommands will remember the most recently used mode, and automatically use it next time (#633)
- The default mode for diff and inspect was changed to diff.rs (#611, #633)
-
Crates.io metadata caching was changed to avoid issues where incorrect crates.io state was being cached locally, leading to confusing results (#631)
-
Unnecessary imports and publisher entries will be removed when adding importing another audit or publisher entry for the same crate (#621)
- This is intended to reduce churn and unnecessary entries in
imports.lockwithout running prune explicitly
- This is intended to reduce churn and unnecessary entries in
-
Network requests made by cargo vet will now respect the cargo
http.cainfoconfig option (#615) -
Suggest output will now also mention criteria which implies the minimum required criteria (#614)
-
Audit files being aggregated with the aggregate subcommand will now be validated before being aggregated, to avoid generating invalid aggregate audits files (#586)
-
Local wildcard audits are now preferred over imported wildcard audits when determining audit paths (#588)
-
Binary releases are now built in CI and published to github using
cargo dist(#600)