Skip to content

chore(deps): update embarkstudios/cargo-deny-action action to v2.0.17#16953

Merged
ehuss merged 1 commit intomasterfrom
renovate/embarkstudios-cargo-deny-action-2.x
May 1, 2026
Merged

chore(deps): update embarkstudios/cargo-deny-action action to v2.0.17#16953
ehuss merged 1 commit intomasterfrom
renovate/embarkstudios-cargo-deny-action-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 1, 2026

This PR contains the following updates:

Package Type Update Change
EmbarkStudios/cargo-deny-action action patch v2.0.15v2.0.17

Release Notes

EmbarkStudios/cargo-deny-action (EmbarkStudios/cargo-deny-action)

v2.0.17: Release 2.0.17 - cargo-deny 0.19.2

Compare Source

Fixed

v2.0.16: Release 2.0.16 - cargo-deny 0.19.1

Compare Source

Fixed
  • PR#833 fixed an issue where the maximum advisory database staleness was over 14 years instead of the intended 90 days.
  • PR#839 fixed an issue where unsound advisories would appear for transitive dependencies despite requesting them only for workspace dependencies, resolving #​829.
  • PR#840 resolved #​797 by passing --filter-platform when collecting cargo metadata if only a single target was requested either in the config or via the command line.
  • PR#841 fixed an issue where --frozen would not disable fetching of the advisory DB, resolving #​759.
  • PR#842 and PR#844 updated crates. Notably krates was updated to resolve two issues with crates being pruned from the graph used when running checks. Resolving these two issues may mean that updating cargo-deny may highlight issues that were previously hidden.
    • EmbarkStudios/krates#106 would fail to pull in crates brought in via a feature if that crate had its lib target renamed by the package author.
    • EmbarkStudios/krates#109 would fail to bring in optional dependencies if they were brought in by a weak feature in a crate also brought in by a weak feature.
Changed
  • PR#830 removed gix in favor of shelling out to git. This massively improves build times and eases maintenance as gix bumps minor versions quite frequently. If cargo-deny is used in an environment that for some reason allows internet access but doesn't have git available, the advisory database would need to be updated before calling cargo-deny.
  • PR#838 removed rustsec in favor of manually implemented advisory parsing and checking, with a nightly cron job that checks that the implementation exactly matches rustsec on the official rustsec advisory db.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 5am on the first day of the month"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@rustbot rustbot added A-infrastructure Area: infrastructure around the cargo repo, ci, releases, etc. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 1, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 1, 2026

r? @ehuss

rustbot has assigned @ehuss.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ehuss, @epage, @weihanglo
  • @ehuss, @epage, @weihanglo expanded to ehuss, epage, weihanglo
  • Random selection from ehuss, epage, weihanglo

@ehuss ehuss added this pull request to the merge queue May 1, 2026
Merged via the queue into master with commit cb222b4 May 1, 2026
29 checks passed
@ehuss ehuss deleted the renovate/embarkstudios-cargo-deny-action-2.x branch May 1, 2026 10:38
@rustbot rustbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label May 1, 2026
@weihanglo weihanglo mentioned this pull request May 2, 2026
Merged
rust-bors Bot pushed a commit to rust-lang/rust that referenced this pull request May 2, 2026
@bors
Auto merge of #156069 - weihanglo:update-cargo, r=weihanglo
8275de8 
Update cargo submodule

10 commits in eb9b60f1f6604b5e022c56be31692c215b8ba11d..4f9b52075316e9ced380c8fa492858048d5758b6
2026-04-24 20:52:07 +0000 to 2026-05-01 22:36:41 +0000
- chore(deps): update compatible (rust-lang/cargo#16952)
- feat(lints): Add deny-by-default text_direction_codepoint lints (rust-lang/cargo#16950)
- chore(deps): update embarkstudios/cargo-deny-action action to v2.0.17 (rust-lang/cargo#16953)
- docs(guide): Switch from third-party to first-party unused deps detection (rust-lang/cargo#16946)
- Remove curl dependency from crates-io crate (rust-lang/cargo#16936)
- chore(deps): update gix to 0.83 (rust-lang/cargo#16945)
- fix(compile): Where possible, hint about misplaced deps  (rust-lang/cargo#16940)
- Remove `windows-sys` from `home` (rust-lang/cargo#16918)
- docs(resolver): `--precise <yanked>` is on stable (rust-lang/cargo#16944)
- Update `gix` to 0.82 (with security fixes and hardened parsers) (rust-lang/cargo#16941)
@rustbot rustbot added this to the 1.97.0 milestone May 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehuss ehuss ehuss approved these changes

Assignees

@ehuss ehuss

Labels

A-infrastructure Area: infrastructure around the cargo repo, ci, releases, etc.

Projects

None yet

Milestone

1.97.0

Development

Successfully merging this pull request may close these issues.

2 participants

@rustbot @ehuss