Merging upstream version 1.74.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-30 18:31:44 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-30 18:31:44 +0000
commit: c23a457e72abe608715ac76f076f47dc42af07a5 (patch)
tree: 2772049aaf84b5c9d0ed12ec8d86812f7a7904b6 /src/tools/cargo/CHANGELOG.md
parent: Releasing progress-linux version 1.73.0+dfsg1-1~progress7.99u1. (diff)
download: rustc-c23a457e72abe608715ac76f076f47dc42af07a5.tar.xz
rustc-c23a457e72abe608715ac76f076f47dc42af07a5.zip
1 files changed, 161 insertions, 15 deletions
diff --git a/src/tools/cargo/CHANGELOG.md b/src/tools/cargo/CHANGELOG.md
index 0141302c8..f2c9bd0eb 100644
--- a/src/tools/cargo/CHANGELOG.md
+++ b/src/tools/cargo/CHANGELOG.md
@@ -1,23 +1,110 @@
 # Changelog
 
+## Cargo 1.74 (2023-11-16)
+[80eca0e5...HEAD](https://github.com/rust-lang/cargo/compare/80eca0e5...HEAD)
+
+### Added
+
+### Changed
+
+### Fixed
+
+### Nightly only
+
+### Documentation
+
+- ❗ Policy change: Checking `Cargo.lock` into version control is now the default choice,
+  even for libraries. Lockfile and CI integration documentations are also expanded.
+  [Policy docs](https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control),
+  [Lockfile docs](https://doc.rust-lang.org/nightly/cargo/guide/cargo-toml-vs-cargo-lock.html),
+  [CI docs](https://doc.rust-lang.org/nightly/cargo/guide/continuous-integration.html),
+  [#12382](https://github.com/rust-lang/cargo/pull/12382)
+
 ## Cargo 1.73 (2023-10-05)
-[45782b6b...HEAD](https://github.com/rust-lang/cargo/compare/45782b6b...HEAD)
+[45782b6b...rust-1.73.0](https://github.com/rust-lang/cargo/compare/45782b6b...rust-1.73.0)
 
 ### Added
 
+- Print environment variables for `cargo run/bench/test` in extra verbose mode `-vv`.
+  [#12498](https://github.com/rust-lang/cargo/pull/12498)
+- Display package versions on Cargo timings graph.
+  [#12420](https://github.com/rust-lang/cargo/pull/12420)
+
 ### Changed
 
+- Cargo now bails out when using `cargo::` in custom build scripts. This is
+  a preparation for an upcoming change in build script invocations.
+  [#12332](https://github.com/rust-lang/cargo/pull/12332)
+- Make Cargo `--help` easier to browse.
+  [#11905](https://github.com/rust-lang/cargo/pull/11905)
+- Prompt the use of `--nocapture` flag if `cargo test` process is terminated via a signal.
+  [#12463](https://github.com/rust-lang/cargo/pull/12463)
+- Preserve jobserver file descriptors on the rustc invocation for getting target information.
+  [#12447](https://github.com/rust-lang/cargo/pull/12447)
+- Clarify in `--help` that `cargo test --all-targets` excludes doctests.
+  [#12422](https://github.com/rust-lang/cargo/pull/12422)
+- Normalize `cargo.toml` to `Cargo.toml` on publish, and warn on other cases of `Cargo.toml`.
+  [#12399](https://github.com/rust-lang/cargo/pull/12399)
+
 ### Fixed
 
+- Only skip mtime check on `~/.cargo/{git,registry}`.
+  [#12369](https://github.com/rust-lang/cargo/pull/12369)
+- Fixed `cargo doc --open` crash on WSL2.
+  [#12373](https://github.com/rust-lang/cargo/pull/12373)
+- Fixed panic when enabling `http.debug` for certain strings.
+  [#12468](https://github.com/rust-lang/cargo/pull/12468)
+- Fixed `cargo remove` incorrectly removing used patches.
+  [#12454](https://github.com/rust-lang/cargo/pull/12454)
+- Fixed crate checksum lookup query should match on semver build metadata.
+  [#11447](https://github.com/rust-lang/cargo/pull/11447)
+- Fixed printing multiple warning messages for unused fields in `[registries]` table.
+  [#12439](https://github.com/rust-lang/cargo/pull/12439)
+
 ### Nightly only
 
+- 🔥 The `-Zcredential-process` has been reimplemented with a clearer way to
+  communicate  with different credential providers. Several built-in providers
+  are also added to Cargo.
+  [docs](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process)
+  [#12334](https://github.com/rust-lang/cargo/pull/12334)
+  [#12396](https://github.com/rust-lang/cargo/pull/12396)
+  [#12424](https://github.com/rust-lang/cargo/pull/12424)
+  [#12440](https://github.com/rust-lang/cargo/pull/12440)
+  [#12461](https://github.com/rust-lang/cargo/pull/12461)
+  [#12469](https://github.com/rust-lang/cargo/pull/12469)
+  [#12483](https://github.com/rust-lang/cargo/pull/12483)
+  [#12499](https://github.com/rust-lang/cargo/pull/12499)
+  [#12507](https://github.com/rust-lang/cargo/pull/12507)
+  [#12512](https://github.com/rust-lang/cargo/pull/12512)
+  [#12518](https://github.com/rust-lang/cargo/pull/12518)
+  [#12521](https://github.com/rust-lang/cargo/pull/12521)
+  [#12526](https://github.com/rust-lang/cargo/pull/12526)  
+  Some notable changes:
+  - Renamed `credential-process` to `credential-provider` in Cargo configurations.
+  - New JSON protocol for communicating with external credential providers via stdin/stdout.
+  - The GNOME Secert provider now dynamically loads `libsecert`.
+  - The 1password provider is no longer built-in.
+  - Changed the unstable key for asymmetric tokens from `registry-auth` to `credential-process`.
+- ❗️ Removed `--keep-going` flag support from `cargo test` and `cargo bench`.
+  [#12478](https://github.com/rust-lang/cargo/pull/12478)
+  [#12492](https://github.com/rust-lang/cargo/pull/12492)
 - Fixed invalid package names generated by `-Zscript`.
   [#12349](https://github.com/rust-lang/cargo/pull/12349)
 - `-Zscript` now errors out on unsupported commands — `publish` and `package`.
   [#12350](https://github.com/rust-lang/cargo/pull/12350)
+- Encode URL params correctly for source ID in Cargo.lock.
+  [#12280](https://github.com/rust-lang/cargo/pull/12280)
+- Replaced invalid `panic_unwind` std feature with `panic-unwind`.
+  [#12364](https://github.com/rust-lang/cargo/pull/12364)
+- `-Zlints`: doctest extraction should respect `[lints]`.
+  [#12501](https://github.com/rust-lang/cargo/pull/12501)
 
 ### Documentation
 
+- SemVer: Adding a section for changing the alignment, layout, or size of a
+  well-defined type.
+  [#12169](https://github.com/rust-lang/cargo/pull/12169)
 - Use heading attributes to control the fragment.
   [#12339](https://github.com/rust-lang/cargo/pull/12339)
 - Use "number" instead of "digit" when explaining Cargo's use of semver.
@@ -26,19 +113,66 @@
   [#12344](https://github.com/rust-lang/cargo/pull/12344)
 - Clarify "Package ID" and "Source ID" in `cargo metadata` are opaque strings.
   [#12313](https://github.com/rust-lang/cargo/pull/12313)
-- Added `profile.strip` to configuration docs.
-  [#12337](https://github.com/rust-lang/cargo/pull/12337)
-- Multiple versions that differ only in the metadata tag are disallowed on crates.io.
+- Clarify that `rerun-if-env-changed` doesn't monitor the environment variables
+  it set for crates and build script.
+  [#12482](https://github.com/rust-lang/cargo/pull/12482)
+- Clarify that multiple versions that differ only in the metadata tag are
+  disallowed on crates.io.
   [#12335](https://github.com/rust-lang/cargo/pull/12335)
+- Clarify `lto` setting passing `-Clinker-plugin-lto`.
+  [#12407](https://github.com/rust-lang/cargo/pull/12407)
+- Added `profile.strip` to configuration and environment variable docs.
+  [#12337](https://github.com/rust-lang/cargo/pull/12337)
+  [#12408](https://github.com/rust-lang/cargo/pull/12408)
+- Added docs for artifact JSON debuginfo levels.
+  [#12376](https://github.com/rust-lang/cargo/pull/12376)
+- Added a notice for the backward compatible `.cargo/credential` file existence.
+  [#12479](https://github.com/rust-lang/cargo/pull/12479)
+- Raised the awareness of `resolver = 2` used inside workspaces.
+  [#12388](https://github.com/rust-lang/cargo/pull/12388)
+- Replaced `master` branch by default branch in documentation.
+  [#12435](https://github.com/rust-lang/cargo/pull/12435)
 
 ### Internal
 
 - Updated to `criterion` 0.5.1.
   [#12338](https://github.com/rust-lang/cargo/pull/12338)
+- Updated to `curl-sys` 0.4.65, which corresponds to curl 8.2.1.
+  [#12406](https://github.com/rust-lang/cargo/pull/12406)
+- Updated to `indexmap` v2.
+  [#12368](https://github.com/rust-lang/cargo/pull/12368)
+- Updated to `miow` 0.6.0, which drops old versions of `windows-sys`.
+  [#12453](https://github.com/rust-lang/cargo/pull/12453)
 - ci: automatically test new packages by using `--workspace`.
   [#12342](https://github.com/rust-lang/cargo/pull/12342)
 - ci: automatically update dependencies monthly with Renovate.
   [#12341](https://github.com/rust-lang/cargo/pull/12341)
+  [#12466](https://github.com/rust-lang/cargo/pull/12466)
+- ci: rewrote `xtask-bump-check` for respecting semver by adopting `cargo-semver-checks`.
+  [#12395](https://github.com/rust-lang/cargo/pull/12395)
+  [#12513](https://github.com/rust-lang/cargo/pull/12513)
+  [#12508](https://github.com/rust-lang/cargo/pull/12508)
+- Rearranged and renamed test directories
+  [#12397](https://github.com/rust-lang/cargo/pull/12397)
+  [#12398](https://github.com/rust-lang/cargo/pull/12398)
+- Migrated from `log` to `tracing`.
+  [#12458](https://github.com/rust-lang/cargo/pull/12458)
+  [#12488](https://github.com/rust-lang/cargo/pull/12488)
+- Track `--help` output in tests.
+  [#11912](https://github.com/rust-lang/cargo/pull/11912)
+- Cleaned up and shared package metadata within workspace.
+  [#12352](https://github.com/rust-lang/cargo/pull/12352)
+- `crates-io`: expose HTTP headers and `Error` type.
+  [#12310](https://github.com/rust-lang/cargo/pull/12310)
+- For `cargo update`, caught CLI flags conflict between `--aggressive` and `--precise` in clap.
+  [#12428](https://github.com/rust-lang/cargo/pull/12428)
+- Several fixes for either making Cargo testsuite pass on nightly or in `rust-lang/rust`.
+  [#12413](https://github.com/rust-lang/cargo/pull/12413)
+  [#12416](https://github.com/rust-lang/cargo/pull/12416)
+  [#12429](https://github.com/rust-lang/cargo/pull/12429)
+  [#12450](https://github.com/rust-lang/cargo/pull/12450)
+  [#12491](https://github.com/rust-lang/cargo/pull/12491)
+  [#12500](https://github.com/rust-lang/cargo/pull/12500)
 
 ## Cargo 1.72 (2023-08-24)
 [64fb38c9...rust-1.72.0](https://github.com/rust-lang/cargo/compare/64fb38c9...rust-1.72.0)
@@ -57,10 +191,11 @@
 
 ### Changed
 
-- ❗ Turned feature name validation check to a hard error. The warning was
-  added in Rust 1.49. These extended characters aren't allowed on crates.io, so
-  this should only impact users of other registries, or people who don't publish
-  to a registry.
+- 🚨 [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p):
+  Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports.
+  To mitigate this, feature name validation check is now turned into a hard error.
+  The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io,
+  so this should only impact users of other registries, or people who don't publish to a registry.
   [#12291](https://github.com/rust-lang/cargo/pull/12291)
 - Cargo now warns when an edition 2021 package is in a virtual workspace and
   `workspace.resolver` is not set. It is recommended to set the resolver
@@ -75,6 +210,9 @@
   [#12231](https://github.com/rust-lang/cargo/pull/12231)
 - Added a message when `rustup` override shorthand is put in a wrong position.
   [#12226](https://github.com/rust-lang/cargo/pull/12226)
+- Respect scp-like URL as much as possible when fetching nested submodules.
+  [#12359](https://github.com/rust-lang/cargo/pull/12359)
+  [#12411](https://github.com/rust-lang/cargo/pull/12411)
 
 ### Fixed
 
@@ -184,6 +322,14 @@
 - Show a better error when container tests fail.
   [#12264](https://github.com/rust-lang/cargo/pull/12264)
 
+## Cargo 1.71.1 (2023-08-03)
+
+### Fixed
+
+- 🚨 [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87):
+  Cargo 1.71.1 or later respects umask when extracting crate archives. It also
+  purges the caches it tries to access if they were generated by older Cargo versions.
+
 ## Cargo 1.71 (2023-07-13)
 [84b7041f...rust-1.71.0](https://github.com/rust-lang/cargo/compare/84b7041f...rust-1.71.0)
 
@@ -283,7 +429,7 @@
   [#10877](https://github.com/rust-lang/cargo/pull/10877)
 - SemVer: It is not a breaking change to make an unsafe function safe.
   [#12116](https://github.com/rust-lang/cargo/pull/12116)
-- SemVer: changeing MSRV is generally a minor change.
+- SemVer: changing MSRV is generally a minor change.
   [#12122](https://github.com/rust-lang/cargo/pull/12122)
 - Clarify when and how to `cargo yank`.
   [#11862](https://github.com/rust-lang/cargo/pull/11862)
@@ -582,9 +728,9 @@
 
 - Clarified the difference between `CARGO_CRATE_NAME` and `CARGO_PKG_NAME`.
   [#11576](https://github.com/rust-lang/cargo/pull/11576)
-- Added links to the Target section of the glossary for occurences of target triple.
+- Added links to the Target section of the glossary for occurrences of target triple.
   [#11603](https://github.com/rust-lang/cargo/pull/11603)
-- Described how the current resolver sometimes duplicates depenencies.
+- Described how the current resolver sometimes duplicates dependencies.
   [#11604](https://github.com/rust-lang/cargo/pull/11604)
 - Added a note about verifying your email address on crates.io.
   [#11620](https://github.com/rust-lang/cargo/pull/11620)
@@ -743,7 +889,7 @@
 
 ### Nightly only
 
-- Implemented a inital support of asymmetric token authentication for registries.
+- Implemented a initial support of asymmetric token authentication for registries.
   ([RFC 3231](https://github.com/rust-lang/rfcs/blob/master/text/3231-cargo-asymmetric-tokens.md))
   ([docs](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#registry-auth))
   [#10771](https://github.com/rust-lang/cargo/pull/10771)
@@ -859,7 +1005,7 @@
 ## Cargo 1.66.1 (2023-01-10)
 
 ### Fixed
-- [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
+- 🚨 [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
   Added validation of SSH host keys for git URLs.
   See [the docs](https://doc.rust-lang.org/cargo/appendix/git-authentication.html#ssh-known-hosts) for more information on how to configure the known host keys.
 
@@ -1085,11 +1231,11 @@
 
 ### Fixed
 
-- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
+- 🚨 [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
   Extracting malicious crates can corrupt arbitrary files.
   [#11089](https://github.com/rust-lang/cargo/pull/11089)
   [#11088](https://github.com/rust-lang/cargo/pull/11088)
-- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
+- 🚨 [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
   Extracting malicious crates can fill the file system.
   [#11089](https://github.com/rust-lang/cargo/pull/11089)
   [#11088](https://github.com/rust-lang/cargo/pull/11088)
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-30 18:31:44 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-30 18:31:44 +0000
commit	c23a457e72abe608715ac76f076f47dc42af07a5 (patch)
tree	2772049aaf84b5c9d0ed12ec8d86812f7a7904b6 /src/tools/cargo/CHANGELOG.md
parent	Releasing progress-linux version 1.73.0+dfsg1-1~progress7.99u1. (diff)
download	rustc-c23a457e72abe608715ac76f076f47dc42af07a5.tar.xz rustc-c23a457e72abe608715ac76f076f47dc42af07a5.zip