diff options
Diffstat (limited to 'src/tools/cargo/CHANGELOG.md')
-rw-r--r-- | src/tools/cargo/CHANGELOG.md | 176 |
1 files changed, 161 insertions, 15 deletions
diff --git a/src/tools/cargo/CHANGELOG.md b/src/tools/cargo/CHANGELOG.md index 0141302c8..f2c9bd0eb 100644 --- a/src/tools/cargo/CHANGELOG.md +++ b/src/tools/cargo/CHANGELOG.md @@ -1,23 +1,110 @@ # Changelog +## Cargo 1.74 (2023-11-16) +[80eca0e5...HEAD](https://github.com/rust-lang/cargo/compare/80eca0e5...HEAD) + +### Added + +### Changed + +### Fixed + +### Nightly only + +### Documentation + +- ❗ Policy change: Checking `Cargo.lock` into version control is now the default choice, + even for libraries. Lockfile and CI integration documentations are also expanded. + [Policy docs](https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control), + [Lockfile docs](https://doc.rust-lang.org/nightly/cargo/guide/cargo-toml-vs-cargo-lock.html), + [CI docs](https://doc.rust-lang.org/nightly/cargo/guide/continuous-integration.html), + [#12382](https://github.com/rust-lang/cargo/pull/12382) + ## Cargo 1.73 (2023-10-05) -[45782b6b...HEAD](https://github.com/rust-lang/cargo/compare/45782b6b...HEAD) +[45782b6b...rust-1.73.0](https://github.com/rust-lang/cargo/compare/45782b6b...rust-1.73.0) ### Added +- Print environment variables for `cargo run/bench/test` in extra verbose mode `-vv`. + [#12498](https://github.com/rust-lang/cargo/pull/12498) +- Display package versions on Cargo timings graph. + [#12420](https://github.com/rust-lang/cargo/pull/12420) + ### Changed +- Cargo now bails out when using `cargo::` in custom build scripts. This is + a preparation for an upcoming change in build script invocations. + [#12332](https://github.com/rust-lang/cargo/pull/12332) +- Make Cargo `--help` easier to browse. + [#11905](https://github.com/rust-lang/cargo/pull/11905) +- Prompt the use of `--nocapture` flag if `cargo test` process is terminated via a signal. + [#12463](https://github.com/rust-lang/cargo/pull/12463) +- Preserve jobserver file descriptors on the rustc invocation for getting target information. + [#12447](https://github.com/rust-lang/cargo/pull/12447) +- Clarify in `--help` that `cargo test --all-targets` excludes doctests. + [#12422](https://github.com/rust-lang/cargo/pull/12422) +- Normalize `cargo.toml` to `Cargo.toml` on publish, and warn on other cases of `Cargo.toml`. + [#12399](https://github.com/rust-lang/cargo/pull/12399) + ### Fixed +- Only skip mtime check on `~/.cargo/{git,registry}`. + [#12369](https://github.com/rust-lang/cargo/pull/12369) +- Fixed `cargo doc --open` crash on WSL2. + [#12373](https://github.com/rust-lang/cargo/pull/12373) +- Fixed panic when enabling `http.debug` for certain strings. + [#12468](https://github.com/rust-lang/cargo/pull/12468) +- Fixed `cargo remove` incorrectly removing used patches. + [#12454](https://github.com/rust-lang/cargo/pull/12454) +- Fixed crate checksum lookup query should match on semver build metadata. + [#11447](https://github.com/rust-lang/cargo/pull/11447) +- Fixed printing multiple warning messages for unused fields in `[registries]` table. + [#12439](https://github.com/rust-lang/cargo/pull/12439) + ### Nightly only +- 🔥 The `-Zcredential-process` has been reimplemented with a clearer way to + communicate with different credential providers. Several built-in providers + are also added to Cargo. + [docs](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process) + [#12334](https://github.com/rust-lang/cargo/pull/12334) + [#12396](https://github.com/rust-lang/cargo/pull/12396) + [#12424](https://github.com/rust-lang/cargo/pull/12424) + [#12440](https://github.com/rust-lang/cargo/pull/12440) + [#12461](https://github.com/rust-lang/cargo/pull/12461) + [#12469](https://github.com/rust-lang/cargo/pull/12469) + [#12483](https://github.com/rust-lang/cargo/pull/12483) + [#12499](https://github.com/rust-lang/cargo/pull/12499) + [#12507](https://github.com/rust-lang/cargo/pull/12507) + [#12512](https://github.com/rust-lang/cargo/pull/12512) + [#12518](https://github.com/rust-lang/cargo/pull/12518) + [#12521](https://github.com/rust-lang/cargo/pull/12521) + [#12526](https://github.com/rust-lang/cargo/pull/12526) + Some notable changes: + - Renamed `credential-process` to `credential-provider` in Cargo configurations. + - New JSON protocol for communicating with external credential providers via stdin/stdout. + - The GNOME Secert provider now dynamically loads `libsecert`. + - The 1password provider is no longer built-in. + - Changed the unstable key for asymmetric tokens from `registry-auth` to `credential-process`. +- ❗️ Removed `--keep-going` flag support from `cargo test` and `cargo bench`. + [#12478](https://github.com/rust-lang/cargo/pull/12478) + [#12492](https://github.com/rust-lang/cargo/pull/12492) - Fixed invalid package names generated by `-Zscript`. [#12349](https://github.com/rust-lang/cargo/pull/12349) - `-Zscript` now errors out on unsupported commands — `publish` and `package`. [#12350](https://github.com/rust-lang/cargo/pull/12350) +- Encode URL params correctly for source ID in Cargo.lock. + [#12280](https://github.com/rust-lang/cargo/pull/12280) +- Replaced invalid `panic_unwind` std feature with `panic-unwind`. + [#12364](https://github.com/rust-lang/cargo/pull/12364) +- `-Zlints`: doctest extraction should respect `[lints]`. + [#12501](https://github.com/rust-lang/cargo/pull/12501) ### Documentation +- SemVer: Adding a section for changing the alignment, layout, or size of a + well-defined type. + [#12169](https://github.com/rust-lang/cargo/pull/12169) - Use heading attributes to control the fragment. [#12339](https://github.com/rust-lang/cargo/pull/12339) - Use "number" instead of "digit" when explaining Cargo's use of semver. @@ -26,19 +113,66 @@ [#12344](https://github.com/rust-lang/cargo/pull/12344) - Clarify "Package ID" and "Source ID" in `cargo metadata` are opaque strings. [#12313](https://github.com/rust-lang/cargo/pull/12313) -- Added `profile.strip` to configuration docs. - [#12337](https://github.com/rust-lang/cargo/pull/12337) -- Multiple versions that differ only in the metadata tag are disallowed on crates.io. +- Clarify that `rerun-if-env-changed` doesn't monitor the environment variables + it set for crates and build script. + [#12482](https://github.com/rust-lang/cargo/pull/12482) +- Clarify that multiple versions that differ only in the metadata tag are + disallowed on crates.io. [#12335](https://github.com/rust-lang/cargo/pull/12335) +- Clarify `lto` setting passing `-Clinker-plugin-lto`. + [#12407](https://github.com/rust-lang/cargo/pull/12407) +- Added `profile.strip` to configuration and environment variable docs. + [#12337](https://github.com/rust-lang/cargo/pull/12337) + [#12408](https://github.com/rust-lang/cargo/pull/12408) +- Added docs for artifact JSON debuginfo levels. + [#12376](https://github.com/rust-lang/cargo/pull/12376) +- Added a notice for the backward compatible `.cargo/credential` file existence. + [#12479](https://github.com/rust-lang/cargo/pull/12479) +- Raised the awareness of `resolver = 2` used inside workspaces. + [#12388](https://github.com/rust-lang/cargo/pull/12388) +- Replaced `master` branch by default branch in documentation. + [#12435](https://github.com/rust-lang/cargo/pull/12435) ### Internal - Updated to `criterion` 0.5.1. [#12338](https://github.com/rust-lang/cargo/pull/12338) +- Updated to `curl-sys` 0.4.65, which corresponds to curl 8.2.1. + [#12406](https://github.com/rust-lang/cargo/pull/12406) +- Updated to `indexmap` v2. + [#12368](https://github.com/rust-lang/cargo/pull/12368) +- Updated to `miow` 0.6.0, which drops old versions of `windows-sys`. + [#12453](https://github.com/rust-lang/cargo/pull/12453) - ci: automatically test new packages by using `--workspace`. [#12342](https://github.com/rust-lang/cargo/pull/12342) - ci: automatically update dependencies monthly with Renovate. [#12341](https://github.com/rust-lang/cargo/pull/12341) + [#12466](https://github.com/rust-lang/cargo/pull/12466) +- ci: rewrote `xtask-bump-check` for respecting semver by adopting `cargo-semver-checks`. + [#12395](https://github.com/rust-lang/cargo/pull/12395) + [#12513](https://github.com/rust-lang/cargo/pull/12513) + [#12508](https://github.com/rust-lang/cargo/pull/12508) +- Rearranged and renamed test directories + [#12397](https://github.com/rust-lang/cargo/pull/12397) + [#12398](https://github.com/rust-lang/cargo/pull/12398) +- Migrated from `log` to `tracing`. + [#12458](https://github.com/rust-lang/cargo/pull/12458) + [#12488](https://github.com/rust-lang/cargo/pull/12488) +- Track `--help` output in tests. + [#11912](https://github.com/rust-lang/cargo/pull/11912) +- Cleaned up and shared package metadata within workspace. + [#12352](https://github.com/rust-lang/cargo/pull/12352) +- `crates-io`: expose HTTP headers and `Error` type. + [#12310](https://github.com/rust-lang/cargo/pull/12310) +- For `cargo update`, caught CLI flags conflict between `--aggressive` and `--precise` in clap. + [#12428](https://github.com/rust-lang/cargo/pull/12428) +- Several fixes for either making Cargo testsuite pass on nightly or in `rust-lang/rust`. + [#12413](https://github.com/rust-lang/cargo/pull/12413) + [#12416](https://github.com/rust-lang/cargo/pull/12416) + [#12429](https://github.com/rust-lang/cargo/pull/12429) + [#12450](https://github.com/rust-lang/cargo/pull/12450) + [#12491](https://github.com/rust-lang/cargo/pull/12491) + [#12500](https://github.com/rust-lang/cargo/pull/12500) ## Cargo 1.72 (2023-08-24) [64fb38c9...rust-1.72.0](https://github.com/rust-lang/cargo/compare/64fb38c9...rust-1.72.0) @@ -57,10 +191,11 @@ ### Changed -- ❗ Turned feature name validation check to a hard error. The warning was - added in Rust 1.49. These extended characters aren't allowed on crates.io, so - this should only impact users of other registries, or people who don't publish - to a registry. +- 🚨 [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p): + Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports. + To mitigate this, feature name validation check is now turned into a hard error. + The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, + so this should only impact users of other registries, or people who don't publish to a registry. [#12291](https://github.com/rust-lang/cargo/pull/12291) - Cargo now warns when an edition 2021 package is in a virtual workspace and `workspace.resolver` is not set. It is recommended to set the resolver @@ -75,6 +210,9 @@ [#12231](https://github.com/rust-lang/cargo/pull/12231) - Added a message when `rustup` override shorthand is put in a wrong position. [#12226](https://github.com/rust-lang/cargo/pull/12226) +- Respect scp-like URL as much as possible when fetching nested submodules. + [#12359](https://github.com/rust-lang/cargo/pull/12359) + [#12411](https://github.com/rust-lang/cargo/pull/12411) ### Fixed @@ -184,6 +322,14 @@ - Show a better error when container tests fail. [#12264](https://github.com/rust-lang/cargo/pull/12264) +## Cargo 1.71.1 (2023-08-03) + +### Fixed + +- 🚨 [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87): + Cargo 1.71.1 or later respects umask when extracting crate archives. It also + purges the caches it tries to access if they were generated by older Cargo versions. + ## Cargo 1.71 (2023-07-13) [84b7041f...rust-1.71.0](https://github.com/rust-lang/cargo/compare/84b7041f...rust-1.71.0) @@ -283,7 +429,7 @@ [#10877](https://github.com/rust-lang/cargo/pull/10877) - SemVer: It is not a breaking change to make an unsafe function safe. [#12116](https://github.com/rust-lang/cargo/pull/12116) -- SemVer: changeing MSRV is generally a minor change. +- SemVer: changing MSRV is generally a minor change. [#12122](https://github.com/rust-lang/cargo/pull/12122) - Clarify when and how to `cargo yank`. [#11862](https://github.com/rust-lang/cargo/pull/11862) @@ -582,9 +728,9 @@ - Clarified the difference between `CARGO_CRATE_NAME` and `CARGO_PKG_NAME`. [#11576](https://github.com/rust-lang/cargo/pull/11576) -- Added links to the Target section of the glossary for occurences of target triple. +- Added links to the Target section of the glossary for occurrences of target triple. [#11603](https://github.com/rust-lang/cargo/pull/11603) -- Described how the current resolver sometimes duplicates depenencies. +- Described how the current resolver sometimes duplicates dependencies. [#11604](https://github.com/rust-lang/cargo/pull/11604) - Added a note about verifying your email address on crates.io. [#11620](https://github.com/rust-lang/cargo/pull/11620) @@ -743,7 +889,7 @@ ### Nightly only -- Implemented a inital support of asymmetric token authentication for registries. +- Implemented a initial support of asymmetric token authentication for registries. ([RFC 3231](https://github.com/rust-lang/rfcs/blob/master/text/3231-cargo-asymmetric-tokens.md)) ([docs](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#registry-auth)) [#10771](https://github.com/rust-lang/cargo/pull/10771) @@ -859,7 +1005,7 @@ ## Cargo 1.66.1 (2023-01-10) ### Fixed -- [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j): +- 🚨 [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j): Added validation of SSH host keys for git URLs. See [the docs](https://doc.rust-lang.org/cargo/appendix/git-authentication.html#ssh-known-hosts) for more information on how to configure the known host keys. @@ -1085,11 +1231,11 @@ ### Fixed -- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j): +- 🚨 [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j): Extracting malicious crates can corrupt arbitrary files. [#11089](https://github.com/rust-lang/cargo/pull/11089) [#11088](https://github.com/rust-lang/cargo/pull/11088) -- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp): +- 🚨 [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp): Extracting malicious crates can fill the file system. [#11089](https://github.com/rust-lang/cargo/pull/11089) [#11088](https://github.com/rust-lang/cargo/pull/11088) |