# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## 10.0.1 (2024-10-25) ### Fixed - Remove `precise` from source IDs during normalization ([#1270]) [#1270]: https://github.com/RustSec/rustsec/pull/1270 ## 10.0.0 (2024-10-15) ### Added - V4 lockfile support ([#1206]) ### Changed - MSRV 1.70 ([#1092]) ### Removed - `toml` dependency from public API ([#1226]) [#1092]: https://github.com/RustSec/rustsec/pull/1092 [#1206]: https://github.com/RustSec/rustsec/pull/1206 [#1226]: https://github.com/RustSec/rustsec/pull/1226 ## 9.0.0 (2023-04-24) ### Added - Implement `From` for `String` ([#776]) - Support sparse registry references in `Lockfile`s ([#780]) ### Changed - Mark `SourceKind` as `#[non_exhaustive]` ([#793]) - Use `Display` for `io::ErrorKind`; MSRV 1.60 ([#794]) - Bump `toml` to 0.7 ([#800], [#805]) - Improvements to the `cargo lock tree` subcommand ([#860]) ### Fixed - `Source::is_default_registry` for sparse index ([#859]) [#776]: https://github.com/RustSec/rustsec/pull/776 [#780]: https://github.com/RustSec/rustsec/pull/780 [#793]: https://github.com/RustSec/rustsec/pull/793 [#794]: https://github.com/RustSec/rustsec/pull/794 [#800]: https://github.com/RustSec/rustsec/pull/800 [#805]: https://github.com/RustSec/rustsec/pull/805 [#859]: https://github.com/RustSec/rustsec/pull/859 [#860]: https://github.com/RustSec/rustsec/pull/860 ## 8.0.3 (2022-11-30) ### Fixed - Encoding inconsistency when there's only one registry for all packages ([#767]) [#767]: https://github.com/RustSec/rustsec/pull/767 ## 8.0.2 (2022-06-30) ### Fixed - Re-export `GitReference` ([#595]) - Encode version into V3 lockfiles ([#596]) [#595]: https://github.com/RustSec/rustsec/pull/595 [#596]: https://github.com/RustSec/rustsec/pull/596 ## 8.0.1 (2022-05-21) ### Fixed - Dependency source extraction for V2+ lockfiles ([#568]) [#568]: https://github.com/RustSec/rustsec/pull/568 ## 8.0.0 (2022-05-08) [YANKED] NOTE: yanked due to bug fixed in v8.0.1. ### Added - Expose `package::SourceKind` ([#557]) ### Changed - Flatten API ([#558]) - 2021 edition upgrade; MSRV 1.56 ([#559]) - Refactor error handling ([#560]) [#557]: https://github.com/RustSec/rustsec/pull/557 [#558]: https://github.com/RustSec/rustsec/pull/558 [#559]: https://github.com/RustSec/rustsec/pull/559 [#560]: https://github.com/RustSec/rustsec/pull/560 ## 7.1.0 (2022-04-23) ### Added - `SourceId::default()` ([#536]) ### Changed - MSRV is now 1.49 ([#524]) ### Fixed - V3 lockfile handling and tests ([#535]) [#524]: https://github.com/RustSec/rustsec/pull/524 [#535]: https://github.com/RustSec/rustsec/pull/535 [#536]: https://github.com/RustSec/rustsec/pull/536 ## 7.0.1 (2021-07-05) ### Changed - Bump `petgraph` dependency from 0.5.1 to 0.6.0 ([#396]) [#396]: https://github.com/RustSec/rustsec/pull/396 ## 7.0.0 (2021-05-27) [YANKED] ### Added - Support for V3 lockfile format ([#363]) ### Changed - Bump `semver` to v1.0.0 ([#378]) [#363]: https://github.com/RustSec/rustsec/pull/363 [#378]: https://github.com/RustSec/rustsec/pull/378 ## 6.0.1 (2021-01-25) ### Changed - Rename default branch to `main` ## 6.0.0 (2020-09-25) - Bump semver from 0.10.0 to 0.11.0 ## 5.0.0 (2020-09-23) - CLI: support for listing a single dependency - Cargo-compatible serializer - CLI: add `--dependencies` and `--sources` flags to `cargo lock list` - CLI: implement `cargo lock tree` without arguments - Add `dependency::Tree::roots()` method - CLI: make `list` the default command - Make `cli` feature non-default - WASM support; MSRV 1.41+ - Bump `semver` dependency from v0.9 to v0.10 ## 4.0.1 (2020-01-22) - CLI: fix executable name ## 4.0.0 (2020-01-22) - Command line interface - Add helper methods for working with checksum metadata - Use minified version of Cargo's `SourceId` type - Overhaul encoding: use serde_derive, proper V1/V2 support - Add support Cargo.lock `patch` and `root` - Detect V1 vs V2 Cargo.lock files - Update `petgraph` requirement from 0.4 to 0.5 - Add `package::Checksum` ## 3.0.0 (2019-10-01) - Support `[package.dependencies]` without versions ## 2.0.0 (2019-09-25) - Use two-pass dependency tree computation - Remove `Lockfile::root_package()` ## 1.0.0 (2019-09-24) - dependency/tree: Render trees to an `io::Write` - metadata: Generalize into `Key` and `Value` types - Refactor dependency handling ## 0.2.1 (2019-09-21) - Allow empty `[metadata]` in Cargo.lock files ## 0.2.0 (2019-09-21) - dependency_graph: Move `petgraph` types into a module ## 0.1.0 (2019-09-21) - Initial release