Bump EmbarkStudios/cargo-deny-action from 1.3.0 to 2.0.11

[dependabot]

Bumps EmbarkStudios/cargo-deny-action from 1.3.0 to 2.0.11.

Release notes

Sourced from EmbarkStudios/cargo-deny-action's releases.

v2.0.11

[0.18.2] - 2025-03-10

Added

• PR#753 resolved #752 by adding back the advisories.unmaintained config option. See the docs for how it can be used. The default matches the current behavior, which is to error on any unmaintained advisory, but adding unmaintained = "workspace" to the [advisories] table will mean unmaintained advisories will only error if the crate is a direct dependency of your workspace.

[0.18.1] - 2025-02-27

Fixed

• PR#749 updated krates to pull in the fix for EmbarkStudios/krates#100.

v2.0.10

• PR#96 resolved #94 by switching to the directory the manifest path is located in and doing rustup toolchain install if rustup show failed due to any reason

v2.0.8

• PR#93 pins to a hash instead of tag, avoiding future breakage from eg. rustup changes.

v1.6.1

Fixed

• PR#626 resolved #625 by explicitly checking that a license identified as Pixar was actually (probably) the Pixar license, instead of a normal Apache-2.0 license.

v1.6.0

action changes

• Color output is now always enabled so that colors show up in the action output.

0.14.15

Added

• PR#618 added metadata notes to diagnostics when a license is rejected, as well as removing span information for accepted licenses unless the log level is info or higher to make the diagnostic clearer by default.

0.14.14

Fixed

• PR#617 resolved #576 by updating the SPDX license list to 3.23.

0.14.13

Fixed

• PR#615 fixed an issue introduced in PR#605 where the various bans diagnostic codes could not have their lint level changed via the CLI. It also introduced the deprecated diagnostic code.

0.14.12

Changed

• PR#605 did a major refactor of configuration, both how it is deserialized and changing (hopefully improving) many options.
• PR#605 moved targets, exclude, all-features, features, no-default-features, and exclude into the [graph] table.
• PR#605 moved feature-depth into the [output] table.

Added

• PR#613 added support for basic shell expansion to advisories.db-path, which expands support beyond just ~ to include environment variable expansion.

Fixed

• PR#601 resolved #600 by outputting the correct spans when a license was both allowed and denied.
• PR#605 resolved #264 be replacing toml and serde with toml-span.
• PR#605 resolved #539 by simplifying the very common name = "<crate_name>", version = "<requirements>" used to target specific crates into either a plain package spec string or the simpler crate = "<package spec>".
• PR#605 resolved #578 by adding a reason = "<reason>" field to many fields within the configuration that are provided in diagnostics. [bans.deny] also has an additional use-instead = "<url/crate_name>". PR#610 did this for the advisories.ignore field.
• PR#605 resolved #579 by allowing yanked crates to be ignored by specifying a PackageSpec in the [advisories.ignore] array.

... (truncated)

Commits

• 34899fc Bump to 0.18.2
• 4de59db Workaround rustup 1.28 (#96)
• d8395c1 Use rustup from base image
• 55a198a Pin to image hash (#93)
• 8d73959 Install active toolchain by default if rust-version is not passed (#92)
• 25f8f6f Fix CI
• 7800eb5 add rama to repo using this PR (#85)
• 0484eed Bump to 0.18.0
• 1218ad0 Update base image to 1.85.0
• d036145 Update example to also run if deny.toml is changed (#88)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)