Vulnix

------------------

- Completely reworked whitelisting subsystem. Whitelists can now be written as
TOML files and support a more expressive range of options including expiry
datedates. The old YAML syntax is still supported (36).
- Ignore case when guessing CVE identifiers from patch file names (thanks to
adisbladis).
- Add man pages (29).

------------------

- Guesses applied CVE patches out of the `patches` derivation envVar (see
nixpkgs FC-15660).

------------------

- Add '--no-requisites' flag which stops vulnix from determining the transitive
closure of derivations passed on the command line.
- Provide structured JSON output with `--json`.
- Remove whitelist from README as it is quite buggy right now.

------------------

- Fix return code bug (FC-28741).
- Fix partial whitelisting of products where several vulnerable versions are
present on the system at the same time (24).
- Improve error reporting for incorrectly formed whitelist rules.

------------------

- Minor: fix packaging issues.

------------------

- Security: Fix arbitrary code execution bug during derivation evaluation.