Skip to content

Releases: piiiico/commit-action

v1.1.0 — Cargo, Go, and manifest file support

10 May 08:37
@piiiico piiiico
v1.1.0
299bc12

Choose a tag to compare

View all tags
v1.1.0 — Cargo, Go, and manifest file support Latest
Latest

What's new

4 ecosystems supported — the action now auto-detects and audits npm, Cargo (Rust), Go, and PyPI dependencies.

New features

  • Cargo support: Auto-detects Cargo.toml, parses Cargo.lock for full transitive deps
  • Go support: Auto-detects go.mod, parses go.sum for full transitive deps
  • packages-file input: Point at any manifest explicitly (Cargo.toml, go.mod, go.sum, Cargo.lock, etc.)
  • Ecosystem-aware labels: Column headers show "Owners" for Cargo, "Contributors" for Go, "Publishers" for npm

Bug fixes

  • Fix CRITICAL flag detection for non-npm ecosystems (API returns "CRITICAL: sole owner + >10M/wk" not bare "CRITICAL")
  • Correct node runtime target (node20)

Usage

- uses: piiiico/commit-action@v1
  with:
    packages-file: Cargo.toml  # or go.mod, requirements.txt
    fail-on-critical: true

The v1 tag has been updated — existing @v1 users get these features automatically.

Key findings from scanning top Cargo crates:

  • serde — 13M downloads/wk, 1 owner → CRITICAL
  • reqwest — 8M downloads/wk, 1 owner → HIGH
  • tokio — 11M downloads/wk, 2 owners → OK

Full ecosystem comparison →

Assets 2
Loading