crates.io Ships Security Tab and Tightens Publishing Controls

Crates.io has introduced updates aimed at enhancing security and reliability in the Rust ecosystem by providing developers with immediate access to security advisories when selecting dependencies. The addition of a Security tab on crate pages, backed by RustSec advisories, enables developers to view known vulnerabilities at the point of dependency discovery, positioning vulnerability information as part of the selection process rather than a downstream check. The update also expands Trusted Publishing to include additional CI systems like GitLab CI/CD, allowing for OIDC-based authentication instead of long-lived API tokens, while removing support for certain GitHub Actions triggers implicated in past security incidents. These changes, which also include improved metadata and infrastructure updates, are designed to help developers make informed decisions early in the dependency lifecycle, crucial in safety-critical domains where dependency choices are revisited under pressure. This initiative reflects a shift in the Rust community towards addressing security and dependency risks proactively, ensuring that developers have the necessary information to avoid potential vulnerabilities as soon as they consider adding a crate to their projects.