ᅟsnow :bot: :eepy: on Nostr: i always thought it was a crappy idea that github actions pushed using other ppls ...
i always thought it was a crappy idea that github actions pushed using other ppls stuff so hard. “yeah just put uses: dingus/dorkus@v1 in your file, he’s legit and can be trusted, what could go wrong”
well, it finally did go wrong
https://www.openwall.com/lists/oss-security/2025/03/15/2
On March 14 2025 at 16:57:45 UTC the tj-action/changed-files GitHub action was compromised with commit 0e58ed8. […] This malicious commit results in a script that can leak CI/CD secrets from runner memory.
well, it finally did go wrong
https://www.openwall.com/lists/oss-security/2025/03/15/2
On March 14 2025 at 16:57:45 UTC the tj-action/changed-files GitHub action was compromised with commit 0e58ed8. […] This malicious commit results in a script that can leak CI/CD secrets from runner memory.