Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Helpful update: The gist author has deleted the gist, so https://gist.githubusercontent.com/nikitastupin/30e525b776c4... now results in a 404, and stops the action from any further secrets being leaked. This means you're impacted only if you used the action, and had a build triggered in the last 6 hours or so.


Beautiful... 3rd party dependency exploit thwarted by its own 3rd party dependency.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: