WingNews logo WingNews
top | item 43369588

(no title)

werrett | 11 months ago

Exactly. And that's what happened here -- the bad actor changed all of those version tags to point to their malicious commit.

See https://github.com/tj-actions/changed-files/tags

All the tags point to commit `^0e58ed8` https://github.com/tj-actions/changed-files/commit/0e58ed867...

discuss

order

diggan|11 months ago

Correct me if I'm wrong, but you would be able to prevent this specific issues with the "Rules" in order to block updates of tags; https://github.blog/news-insights/product-news/github-reposi...

sestep|11 months ago

Yeah but no GitHub Action is going to do this because updating tags is the de facto mechanism for releasing patches for those repositories.