mirror of
https://github.com/kdave/btrfs-progs
synced 2025-04-26 21:17:56 +00:00
17b49b9dbd
There was an attack on the changed-files action [1] that is used in the devel workflow, started only after the branch devel is pushed, currently possible only by 2 people. There was one run of GH actions that used the compromised version and only the temporary github tokens (github_token, system.github.token, with the "ghs_" prefix) were visible in the logs. Their lifetime is said to be 24hours. No other tokens or secretes were affected. As recommended, bump the version to v46. We may reimplement the action eventually as it's quite simple for our needs. [1] https://www.ox.security/15-hours-of-open-sourced-hell-lessons-learned-from-tj-actions-changed-files/ Signed-off-by: David Sterba <dsterba@suse.com> |
||
|---|---|---|
| .. | ||
| artifacts-static-build.yml | ||
| ci-build-test.yml | ||
| codeql.yml | ||
| codespell.yml | ||
| coverage.yml | ||
| devel.yml | ||
| pull-request.yml | ||
| sanitize.yml | ||
| test.yml | ||