Only commit hashes are safe. In this case the bad actor changed all of the versi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		werrett 9 months ago \| parent \| context \| favorite \| on: Tj-actions/changed-files GitHub Action Compromised... Only commit hashes are safe. In this case the bad actor changed all of the version tags to point to their malicious commit. See https://github.com/tj-actions/changed-files/tags All the tags point to commit `^0e58ed8` https://github.com/tj-actions/changed-files/commit/0e58ed867...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact