Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mellosouls
9 months ago
|
parent
|
context
|
favorite
| on:
Tj-actions/changed-files GitHub Action Compromised...
A list of projects claimed to be using it from the GitHub page:
https://github.com/tj-actions/changed-files?tab=readme-ov-fi...
jeeyoungk
9 months ago
[–]
Looks like a lot of them are pinning to tags (which are not guaranteed to change) or SHA (
https://github.com/vitejs/vite/blob/8da04227d6f818a8ad9efc00...
) which is more hermetic.
gizzlon
9 months ago
|
parent
[–]
tags do not help, they're just a labelor a pointer
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
https://github.com/tj-actions/changed-files?tab=readme-ov-fi...