23pds (山哥)
@im23pds
加入 June 2014
6K 正在关注 15.2K 粉丝
🙂↔️
现在每天两眼一睁就是新的CVE、新的攻击
😢
Today's two supply chain incidents are likely connected:
1. `actions-cool/issues-helper` was compromised
2. AntV was compromised shortly after
I noticed AntV was using `actions-cool/issues-helper@main` in GitHub Actions.
Rspack was not affected because we pin Actions to commit ids via renovate's `pinGitHubActionDigests`.
Strongly recommend enabling it.
显示更多
