Jiahan Chen
@jiahan_c
Creator of Rstack & Rsbuild & Vant / Rspack team lead @rspack_dev / SWC & Module Federation contributor
加入 September 2015
960 正在关注 2.6K 粉丝
Today's two supply chain incidents are likely connected:
1. `actions-cool/issues-helper` was compromised
2. AntV was compromised shortly after
I noticed AntV was using `actions-cool/issues-helper@main` in GitHub Actions.
Rspack was not affected because we pin Actions to commit ids via renovate's `pinGitHubActionDigests`.
Strongly recommend enabling it.
显示更多
