Wow, thank you (and the other person that pointed this out to me). That's madnes... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		harrisi on March 15, 2025 \| parent \| context \| favorite \| on: Tj-actions/changed-files GitHub Action Compromised... Wow, thank you (and the other person that pointed this out to me). That's madness.

semiquaver on March 15, 2025 [–]

You can pin actions to a git sha to prevent this but people generally do not. Action authors would prefer their updates be picked up automatically.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact