Commit01e2ca8

authored

Pin hash to a previous version in order to avoid the exploit (#3374)

This uses another version (v44) where I could find the hash (wecurrently used v45).In summary, the repo got compromised and all the tags versions point toa malicius commit that includes a function to expose the secrets on thegithub action logs, so people can fetch them.

1 parent95cd34a commit01e2ca8Copy full SHA for 01e2ca8

File tree

2 files changed

-2

lines changed

.github/workflows
- main.yml
- pr-comment.yml

2 files changed

-2

lines changed

`‎.github/workflows/main.yml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ jobs:`
`52`	`52`	`-name:Obtiene la lista de archivos .po con cambios (sólo en PRs)`
`53`	`53`	`if:github.event_name == 'pull_request'`
`54`	`54`	`id:changed-po-files`
`55`		`-uses:tj-actions/changed-files@v45`
	`55`	`+uses:tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b`
`56`	`56`	`with:`
`57`	`57`	`files:\|`
`58`	`58`	`*/.po`

`‎.github/workflows/pr-comment.yml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ jobs:`
`37`	`37`	`python -m pip install -r base-branch/requirements-own.txt`
`38`	`38`	`-name:Obtiene lista de archivos con cambios`
`39`	`39`	`id:changed-files`
`40`		`-uses:tj-actions/changed-files@v45`
	`40`	`+uses:tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b`
`41`	`41`	`with:`
`42`	`42`	`files:\|`
`43`	`43`	`*/.po`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit01e2ca8

File tree

2 files changed

2 files changed

`‎.github/workflows/main.yml`

`‎.github/workflows/pr-comment.yml`

0 commit comments