home.social
Sign in Create account

#github-actions — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #github-actions, aggregated by home.social.

fetched live
  1. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  2. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  3. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  4. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #githubactions #composerphp #magento #php
  5. graste @[email protected] ·

    "CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
    github.com/graycoreio/github-a

    #php #magento #composerphp #githubactions

    #php #magento #composerphp #githubactions
  6. michabbb @[email protected] ·

    ▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

    🚑 Immediate actions:
    1️⃣ Run composer.phar self-update NOW
    2️⃣ Can't update? Disable #GitHubActions workflows running Composer
    3️⃣ Review CI logs for leaked tokens
    4️⃣ Delete any log contents containing raw token values before they expire

    📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

    #githubactions #packagist #privatepackagist
  7. michabbb @[email protected] ·

    ▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

    🚑 Immediate actions:
    1️⃣ Run composer.phar self-update NOW
    2️⃣ Can't update? Disable #GitHubActions workflows running Composer
    3️⃣ Review CI logs for leaked tokens
    4️⃣ Delete any log contents containing raw token values before they expire

    📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

    #githubactions #packagist #privatepackagist
  8. michabbb @[email protected] ·

    ▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

    🚑 Immediate actions:
    1️⃣ Run composer.phar self-update NOW
    2️⃣ Can't update? Disable #GitHubActions workflows running Composer
    3️⃣ Review CI logs for leaked tokens
    4️⃣ Delete any log contents containing raw token values before they expire

    📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

    #githubactions #packagist #privatepackagist
  9. michabbb @[email protected] ·

    ▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

    🚑 Immediate actions:
    1️⃣ Run composer.phar self-update NOW
    2️⃣ Can't update? Disable #GitHubActions workflows running Composer
    3️⃣ Review CI logs for leaked tokens
    4️⃣ Delete any log contents containing raw token values before they expire

    📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

    #privatepackagist #packagist #githubactions
  10. michabbb @[email protected] ·

    ▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

    🚑 Immediate actions:
    1️⃣ Run composer.phar self-update NOW
    2️⃣ Can't update? Disable #GitHubActions workflows running Composer
    3️⃣ Review CI logs for leaked tokens
    4️⃣ Delete any log contents containing raw token values before they expire

    📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

    #githubactions #packagist #privatepackagist
  11. michabbb @[email protected] ·

    🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

    🧵👇 #PHP #security

    🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

    #composer #github #githubactions #php #security
  12. michabbb @[email protected] ·

    🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

    🧵👇 #PHP #security

    🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

    #composer #github #githubactions #php #security
  13. michabbb @[email protected] ·

    🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

    🧵👇 #PHP #security

    🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

    #composer #github #githubactions #php #security
  14. michabbb @[email protected] ·

    🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

    🧵👇 #PHP #security

    🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

    #security #php #githubactions #github #composer
  15. michabbb @[email protected] ·

    🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

    🧵👇 #PHP #security

    🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

    #composer #github #githubactions #php #security
  16. N-gated Hacker News @[email protected] ·

    🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
    github.com/composer/composer/s #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

    #backdoor #githubleaks #githubactions #securitybreach #devops #failures
  17. N-gated Hacker News @[email protected] ·

    🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
    github.com/composer/composer/s #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

    #backdoor #githubleaks #githubactions #securitybreach #devops #failures
  18. N-gated Hacker News @[email protected] ·

    🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
    github.com/composer/composer/s #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

    #backdoor #githubleaks #githubactions #securitybreach #devops #failures
  19. N-gated Hacker News @[email protected] ·

    🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
    github.com/composer/composer/s #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

    #ngated #hackernews #failures #devops #securitybreach #githubactions
  20. N-gated Hacker News @[email protected] ·

    🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
    github.com/composer/composer/s #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

    #backdoor #githubleaks #githubactions #securitybreach #devops #failures
  21. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  22. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  23. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  24. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #techupdate #softwaresecurity #codesmart #securitypatch #infosec #webdevlife
  25. github.com/ghostwriter @[email protected] ·

    🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

    ⚠️ Update NOW or disable GitHub Actions immediately!

    blog.packagist.com/composer-2-

    #PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

    #php #composer #composerphp #opensource #webdevelopment #githubactions
  26. 🦠Toxic Flange (Gurjeet)🔬⚱️🌚 @[email protected] ·

    RE: infosec.exchange/@cidu/1165638

    Again, with #github #githubactions at the center of another PR driven compromise?

    You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

    Is it called #copilot too??

    #github #githubactions #ai #copilot
  27. 🦠Toxic Flange (Gurjeet)🔬⚱️🌚 @[email protected] ·

    RE: infosec.exchange/@cidu/1165638

    Again, with #github #githubactions at the center of another PR driven compromise?

    You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

    Is it called #copilot too??

    #github #githubactions #ai #copilot
  28. 🦠Toxic Flange (Gurjeet)🔬⚱️🌚 @[email protected] ·

    RE: infosec.exchange/@cidu/1165638

    Again, with #github #githubactions at the center of another PR driven compromise?

    You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

    Is it called #copilot too??

    #github #githubactions #ai #copilot
  29. 🦠Toxic Flange (Gurjeet)🔬⚱️🌚 @[email protected] ·

    RE: infosec.exchange/@cidu/1165638

    Again, with #github #githubactions at the center of another PR driven compromise?

    You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

    Is it called #copilot too??

    #copilot #ai #githubactions #github
  30. 🦠Toxic Flange (Gurjeet)🔬⚱️🌚 @[email protected] ·

    RE: infosec.exchange/@cidu/1165638

    Again, with #github #githubactions at the center of another PR driven compromise?

    You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

    Is it called #copilot too??

    #github #githubactions #ai #copilot
  31. CIDU — Cyber Intelligence & Defense Unit @[email protected] ·

    84 npm versions published by an attacker in 12 hours.
    Without stealing a single declared token.

    On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

    → Misconfigured pull_request_target
    → Arbitrary code execution with internal privileges
    → Poisoned GitHub Actions cache → pivot into the release workflow
    → OIDC token extracted via /proc/mem on the runner
    → Publish under the org's legitimate identity

    Outcome: 42 packages compromised, 84 malicious versions live.
    External detection in 20 minutes (StepSecurity / carlini).
    TanStack's internal monitoring never saw the incident.

    Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

    cidu.io/articles/tanstack-npm-

    #SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

    #supplychain #cybersecurity #npm #devsecops #threatintel #githubactions
  32. CIDU — Cyber Intelligence & Defense Unit @[email protected] ·

    84 npm versions published by an attacker in 12 hours.
    Without stealing a single declared token.

    On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

    → Misconfigured pull_request_target
    → Arbitrary code execution with internal privileges
    → Poisoned GitHub Actions cache → pivot into the release workflow
    → OIDC token extracted via /proc/mem on the runner
    → Publish under the org's legitimate identity

    Outcome: 42 packages compromised, 84 malicious versions live.
    External detection in 20 minutes (StepSecurity / carlini).
    TanStack's internal monitoring never saw the incident.

    Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

    cidu.io/articles/tanstack-npm-

    #SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

    #supplychain #cybersecurity #npm #devsecops #threatintel #githubactions
  33. CIDU — Cyber Intelligence & Defense Unit @[email protected] ·

    84 npm versions published by an attacker in 12 hours.
    Without stealing a single declared token.

    On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

    → Misconfigured pull_request_target
    → Arbitrary code execution with internal privileges
    → Poisoned GitHub Actions cache → pivot into the release workflow
    → OIDC token extracted via /proc/mem on the runner
    → Publish under the org's legitimate identity

    Outcome: 42 packages compromised, 84 malicious versions live.
    External detection in 20 minutes (StepSecurity / carlini).
    TanStack's internal monitoring never saw the incident.

    Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

    cidu.io/articles/tanstack-npm-

    #SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

    #supplychain #cybersecurity #npm #devsecops #threatintel #githubactions
  34. CIDU — Cyber Intelligence & Defense Unit @[email protected] ·

    84 npm versions published by an attacker in 12 hours.
    Without stealing a single declared token.

    On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

    → Misconfigured pull_request_target
    → Arbitrary code execution with internal privileges
    → Poisoned GitHub Actions cache → pivot into the release workflow
    → OIDC token extracted via /proc/mem on the runner
    → Publish under the org's legitimate identity

    Outcome: 42 packages compromised, 84 malicious versions live.
    External detection in 20 minutes (StepSecurity / carlini).
    TanStack's internal monitoring never saw the incident.

    Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

    cidu.io/articles/tanstack-npm-

    #SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

    #soc #githubactions #threatintel #devsecops #npm #cybersecurity
  35. CIDU — Cyber Intelligence & Defense Unit @[email protected] ·

    84 npm versions published by an attacker in 12 hours.
    Without stealing a single declared token.

    On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

    → Misconfigured pull_request_target
    → Arbitrary code execution with internal privileges
    → Poisoned GitHub Actions cache → pivot into the release workflow
    → OIDC token extracted via /proc/mem on the runner
    → Publish under the org's legitimate identity

    Outcome: 42 packages compromised, 84 malicious versions live.
    External detection in 20 minutes (StepSecurity / carlini).
    TanStack's internal monitoring never saw the incident.

    Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

    cidu.io/articles/tanstack-npm-

    #SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

    #supplychain #cybersecurity #npm #devsecops #threatintel #githubactions
  36. github.com/ghostwriter @[email protected] ·

    wiz.io/blog/mini-shai-hulud-st
    #CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

    #cybersecurity #infosec #supplychainsecurity #softwaresupplychain #npm #opensourcesecurity
  37. github.com/ghostwriter @[email protected] ·

    wiz.io/blog/mini-shai-hulud-st
    #CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

    #cybersecurity #infosec #supplychainsecurity #softwaresupplychain #npm #opensourcesecurity
  38. github.com/ghostwriter @[email protected] ·

    wiz.io/blog/mini-shai-hulud-st
    #CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

    #cybersecurity #infosec #supplychainsecurity #softwaresupplychain #npm #opensourcesecurity
  39. github.com/ghostwriter @[email protected] ·

    wiz.io/blog/mini-shai-hulud-st
    #CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

    #devcommunity #securityresearch #malwarealert #hackers #cyberattack #securityengineering
  40. github.com/ghostwriter @[email protected] ·

    wiz.io/blog/mini-shai-hulud-st
    #CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

    #cybersecurity #infosec #supplychainsecurity #softwaresupplychain #npm #opensourcesecurity
  41. Evgenii K @[email protected] ·

    @ct do you mean between self hosting Forgejo or use Codeberg? I’m a bit surprised to hear there are CI limitations, because in both cases you still need runners to execute jobs, same as on github. My understanding is that Forgejo itself already has “Actions”/CI support.

    #codeberg #forgejo #github #githubactions

    #codeberg #forgejo #github #githubactions
  42. Evgenii K @[email protected] ·

    @ct do you mean between self hosting Forgejo or use Codeberg? I’m a bit surprised to hear there are CI limitations, because in both cases you still need runners to execute jobs, same as on github. My understanding is that Forgejo itself already has “Actions”/CI support.

    #codeberg #forgejo #github #githubactions

    #githubactions #github #forgejo #codeberg
  43. Evgenii K @[email protected] ·

    @ct do you mean between self hosting Forgejo or use Codeberg? I’m a bit surprised to hear there are CI limitations, because in both cases you still need runners to execute jobs, same as on github. My understanding is that Forgejo itself already has “Actions”/CI support.

    #codeberg #forgejo #github #githubactions

    #codeberg #forgejo #github #githubactions
  44. Aptivi @[email protected] ·

    GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

    #GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

    officialaptivi.wordpress.com/2

    #github #ghactions #githubactions #vs2026 #visualstudio #technews
  45. Aptivi @[email protected] ·

    GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

    #GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

    officialaptivi.wordpress.com/2

    #github #ghactions #githubactions #vs2026 #visualstudio #technews
  46. Aptivi @[email protected] ·

    GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

    #GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

    officialaptivi.wordpress.com/2

    #github #ghactions #githubactions #vs2026 #visualstudio #technews
  47. Aptivi @[email protected] ·

    GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

    #GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

    officialaptivi.wordpress.com/2

    #dotnet #programming #csharp #techupdates #technews #visualstudio
  48. Aptivi @[email protected] ·

    GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

    #GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

    officialaptivi.wordpress.com/2

    #github #ghactions #githubactions #vs2026 #visualstudio #technews
  49. Aptivi @[email protected] ·

    GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

    GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

    The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

    Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

    In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

    #github #GitHubActions #news #Tech #Technology #update #visualStudio #VisualStudio2026 #Windows #Windows11
    #github #githubactions #news #tech #technology #update
  50. Aptivi @[email protected] ·

    GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

    GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

    The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

    Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

    In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

    #github #GitHubActions #news #Tech #Technology #update #visualStudio #VisualStudio2026 #Windows #Windows11
    #github #githubactions #news #tech #technology #update
  51. Aptivi @[email protected] ·

    GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

    GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

    The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

    Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

    In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

    #github #GitHubActions #news #Tech #Technology #update #visualStudio #VisualStudio2026 #Windows #Windows11
    #github #githubactions #news #tech #technology #update
  52. Aptivi @[email protected] ·

    GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

    GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

    The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

    Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

    In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

    #github #GitHubActions #news #Tech #Technology #update #visualStudio #VisualStudio2026 #Windows #Windows11
    #windows11 #windows #visualstudio2026 #visualstudio #update #technology
  53. Aptivi @[email protected] ·

    GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

    GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

    The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

    Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

    In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

    #github #GitHubActions #news #Tech #Technology #update #visualStudio #VisualStudio2026 #Windows #Windows11
    #github #githubactions #news #tech #technology #update
  54. Hugo van Kemenade @[email protected] ·

    RE: code4lib.social/@acdha/1165588

    Do not use pull_request_target.
    Do not use caches in publish workflows.
    Use dependency cooldowns.
    Use Zizmor.
    Tell GitHub to make Actions secure by default.
    #GitHub #GitHubActions

    #github #githubactions
  55. Hugo van Kemenade @[email protected] ·

    RE: code4lib.social/@acdha/1165588

    Do not use pull_request_target.
    Do not use caches in publish workflows.
    Use dependency cooldowns.
    Use Zizmor.
    Tell GitHub to make Actions secure by default.
    #GitHub #GitHubActions

    #github #githubactions
  56. Hugo van Kemenade @[email protected] ·

    RE: code4lib.social/@acdha/1165588

    Do not use pull_request_target.
    Do not use caches in publish workflows.
    Use dependency cooldowns.
    Use Zizmor.
    Tell GitHub to make Actions secure by default.
    #GitHub #GitHubActions

    #github #githubactions
  57. Hugo van Kemenade @[email protected] ·

    RE: code4lib.social/@acdha/1165588

    Do not use pull_request_target.
    Do not use caches in publish workflows.
    Use dependency cooldowns.
    Use Zizmor.
    Tell GitHub to make Actions secure by default.
    #GitHub #GitHubActions

    #githubactions #github
  58. Hugo van Kemenade @[email protected] ·

    RE: code4lib.social/@acdha/1165588

    Do not use pull_request_target.
    Do not use caches in publish workflows.
    Use dependency cooldowns.
    Use Zizmor.
    Tell GitHub to make Actions secure by default.
    #GitHub #GitHubActions

    #github #githubactions
  59. Alvin Ashcraft 🐿️ @[email protected] ·

    Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

    csharp.christiannagel.com/2026

    #aspire #cloudnative #githubactions #dotnet

    #aspire #cloudnative #githubactions #dotnet
  60. Alvin Ashcraft 🐿️ @[email protected] ·

    Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

    csharp.christiannagel.com/2026

    #aspire #cloudnative #githubactions #dotnet

    #aspire #cloudnative #githubactions #dotnet