Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
geospatial-data-lake
Discontinued Central storage, management and access for important geospatial datasets
do they mean that the Docker image at https://github.com/codecov/codecov-action contained a secret allowing someone to modify the script served by https://codecov.io/bash ?
This looks to be that version: https://github.com/ehmicky/dev-tasks/blob/1f6cd2a9c7bc2146b7...
Though this was uploaded before April 1, and it doesn't appear to have any malicious code.
"bash <(curl" is the new cool. Mind-boggling number of projects pull this sh*, look at https://brew.sh/ for instance.