This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability
It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whene…