The Update: April 2, 2025 https://unit42.paloaltonetworks.com/github-actions-supply-ch... section is interesting (the plot thickens)
I'm so glad someone dug into this properly after the tj-actions maintainer started locking threads and refusing to look into how the PAT was leaked.
https://github.com/tj-actions/changed-files/issues/2464#issu...
The Update: April 2, 2025 https://unit42.paloaltonetworks.com/github-actions-supply-ch... section is interesting (the plot thickens)