GitHub

257 readers
1 users here now

A community for discussion and posts relating to github https://github.com/

founded 2 years ago
MODERATORS
pylapp@programming.dev
listing: all - local
1
1
Review commit-by-commit, improved filtering, and more in the pull request "Files changed" public preview (github.blog)
submitted 1 day ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
2
1
Better diagnostics for VNET injected runners and required self-hosted runner upgrades (github.blog)
submitted 1 day ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
3
1
Post as Admin now available in GitHub Discussions (github.blog)
submitted 2 days ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
4
3
Repository custom properties: GraphQL API and URL type (github.blog)
submitted 3 days ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
5
3
npm classic tokens revoked, session-based auth and CLI token management now available (github.blog)
submitted 4 days ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
6
1
Notifications triggered by spam accounts are now correctly hidden (github.blog)
submitted 1 week ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
 
 
7
1
CodeQL 2.23.6 adds Swift 6.2.1 and new C# security queries (github.blog)
submitted 1 week ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
8
0
Assign issues to Copilot using the API (github.blog)
submitted 1 week ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
9
3
Secret scanning updates — November 2025 (github.blog)
submitted 1 week ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
10
1
Block repository administrators from installing GitHub Apps on their own now generally available (github.blog)
submitted 1 week ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
11
-1
Secret scanning alert assignees, security campaigns are generally available (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
12
3
Code scanning default setup bypasses GitHub Actions policy blocks (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
13
8
Secrets in unlisted GitHub gists are reported to secret scanning partners (github.blog)
submitted 2 weeks ago by nemeski@mander.xyz to c/github@programming.dev
1 comments fedilink
14
9
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer (about.gitlab.com)
submitted 2 weeks ago by pylapp@programming.dev to c/github@programming.dev
0 comments fedilink
 
 

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

15
2
Automated NPM secret rotation in GitHub Actions (michaelheap.com)
submitted 3 weeks ago by codeinabox@programming.dev to c/github@programming.dev
0 comments fedilink
16
2
CodeQL 2.23.5 adds support for Swift 6.2, new Java queries, and improved analysis accuracy (github.blog)
submitted 3 weeks ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
17
3
Removing notifications for @mentions in commit messages (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
18
7
npm security update: Classic token creation disabled and granular token changes (github.blog)
submitted 1 month ago by nemeski@piefed.social to c/github@programming.dev
0 comments fedilink
19
2
GitHub Actions: Skip Jobs Conditionally with if: false (openillumi.com)
submitted 1 month ago by codeinabox@programming.dev to c/github@programming.dev
0 comments fedilink
20
2
Actions Runner Controller release 0.13.0 (github.blog)
submitted 1 month ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
21
3
GitHub provides feature for immutable releases (docs.github.com)
submitted 1 month ago by pylapp@programming.dev to c/github@programming.dev
0 comments fedilink
 
 

Immutable releases are releases where the assets and associated Git tag cannot be changed after publication. The use of this type of release increases security by blocking supply chain attacks.

Attackers cannot:

  • Inject vulnerabilities or malware into current project releases.
  • Make changes to assets and tags that may break developer workflows.

The releases tags and artefacts can be also cryptographically verified.

22
-1
GitHub Copilot CLI: Faster, more concise, and prettier (github.blog)
submitted 2 months ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
23
6
A Reddit Clone - MERN (github.com)
submitted 2 months ago by phuoccuongvnn@suppo.fi to c/github@programming.dev
1 comments fedilink
 
 

Reddit clone (a social media site) made w/ MERN stack & Redux.

24
6
Microsoft will reduce GitHub's independence and move its servers to Azure, report claims (www.neowin.net)
submitted 2 months ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
25
2
CodeQL 2.23.1 adds support for Java 25, TypeScript 5.9 and Swift 6.1.3 (github.blog)
submitted 2 months ago by nemeski@mander.xyz to c/github@programming.dev
0 comments fedilink
view more: next ›