Hacker News new | ask | show | jobs
by kurmiashish 455 days ago
Due to the ongoing security incident involving the tj-actions/changed-files Action, we at StepSecurity have provided a secure, drop-in replacement: step-security/changed-files.

We strongly advise replacing all instances of tj-actions/changed-files in your workflows with our secure alternative: https://github.com/step-security/changed-files
2 comments
joonas 455 days ago
Kudos for making this freely available, I was initially delighted to find out that there was a StepSecurity maintained alternative for the dorny/paths-filter action[1] as that seemed like a reasonable alternative to migrate to, but ended up being disappointed once I realized that it requires a subscription to use[2]

[1]: https://github.com/step-security/paths-filter [2]: https://github.com/step-security/paths-filter/blob/b251c10d0...

link
rahulr0609 455 days ago
@kurmiashish - If you and team are willing share your version without requiring a Step Security subscription today or in the future, happy to archive our repo and redirect users to Step

Thanks again for your timely detection and reporting!

link
kurmiashish 455 days ago
@rahulr0609 https://github.com/step-security/changed-files will forever remain free, and the community can use it without requiring a StepSecurity subscription.
link