|
|
|
|
|
|
by olejorgenb
36 days ago
|
|
|
And the gotcha has been known about since 2014: > This is the class of attack documented by Adnan Khan in 2024. It's not a TanStack-specific bug; it's a known GitHub Actions design issue that requires conscious mitigation. While it seems the maintainers kinda went-out-of-their way to enable this - GitHub could easily have at least turned of cache-sharing between fork jobs and the main jobs... |
|
|