Y
Hacker News
new
|
ask
|
show
|
jobs
by
securesaml
35 days ago
It's limited to ghs_ (server to server token's), that have the new format enabled:
https://github.blog/changelog/2026-04-24-notice-about-upcomi...
(and actions that use the vulnerable package)
This include's the GITHUB_TOKEN that is builtin within a actions jobs.