Closed bru73f0rc3 closed 9 months ago
Thanks for the heads up, hackers have such good ideas for hacking lol
Only I can commit to master, and only master is released so all good here 👍
Excellent, i just saw a bunch of Dependabot pushes today after reading about this 2 days ago lol.
Ahh yea, i configured for monthly https://github.com/jpillora/chisel/blob/master/.github/dependabot.yml
makes sense and today's the first of the month :) just the timing!
FYI: Please be aware of fake Dependabot pushes:
https://www.securityweek.com/stolen-github-credentials-used-to-push-fake-dependabot-commits/
"As part of the observed campaign, the attackers created a commit message “fix” that appeared to be contributed by the ‘dependabot[bot]’ user account, tricking developers into believing the commits came from GitHub’s tool."