Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Cycle secrets #777

Closed
CasperWA opened this issue Apr 15, 2021 · 2 comments
Closed

[SECURITY] Cycle secrets #777

CasperWA opened this issue Apr 15, 2021 · 2 comments
Assignees
@CasperWA
Labels
bug Something isn't working CI Continuous Integration - GitHub Actions issues (NOT related to the repository Action) priority/high Issue or PR with a consensus of high priority security Pull requests that address a security vulnerability

Comments

@CasperWA
Copy link
Member

CasperWA commented Apr 15, 2021
edited

We need to cycle all secrets and API keys used due to a security breach in Codecov. For more information see https://about.codecov.io/security-update/.

3/3 updated.
@CasperWA CasperWA added bug Something isn't working priority/high Issue or PR with a consensus of high priority CI Continuous Integration - GitHub Actions issues (NOT related to the repository Action) security Pull requests that address a security vulnerability labels Apr 15, 2021
@CasperWA CasperWA self-assigned this Apr 15, 2021
@CasperWA
Copy link
Member Author

All secrets have been updated - furthermore the Codecov token has been removed, as such the release workflow should be updated.

@CasperWA
Copy link
Member Author

The codecov token was never actually used in the code. Since all secrets have been cycled, this security issue is considered to be solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CasperWA CasperWA

Labels
bug Something isn't working CI Continuous Integration - GitHub Actions issues (NOT related to the repository Action) priority/high Issue or PR with a consensus of high priority security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CasperWA