packagist

RE: https://phpc.social/@packagist/116566852406125489

If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc

May 20 at 11:04amWeb
Show threadpackagistMay 20
We recommend you change the default permissions for GitHub Actions GITHUB_TOKENs to read only. Explicitly grant elevated permissions only where strictly necessary. Use zizmor to analyze your GitHub Actions: https://github.com/zizmorcore/zizmor see also @sebastian on zizmor: https://phpunit.expert/articles/hardening-github-actions-workflows.html