<p>the Glasgow Interface Explorer GitHub organization was affected by GHSA-mrrh-fwg8-r2c3, a crude credentials stealer in one of the github actions used as a dependency that also happened to print them unencrypted in the public build logs</p><p>ironically, i've used that github action to prevent someone to tampering with the firmware as a part of a system ensuring that the checked-in blob is reproducibly built</p>
