Ngokubeka emngciphekweni inkqubo yokukhululwa kweGitHub Actions kwiindawo zokugcina iRedHat's RedHatInsights, abahlaseli bakwazile ukupapasha iinguqulelo ezingama-64 ezinobungozi zeepakethe ezingama-32 ze-NPM zeqonga leeNkonzo zeLifu leRed Hat kwifolda ye-NPM. Iinguqulelo ezimbini ezinobungozi zepakethe nganye ye-NPM enobungozi zikhutshiwe, nganye iqulethe ikhowudi esebenze uhlobo olutsha lwe-worm ye-mini-shai-hulud, ekhangela iithokheni kunye neziqinisekiso kwimeko yangoku.
I-worm ibekwe kwifayile ye-index.js yaze yasebenza ngesixhobo sokuphatha esifakwe kwangaphambili esibizwa xa kufakwa iphakheji enesifo. Nje ukuba isebenze, i-worm ikhangele inkqubo ukuze ifumane ii-token kwi-NPM (~/.npmrc), i-PyPI, i-CircleCI, i-AWS, i-GCP, i-Docker, i-Azure, i-HashiCorp, kunye ne-KubernetesK8s, kunye nee-private keys ze-SSH. Idatha eyifumeneyo ithunyelwe kubahlaseli. Ukuba i-token ye-NPM ifunyenwe, i-worm ipapashe ngokuzenzekelayo ukukhutshwa okutsha okunobungozi kwiipakethi eziphuhliswayo kwimeko-bume yangoku, okosulela umthi wokuxhomekeka.
Ukufikelela kwi-GitHub Actions kufunyenwe ngokubeka emngciphekweni iakhawunti yomqeshwa weRed Hat, okuvumela abahlaseli ukuba batyhale ngokuthe ngqo ii-commits kwi-javascript-clients, frontend-components, kunye ne-platform-frontend-ai-toolkit repositories ngaphandle kokudlula kwinkqubo yokuphonononga. Ezi commits zifake ifayile ye-ci.yaml kwinkqubo yokudibanisa eqhubekayo, ethi, xa iqhuba ukwakha, isebenzise iskripthi se-_index.js isebenzisa iqonga le-bun. Iskripthi sisebenzise imvume ye-"id-token: write" ukucela ithokheni ye-OIDC (OpenID Connect) evela kwiGitHub, eyathi emva koko yasetyenziselwa ukuqinisekiswa nge-NPM ngendlela "yokushicilela ethembekileyo".
Iiphakheji ze-NPM eziqulethe ikhowudi enobungozi:
- @redhat-cloud-services/chrome (2.3.1, 2.3.2)
- @redhat-cloud-services/compliance-client (4.0.3, 4.0.4)
- @redhat-cloud-services/config-manager-client (5.0.4, 5.0.5)
- @redhat-cloud-services/entitlements-client (4.0.11, 4.0.12)
- @redhat-cloud-services/eslint-config-redhat-cloud-services (3.2.1, 3.2.2)
- @redhat-cloud-services/frontend-components (7.7.2, 7.7.3)
- @redhat-cloud-services/frontend-components-advisor-components (3.8.2)
- @redhat-cloud-services/frontend-components-config (6.11.3, 6.11.4)
- @redhat-cloud-services/frontend-components-config-utilities (4.11.2, 4.11.3)
- @redhat-cloud-services/frontend-components-notifications (6.9.2, 6.9.3)
- @redhat-cloud-services/frontend-components-remediations (4.9.2, 4.9.3)
- @redhat-cloud-services/frontend-components-testing (1.2.1, 1.2.2)
- @redhat-cloud-services/frontend-components-translations (4.4.1, 4.4.2)
- @redhat-cloud-services/frontend-components-utilities (7.4.1, 7.4.2)
- @redhat-cloud-services/hcc-feo-mcp (0.3.1, 0.3.2)
- @redhat-cloud-services/hcc-kessel-mcp (0.3.1, 0.3.2)
- @redhat-cloud-services/hcc-pf-mcp (0.6.1, 0.6.2)
- @redhat-cloud-services/host-inventory-client (5.0.3, 5.0.4)
- @redhat-cloud-services/insights-client (4.0.4, 4.0.5)
- @redhat-cloud-services/integrations-client (6.0.4, 6.0.5)
- @redhat-cloud-services/javascript-clients-shared (2.0.8, 2.0.9)
- @redhat-cloud-services/notifications-client (6.1.4, 6.1.5)
- @redhat-cloud-services/patch-client (4.0.4, 4.0.5)
- @redhat-cloud-services/quickstarts-client (4.0.11, 4.0.12)
- @redhat-cloud-services/rbac-client (9.0.3, 9.0.4)
- @redhat-cloud-services/remediations-client (4.0.4, 4.0.5)
- @redhat-cloud-services/rule-components (4.7.2, 4.7.3)
- @redhat-cloud-services/sources-client (3.0.10, 3.0.11)
- @redhat-cloud-services/topological-inventory-client (3.0.10, 3.0.11)
- @redhat-cloud-services/tsc-transform-imports (1.2.2)
- @redhat-cloud-services/types (3.6.1, 3.6.2, 3.6.4)
- @redhat-cloud-services/vulnerability-client (2.1.8, 2.1.9)
umthombo: opennet.ru
