Skip to content

v0.3.1
Compare
Choose a tag to compare
@jo3-l jo3-l released this 17 Jul 06:24
· 25 commits to main since this release
v0.3.1
This tag was signed with the committer’s verified signature.
jo3-l Joseph Liu
GPG key ID: 94CF7157EFCE8E22
Learn about vigilant mode.
564b7d0
This commit was signed with the committer’s verified signature.
jo3-l Joseph Liu
GPG key ID: 94CF7157EFCE8E22
Learn about vigilant mode.

v0.3.1 removes a file containing sensitive credentials accidentally published in v0.3.0; see below for details. The release contains no changes in functionality.

As part of v0.3.0, I inadvertently published a file .envrc containing a personal GitHub token with write access to this repository used for release automation to npm. I immediately revoked the token on discovering its publication, at which point it had been public for ~2h. After a manual review (given the limited scope of the token), I am confident the leaked token was not been used maliciously in the window of time it was public and that my account is not compromised.

Assets 2
Loading