We.Love.Privacy.Club lwn-net@feeds.twtxt.net "Ruby's Bundler adds a cooldown feature Version\ 4.0.13 of Ruby's Bundler package-manager has added\ dependency cooldowns in order to help mi ..."

feeds.twtxt.net

Ruby’s Bundler adds a cooldown feature
Version\ 4.0.13 of Ruby’s Bundler
package-manager has added\ dependency cooldowns in order to help mitigate the effect of
supply-chain attacks:

Most supply-chain attacks against RubyGems exploit a narrow window:
an account is compromised, a malicious version ships, and any
bundle install in the minutes that follow resolves
str … ⌘ Read more

⤋ Read More