codecov security breach

Question

codecov security breach

layik opened this issue 3 years ago · 3 comments

https://about.codecov.io/security-update

Answer 1 · 2021-04-15T14:09:26.000Z

What's the action? Change GitHub keys?

Answer 2 · 2021-04-15T14:15:18.000Z

Their doc is long! I believe so. I will start removing codecov from GH and old Travis. I put it here to get some Rstats and maybe rOpenSci short bullet point action(s).

Sorry Robin can't save you time. Edit: just got the email myself.

Pasting their bold para:

We strongly recommend affected users immediately re-roll all of their credentials, tokens, or keys located in the environment variables in their CI processes that used one of Codecov’s Bash Uploaders.

Answer 3 · 2021-04-15T18:27:35.000Z

I think we can close. See r-lib/covr#470