devops
Ruby's Bundler adds a cooldown feature
Source:
lwn.net 1 min read
Share
You are reading a summary. The full content is hosted on lwn.net.
Bundler version 4.0.13 has introduced a new feature to mitigate supply-chain attacks: a time-based filter called "cooldown" that refuses to resolve to a version until it has been public for at least N days, helping to prevent malicious bundles from being installed.
Read the full article on the original website
External link to lwn.net
