Get the latest tech news
Abusing Git branch names to compromise a PyPI package
d release was uploaded to PyPI after a project automatically processed a pull request with a flawed script. The GitHub account "OpenIM Robot" (which appears to be controlled by Xinwei Xiong) opened a pull request for the ultralytics Python package.
[Posted December 6, 2024 by daroc]
Or read this on Hacker News
