I've done it too, but in luckily on a low exposure system. I seen to recall finding a way to strip the orphan commit, but probably had to recreat the GH repo. I also seem to recall GH also added some checks for secrets, but I guess not foolproof.
We all make mistakes so it best to try to mitigate, even at the expense of DX. Eg tighten up access permissons so no rm -rf /, don't use eval() or otherwise make ìt hard to parse expressions that may contain unsanitised user input (eg JSX dangerouslySetHTML())
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I've done it too, but in luckily on a low exposure system. I seen to recall finding a way to strip the orphan commit, but probably had to recreat the GH repo. I also seem to recall GH also added some checks for secrets, but I guess not foolproof.
We all make mistakes so it best to try to mitigate, even at the expense of DX. Eg tighten up access permissons so no rm -rf /, don't use eval() or otherwise make ìt hard to parse expressions that may contain unsanitised user input (eg JSX dangerouslySetHTML())