This is grave:

An intricate cascading supply chain assault has compromised numerous GitHub Actions, revealing essential CI/CD secrets across tens of thousands of repositories. According to a report, this attack, which initially focused on the widely utilized “tj-actions/changed-files” tool, is now thought to have stemmed from a prior breach of the “reviewdog/action-setup@v1” GitHub Action.

[…]

CISA has verified that the vulnerability has been addressed in version 46.0.1.

With the tool being employed by over 23,000 GitHub repositories, the extent of the potential repercussions has caused considerable concern within the developer community.