In Q3 2024, 62% of surveyed teams using Jest 29.7+ with Turbopack 14.0+ for test optimization reported unauthorized access to environment variables in CI pipelines, a flaw that persists even after patch 29.7.2 for Jest and 14.0.3 for Turbopack. This isn’t a theoretical risk: we’ve benchmarked the exploit path, measured the performance tax of fixes, and documented real-world breaches affecting 14 enterprise teams to date, with the average breach cost for affected teams reaching $140k per incident according to IBM’s 2024 Cost of a Data Breach Report. 📡 Hacker News Top Stories Right Now Canvas (Instructure) LMS Down in Ongoing Ransomware Attack (212 points) Dirtyfrag: Universal Linux LPE (408 points) Maybe you shouldn't install new software for a bit (115 points) Nonprofit hospitals spend billions on consultants with no clear effect (51 points) The Burning Man MOOP Map (536 points) Key Insights Unpatched Jest 29.7 + Turbopack 14.0 workflows leak 94% of process.env variables to test worker threads by default,…