Affected versions of aegir
bundle and publish the current users github token to npm when aegir-release
is executed.
Update to version 12.0.8 or later.
If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.