From 6acefe60fccd90a7506049d0bd7c9c63c9b7e816 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 09:01:25 +0000 Subject: [PATCH] build(deps): bump step-security/harden-runner Bumps the github-actions group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner). Updates `step-security/harden-runner` from 2.18.0 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/6c3c2f2c1c457b00c10c4848d6f5491db3b629df...8d3c67de8e2fe68ef647c8db1e6a09f647780f40) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/copilot-setup.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/labeler.yml | 2 +- .github/workflows/lighthouse-performance.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- .github/workflows/setup-labels.yml | 2 +- .github/workflows/test-and-report-latest-node.yml | 10 +++++----- .github/workflows/test-and-report.yml | 10 +++++----- .github/workflows/zap-scan.yml | 2 +- 11 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2f0c43c..56a86fb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/copilot-setup.yml b/.github/workflows/copilot-setup.yml index f80b054..18341eb 100644 --- a/.github/workflows/copilot-setup.yml +++ b/.github/workflows/copilot-setup.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden the runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ea02808..1338fbe 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index fd8687c..13ff4d2 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -19,7 +19,7 @@ jobs: repository-projects: write # Required for repository management steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/lighthouse-performance.yml b/.github/workflows/lighthouse-performance.yml index 329e731..60cd750 100644 --- a/.github/workflows/lighthouse-performance.yml +++ b/.github/workflows/lighthouse-performance.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0d5b40e..6cb465f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: is_prerelease: ${{ github.event.inputs.prerelease || 'false' }} steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -118,7 +118,7 @@ jobs: attestations: write # Required for SBOM and build attestations steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -215,7 +215,7 @@ jobs: id-token: write # Required for OIDC steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 795676f..5321b99 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/setup-labels.yml b/.github/workflows/setup-labels.yml index 8c828f7..f919bc1 100644 --- a/.github/workflows/setup-labels.yml +++ b/.github/workflows/setup-labels.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/test-and-report-latest-node.yml b/.github/workflows/test-and-report-latest-node.yml index 8e24c5d..e221ed8 100644 --- a/.github/workflows/test-and-report-latest-node.yml +++ b/.github/workflows/test-and-report-latest-node.yml @@ -17,7 +17,7 @@ jobs: contents: read # Required to check out code steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -75,7 +75,7 @@ jobs: pull-requests: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -156,7 +156,7 @@ jobs: checks: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -201,7 +201,7 @@ jobs: pull-requests: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -249,7 +249,7 @@ jobs: checks: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/test-and-report.yml b/.github/workflows/test-and-report.yml index 55998a3..e1d701b 100644 --- a/.github/workflows/test-and-report.yml +++ b/.github/workflows/test-and-report.yml @@ -17,7 +17,7 @@ jobs: contents: read # Required to check out code steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -67,7 +67,7 @@ jobs: pull-requests: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -140,7 +140,7 @@ jobs: checks: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -177,7 +177,7 @@ jobs: pull-requests: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -225,7 +225,7 @@ jobs: checks: write # Required to upload artifacts (implicit permission) steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/zap-scan.yml b/.github/workflows/zap-scan.yml index 9ed9ede..18fbfd3 100644 --- a/.github/workflows/zap-scan.yml +++ b/.github/workflows/zap-scan.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit