From 78393766aae994d8ba44054cdb3131e2cce7d766 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:36:03 +0000 Subject: [PATCH] Bump step-security/harden-runner from 2.13.0 to 2.13.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/definitions.yml | 4 ++-- .github/workflows/test.yml | 6 +++--- .github/workflows/version.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/definitions.yml b/.github/workflows/definitions.yml index 465191d3..ef335216 100644 --- a/.github/workflows/definitions.yml +++ b/.github/workflows/definitions.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest permissions: { contents: read } steps: - - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: { egress-policy: audit } - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: npm ci @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest permissions: { contents: read } steps: - - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: { egress-policy: audit } - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: npm ci diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 61cd7875..558f045c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: permissions: { contents: read, security-events: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: { egress-policy: audit } - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: { fetch-depth: 0 } @@ -35,7 +35,7 @@ jobs: lts: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: { egress-policy: audit } - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: npm ci @@ -45,7 +45,7 @@ jobs: checksums: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: { egress-policy: audit } - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: { fetch-depth: 0 } diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index e9b9a28b..d45efec8 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit