chore(deps): update step-security/harden-runner action to v2.19.0 (stable/2026.1)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
step-security/harden-runner	action	minor	v2.18.0 → v2.19.0

---

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.19.0

Compare Source

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

• Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.
• System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base-rockylinux:2026.1
ghcr.io/vexxhost/python-base-rockylinux:stable-2026.1
ghcr.io/vexxhost/python-base-rockylinux:d945279
ghcr.io/vexxhost/python-base-rockylinux:latest

Digest: ghcr.io/vexxhost/python-base-rockylinux@sha256:eb58c0b2c6dc96203d57b268e10370b011aedd23e20bc96b2adc207e35740988

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base-debian:2026.1
ghcr.io/vexxhost/python-base-debian:stable-2026.1
ghcr.io/vexxhost/python-base-debian:d945279
ghcr.io/vexxhost/python-base-debian:latest

Digest: ghcr.io/vexxhost/python-base-debian@sha256:fd173017114376499f66db0332e7744300cd522f21580d6116d948e247ab16d4

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base:2026.1
ghcr.io/vexxhost/python-base:stable-2026.1
ghcr.io/vexxhost/python-base:d945279
ghcr.io/vexxhost/python-base:latest

Digest: ghcr.io/vexxhost/python-base@sha256:2c208ec385840f6fb2a47a570ade9d6034718d0c83b4703d3758fe4e80649a34

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base-almalinux:2026.1
ghcr.io/vexxhost/python-base-almalinux:stable-2026.1
ghcr.io/vexxhost/python-base-almalinux:d945279
ghcr.io/vexxhost/python-base-almalinux:latest

Digest: ghcr.io/vexxhost/python-base-almalinux@sha256:d275c290498f8944a793cbbba1406338fcbd8b969a414874ce073ea6345dbd42

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base-ubuntu-cloud-archive:2026.1
ghcr.io/vexxhost/python-base-ubuntu-cloud-archive:stable-2026.1
ghcr.io/vexxhost/python-base-ubuntu-cloud-archive:d945279
ghcr.io/vexxhost/python-base-ubuntu-cloud-archive:latest

Digest: ghcr.io/vexxhost/python-base-ubuntu-cloud-archive@sha256:ade9b0464f4028a4e114d541c970e8bdbd2dbd0e28ab8ea8e8867eff10c967ab

[github-actions]

renovate[bot]
This pull request has been included in the following image tags:

ghcr.io/vexxhost/python-base-ubuntu:2026.1
ghcr.io/vexxhost/python-base-ubuntu:stable-2026.1
ghcr.io/vexxhost/python-base-ubuntu:d945279
ghcr.io/vexxhost/python-base-ubuntu:latest

Digest: ghcr.io/vexxhost/python-base-ubuntu@sha256:41d7bf4cb3dde41784329b9bbc16f3ad3b4a3d6bf5618739f92fb62635db962d