Update step-security/harden-runner action to v2 #694
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.5.0
->v2.8.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
step-security/harden-runner (step-security/harden-runner)
v2.8.0
Compare Source
What's Changed
Release v2.8.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/416
This release includes:
These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.
Full Changelog: step-security/harden-runner@v2...v2.8.0
v2.7.1
Compare Source
What's Changed
Release v2.7.1 by @varunsh-coder, @h0x0er, @ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:
Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1
v2.7.0
Compare Source
What's Changed
Release 2.7.0 by @varunsh-coder and @h0x0er in https://github.com/step-security/harden-runner/pull/376
This release:
Full Changelog: step-security/harden-runner@v2...v2.7.0
v2.6.1
Compare Source
What's Changed
Release v2.6.1 by @varunsh-coder and @h0x0er in https://github.com/step-security/harden-runner/pull/356
This release:
Full Changelog: step-security/harden-runner@v2...v2.6.1
v2.6.0
Compare Source
What's Changed
Release v2.6.0 by @varunsh-coder in https://github.com/step-security/harden-runner/pull/346
This release adds support for self-hosted Virtual Machine runners (e.g. on EC2).
Full Changelog: step-security/harden-runner@v2...v2.6.0
v2.5.1
Compare Source
What's Changed
*.actions.githubusercontent.com
. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints.Full Changelog: step-security/harden-runner@v2...v2.5.1
v2.5.0
Compare Source
What's Changed
Release v2.5.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/325
This release:
Full Changelog: step-security/harden-runner@v2...v2.5.0
v2.4.1
Compare Source
What's Changed
Release v2.4.1 by @varunsh-coder and @Devils-Knight in https://github.com/step-security/harden-runner/pull/309
This release
Full Changelog: step-security/harden-runner@v2...v2.4.1
v2.4.0
Compare Source
What's Changed
Adds support for wildcard domains in
block
mode. e.g. you can add*.data.mcr.microsoft.com:443
to the allowed list, and egress traffic will be allowed toeastus.data.mcr.microsoft.com:443
andwestus.data.mcr.microsoft.com:443
.Link to documentation.
Full Changelog: step-security/harden-runner@v2...v2.4.0
v2.3.1
Compare Source
What's Changed
Fixes #279 and #275
Full Changelog: step-security/harden-runner@v2...v2.3.1
v2.3.0
Compare Source
What's Changed
The Policy Store helps you manage Harden Runner policies without altering your workflow files.
Full Changelog: step-security/harden-runner@v2...v2.3.0
v2.2.1
Compare Source
What's Changed
Harden runner has the ability to automatically detect the cache endpoint used by each job. When Harden runner is used in block mode, this endpoint is added to the list of allowed endpoints. A fix has been implemented to improve this feature by updating the logic used to fetch the cache endpoint. This update involves using code from the actions/cache library to ensure the endpoint is properly retrieved.
Full Changelog: step-security/harden-runner@v2...v2.2.1
v2.2.0
Compare Source
What's Changed
containerd
dependency to a non-vulnerable version.Full Changelog: step-security/harden-runner@v2...v2.2.0
v2.1.0
Compare Source
What's Changed
This makes it easier to locate and click on the insights link. One had to look for it in the build log earlier.
Full Changelog: step-security/harden-runner@v2...v2.1.0
v2.0.0
Compare Source
Release v2.0.0
disable-sudo: true
to run job steps without sudo access on the GitHub-hosted runner.disable-sudo
isfalse
by default and needs to be opted-into. (documentation)What's Changed
Full Changelog: step-security/harden-runner@v1...v2.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.