From 06e748cb14e8d4adbe9aad6aeea67335ea6ff3eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 21:37:24 +0000 Subject: [PATCH] chore(deps): Bump step-security/harden-runner from 2.9.0 to 2.10.4 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.0 to 2.10.4. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/0d381219ddf674d61a7572ddd19d7941e271515c...cb605e52c26070c328afc4562f0b4ada7618a84e) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/checks.apicheck.yml | 2 +- .github/workflows/checks.clippy.yml | 2 +- .github/workflows/checks.codeql.yml | 2 +- .github/workflows/checks.dependency-review.yml | 2 +- .github/workflows/checks.detekt.yml | 2 +- .github/workflows/checks.formatting.yml | 2 +- .github/workflows/checks.gradle-wrapper.yml | 2 +- .github/workflows/checks.model.yml | 4 ++-- .github/workflows/checks.qodana.yml | 2 +- .github/workflows/checks.rustfmt.yml | 2 +- .github/workflows/checks.scorecards.yml | 2 +- .github/workflows/checks.sonar.yml | 2 +- .github/workflows/job.bench.yml | 2 +- .github/workflows/job.build.yml | 2 +- .github/workflows/job.cli.yml | 4 ++-- .github/workflows/job.containers.yml | 4 ++-- .github/workflows/job.copybara.yml | 4 ++-- .github/workflows/job.deploy-model.yml | 2 +- .github/workflows/job.deploy.yml | 2 +- .github/workflows/job.labeler.yml | 2 +- .github/workflows/job.site.yml | 6 +++--- .github/workflows/job.test.yml | 4 ++-- .github/workflows/on.pr.yml | 2 +- .github/workflows/on.scheduled.yml | 6 +++--- .github/workflows/publish.maven.yml | 2 +- 25 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/checks.apicheck.yml b/.github/workflows/checks.apicheck.yml index b09987b21..d4d57797b 100644 --- a/.github/workflows/checks.apicheck.yml +++ b/.github/workflows/checks.apicheck.yml @@ -61,7 +61,7 @@ jobs: continue-on-error: true steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.clippy.yml b/.github/workflows/checks.clippy.yml index 8c6da900f..ba33a1a08 100644 --- a/.github/workflows/checks.clippy.yml +++ b/.github/workflows/checks.clippy.yml @@ -33,7 +33,7 @@ jobs: contents: read steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.codeql.yml b/.github/workflows/checks.codeql.yml index 9b468aab0..8df649d36 100644 --- a/.github/workflows/checks.codeql.yml +++ b/.github/workflows/checks.codeql.yml @@ -57,7 +57,7 @@ jobs: language: ["javascript-typescript"] steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.dependency-review.yml b/.github/workflows/checks.dependency-review.yml index a2cf243e2..a13b78dce 100644 --- a/.github/workflows/checks.dependency-review.yml +++ b/.github/workflows/checks.dependency-review.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/checks.detekt.yml b/.github/workflows/checks.detekt.yml index d2d786ead..7bd1dcf86 100644 --- a/.github/workflows/checks.detekt.yml +++ b/.github/workflows/checks.detekt.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: true steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.formatting.yml b/.github/workflows/checks.formatting.yml index e622e97d7..f1a82350f 100644 --- a/.github/workflows/checks.formatting.yml +++ b/.github/workflows/checks.formatting.yml @@ -61,7 +61,7 @@ jobs: continue-on-error: true steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.gradle-wrapper.yml b/.github/workflows/checks.gradle-wrapper.yml index f88b15a56..290b87a36 100644 --- a/.github/workflows/checks.gradle-wrapper.yml +++ b/.github/workflows/checks.gradle-wrapper.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/checks.model.yml b/.github/workflows/checks.model.yml index ea5f35c91..3904d3704 100644 --- a/.github/workflows/checks.model.yml +++ b/.github/workflows/checks.model.yml @@ -82,7 +82,7 @@ jobs: contents: "read" steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -120,7 +120,7 @@ jobs: continue-on-error: ${{ contains(github.event.pull_request.labels.*.name, 'ci:buf-breaking-ignore') }} steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/checks.qodana.yml b/.github/workflows/checks.qodana.yml index 3cb9fc8cc..76840d773 100644 --- a/.github/workflows/checks.qodana.yml +++ b/.github/workflows/checks.qodana.yml @@ -52,7 +52,7 @@ jobs: continue-on-error: true steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/checks.rustfmt.yml b/.github/workflows/checks.rustfmt.yml index db0d7ef73..1cabcf082 100644 --- a/.github/workflows/checks.rustfmt.yml +++ b/.github/workflows/checks.rustfmt.yml @@ -31,7 +31,7 @@ jobs: security-events: write steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/checks.scorecards.yml b/.github/workflows/checks.scorecards.yml index 6d0e25dc8..12f6c75ac 100644 --- a/.github/workflows/checks.scorecards.yml +++ b/.github/workflows/checks.scorecards.yml @@ -35,7 +35,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/checks.sonar.yml b/.github/workflows/checks.sonar.yml index 13ec39ef0..695393852 100644 --- a/.github/workflows/checks.sonar.yml +++ b/.github/workflows/checks.sonar.yml @@ -52,7 +52,7 @@ jobs: continue-on-error: true steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.bench.yml b/.github/workflows/job.bench.yml index 8367d2f28..626db835d 100644 --- a/.github/workflows/job.bench.yml +++ b/.github/workflows/job.bench.yml @@ -67,7 +67,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.build.yml b/.github/workflows/job.build.yml index dfe87c7b5..8c6b6ff00 100644 --- a/.github/workflows/job.build.yml +++ b/.github/workflows/job.build.yml @@ -194,7 +194,7 @@ jobs: - name: "Setup: Apt Dependencies" run: sudo apt-get install -y libtool-bin build-essential libc6-dev - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: false egress-policy: audit diff --git a/.github/workflows/job.cli.yml b/.github/workflows/job.cli.yml index 9588d485e..a316ea005 100644 --- a/.github/workflows/job.cli.yml +++ b/.github/workflows/job.cli.yml @@ -137,7 +137,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" @@ -279,7 +279,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.containers.yml b/.github/workflows/job.containers.yml index e7bb1a88d..cd399d54f 100644 --- a/.github/workflows/job.containers.yml +++ b/.github/workflows/job.containers.yml @@ -179,7 +179,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" @@ -291,7 +291,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.copybara.yml b/.github/workflows/job.copybara.yml index 645a8effd..4f49305d6 100644 --- a/.github/workflows/job.copybara.yml +++ b/.github/workflows/job.copybara.yml @@ -28,7 +28,7 @@ jobs: (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'migrate:protocol')) steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" @@ -62,7 +62,7 @@ jobs: steps: # Pull code. - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.deploy-model.yml b/.github/workflows/job.deploy-model.yml index 2f0bf6133..8d8526cf5 100644 --- a/.github/workflows/job.deploy-model.yml +++ b/.github/workflows/job.deploy-model.yml @@ -42,7 +42,7 @@ jobs: contents: "read" steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.deploy.yml b/.github/workflows/job.deploy.yml index 984a4a142..e14ea264a 100644 --- a/.github/workflows/job.deploy.yml +++ b/.github/workflows/job.deploy.yml @@ -93,7 +93,7 @@ jobs: FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/job.labeler.yml b/.github/workflows/job.labeler.yml index c37ffc9a2..27eb50cdf 100644 --- a/.github/workflows/job.labeler.yml +++ b/.github/workflows/job.labeler.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Bot: Labeler Triage" diff --git a/.github/workflows/job.site.yml b/.github/workflows/job.site.yml index 46c8ba163..12fb81cc4 100644 --- a/.github/workflows/job.site.yml +++ b/.github/workflows/job.site.yml @@ -40,7 +40,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" @@ -160,7 +160,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -287,7 +287,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/job.test.yml b/.github/workflows/job.test.yml index ed8c87945..0a41e30dc 100644 --- a/.github/workflows/job.test.yml +++ b/.github/workflows/job.test.yml @@ -154,7 +154,7 @@ jobs: steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: false egress-policy: audit @@ -418,7 +418,7 @@ jobs: if: inputs.native steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: false egress-policy: audit diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml index 0fbb0e694..8235acbf6 100644 --- a/.github/workflows/on.pr.yml +++ b/.github/workflows/on.pr.yml @@ -54,7 +54,7 @@ jobs: srcs: ${{ steps.filter.outputs.srcs }} steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/on.scheduled.yml b/.github/workflows/on.scheduled.yml index 57ddeadee..4716d1d35 100644 --- a/.github/workflows/on.scheduled.yml +++ b/.github/workflows/on.scheduled.yml @@ -39,7 +39,7 @@ jobs: pull-requests: "write" steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -66,7 +66,7 @@ jobs: pull-requests: "write" steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -140,7 +140,7 @@ jobs: shell: bash steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout" diff --git a/.github/workflows/publish.maven.yml b/.github/workflows/publish.maven.yml index fb242cf34..fb45b903f 100644 --- a/.github/workflows/publish.maven.yml +++ b/.github/workflows/publish.maven.yml @@ -165,7 +165,7 @@ jobs: BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} steps: - name: "Setup: Harden Runner" - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: "Setup: Checkout"