From eb512e40dbddf017c093d4818a30f3229551d893 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Feb 2024 15:30:15 +1300 Subject: [PATCH] chore(deps): update step-security/harden-runner action to v2.7.0 (#125) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | minor | `v2.6.1` -> `v2.7.0` | --- ### Release Notes
step-security/harden-runner (step-security/harden-runner) ### [`v2.7.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.1...v2.7.0) ##### What's Changed Release 2.7.0 by [@​varunsh-coder](https://togithub.com/varunsh-coder) and [@​h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/376](https://togithub.com/step-security/harden-runner/pull/376) This release: 1. Updates the node runtime to node20 2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.7.0
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Tuhura-Tech/Wiki). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint-pr.yml | 2 +- .github/workflows/scoreboard-security.yml | 2 +- .github/workflows/trufflehog.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml index ccfcec13..a7b32577 100644 --- a/.github/workflows/lint-pr.yml +++ b/.github/workflows/lint-pr.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/scoreboard-security.yml b/.github/workflows/scoreboard-security.yml index 11d4d8dd..95dfd424 100644 --- a/.github/workflows/scoreboard-security.yml +++ b/.github/workflows/scoreboard-security.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index a0ce4658..0ebc2da8 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true egress-policy: audit