diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index eb1ca0ce8..c7b088412 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/contracts-testing.yml b/.github/workflows/contracts-testing.yml index 0bde272b7..7298a9fbc 100644 --- a/.github/workflows/contracts-testing.yml +++ b/.github/workflows/contracts-testing.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d90d99aea..30d37706f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/deploy-bots.yml b/.github/workflows/deploy-bots.yml index 4794efaad..fe6b2b7d5 100644 --- a/.github/workflows/deploy-bots.yml +++ b/.github/workflows/deploy-bots.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/deploy-subgraph.yml b/.github/workflows/deploy-subgraph.yml index ea0963dcc..e72d1e9fb 100644 --- a/.github/workflows/deploy-subgraph.yml +++ b/.github/workflows/deploy-subgraph.yml @@ -35,7 +35,7 @@ jobs: environment: ${{ inputs.graph_environment }} steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fcb8916f4..260f277fd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/sentry-release.yml b/.github/workflows/sentry-release.yml index 3f6ae2d50..96ff110e0 100644 --- a/.github/workflows/sentry-release.yml +++ b/.github/workflows/sentry-release.yml @@ -17,7 +17,7 @@ jobs: version: ${{ steps.set-version.outputs.version }} steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index bea307bb3..b702f95e4 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.3 with: egress-policy: audit