From a7853eb7b674a4c3aabd053188b0376137c443e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 21:41:33 -1000 Subject: [PATCH] chore(deps): bump step-security/harden-runner from 2.18.0 to 2.19.0 (#27471) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/bump-major-version.yaml | 2 +- .github/workflows/cherry-pick-single.yml | 2 +- .github/workflows/cherry-pick.yml | 2 +- .github/workflows/ci-build.yaml | 22 +++++++++++----------- .github/workflows/codeql.yml | 2 +- .github/workflows/image-reuse.yaml | 2 +- .github/workflows/image.yaml | 2 +- .github/workflows/init-release.yaml | 2 +- .github/workflows/pr-title-check.yml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/renovate.yaml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/stale.yaml | 2 +- .github/workflows/update-snyk.yaml | 2 +- 14 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/bump-major-version.yaml b/.github/workflows/bump-major-version.yaml index 8e5a2e5ce2..31bac8f1fd 100644 --- a/.github/workflows/bump-major-version.yaml +++ b/.github/workflows/bump-major-version.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/cherry-pick-single.yml b/.github/workflows/cherry-pick-single.yml index 1b33afda5f..57625cbb45 100644 --- a/.github/workflows/cherry-pick-single.yml +++ b/.github/workflows/cherry-pick-single.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 8d481c93b2..3a14642999 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index a3c75a5b13..7f2a5dff27 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -35,7 +35,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -63,7 +63,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -88,7 +88,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -124,7 +124,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -153,7 +153,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Create checkout directory @@ -226,7 +226,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Create checkout directory @@ -295,7 +295,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -357,7 +357,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -415,7 +415,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -496,7 +496,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Free Disk Space (Ubuntu) @@ -632,7 +632,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0ec6fa7ac2..9aad1ba82f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index d35039e640..fd03f1b317 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -61,7 +61,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 21bb310190..e86dd1ec1d 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -37,7 +37,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 79b2e112f2..3a51a16dc3 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -34,7 +34,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 627add5832..e44d81dcf5 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 44589929c4..d4f37caf8f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,7 +51,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d88bedc8be..7d23c23221 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden the runner (Block unknown outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block disable-sudo-and-containers: "false" # renovatebot runs in `docker run` diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 2aef36e678..41b3baa45c 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index f783664f1d..ca203ad321 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden the runner (Block unknown outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block disable-sudo-and-containers: "true" diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml index 0dd8902870..0db6923bcb 100644 --- a/.github/workflows/update-snyk.yaml +++ b/.github/workflows/update-snyk.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) if: ${{ vars.disable_harden_runner != 'true' }} - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit agent-enabled: "false"