From e33ae6e967e291e111d7bc9f345ad2d984f0a171 Mon Sep 17 00:00:00 2001
From: "renovate-gsuquet[bot]"
<173481049+renovate-gsuquet[bot]@users.noreply.github.com>
Date: Sat, 27 Jul 2024 18:23:32 +0200
Subject: [PATCH] fix(deps): update step-security/harden-runner action to
v2.9.0 (#116)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |
---
### Release Notes
step-security/harden-runner
(step-security/harden-runner)
###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)
[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)
##### What's Changed
Release v2.9.0 by [@h0x0er](https://togithub.com/h0x0er) and
[@varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:
- Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
- Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
- README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
- Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action
**Full Changelog**:
https://github.com/step-security/harden-runner/compare/v2...v2.9.0
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).
Signed-off-by: Renovate Bot
Co-authored-by: renovate-gsuquet[bot] <173481049+renovate-gsuquet[bot]@users.noreply.github.com>
---
.github/workflows/automation-labeler.yml | 2 +-
.github/workflows/deployment-python-pypi.yml | 2 +-
.github/workflows/deployment-s3.yml | 2 +-
.github/workflows/integration-commit-validator.yml | 4 ++--
.github/workflows/integration-linter-pre-commit.yml | 2 +-
.github/workflows/integration-modification-script.yml | 2 +-
.github/workflows/integration-python.yml | 4 ++--
.github/workflows/security-codacy.yml | 2 +-
.github/workflows/security-codeql.yml | 2 +-
.github/workflows/security-dependencies.yml | 2 +-
.github/workflows/security-ossf-scorecard.yml | 2 +-
11 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/.github/workflows/automation-labeler.yml b/.github/workflows/automation-labeler.yml
index 0673b80..a2bf7c1 100644
--- a/.github/workflows/automation-labeler.yml
+++ b/.github/workflows/automation-labeler.yml
@@ -32,7 +32,7 @@ jobs:
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true
diff --git a/.github/workflows/deployment-python-pypi.yml b/.github/workflows/deployment-python-pypi.yml
index 1a918de..362c915 100644
--- a/.github/workflows/deployment-python-pypi.yml
+++ b/.github/workflows/deployment-python-pypi.yml
@@ -47,7 +47,7 @@ jobs:
url: ${{ inputs.environment_url }}
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner == true }}
with:
egress-policy: audit
diff --git a/.github/workflows/deployment-s3.yml b/.github/workflows/deployment-s3.yml
index d721a8a..e17bac2 100644
--- a/.github/workflows/deployment-s3.yml
+++ b/.github/workflows/deployment-s3.yml
@@ -41,7 +41,7 @@ jobs:
contents: read
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
egress-policy: audit
diff --git a/.github/workflows/integration-commit-validator.yml b/.github/workflows/integration-commit-validator.yml
index e4a3125..45ae0a4 100644
--- a/.github/workflows/integration-commit-validator.yml
+++ b/.github/workflows/integration-commit-validator.yml
@@ -51,7 +51,7 @@ jobs:
regex: ${{ steps.set_regex.outputs.regex }}
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true
@@ -100,7 +100,7 @@ jobs:
contents: read
needs: setup
steps:
- - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true
diff --git a/.github/workflows/integration-linter-pre-commit.yml b/.github/workflows/integration-linter-pre-commit.yml
index ef9f094..846410f 100644
--- a/.github/workflows/integration-linter-pre-commit.yml
+++ b/.github/workflows/integration-linter-pre-commit.yml
@@ -34,7 +34,7 @@ jobs:
contents: read
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
egress-policy: audit
diff --git a/.github/workflows/integration-modification-script.yml b/.github/workflows/integration-modification-script.yml
index 6070aa8..0031382 100644
--- a/.github/workflows/integration-modification-script.yml
+++ b/.github/workflows/integration-modification-script.yml
@@ -51,7 +51,7 @@ jobs:
BRANCH: ${{ inputs.ref || github.head_ref }}
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true
diff --git a/.github/workflows/integration-python.yml b/.github/workflows/integration-python.yml
index fea62e2..8631f5a 100644
--- a/.github/workflows/integration-python.yml
+++ b/.github/workflows/integration-python.yml
@@ -68,7 +68,7 @@ jobs:
matrix:
python-version: ${{ fromJSON(needs.setup.outputs.python-versions) }}
steps:
- - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner == true }}
with:
egress-policy: audit
@@ -101,7 +101,7 @@ jobs:
python-version: ${{ fromJSON(needs.setup.outputs.python-versions) }}
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner == true }}
with:
egress-policy: audit
diff --git a/.github/workflows/security-codacy.yml b/.github/workflows/security-codacy.yml
index 9bac533..f8d7843 100644
--- a/.github/workflows/security-codacy.yml
+++ b/.github/workflows/security-codacy.yml
@@ -30,7 +30,7 @@ jobs:
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
egress-policy: audit
diff --git a/.github/workflows/security-codeql.yml b/.github/workflows/security-codeql.yml
index 177fb60..9c0b6c8 100644
--- a/.github/workflows/security-codeql.yml
+++ b/.github/workflows/security-codeql.yml
@@ -40,7 +40,7 @@ jobs:
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
egress-policy: audit
diff --git a/.github/workflows/security-dependencies.yml b/.github/workflows/security-dependencies.yml
index 9f1f09a..e28102d 100644
--- a/.github/workflows/security-dependencies.yml
+++ b/.github/workflows/security-dependencies.yml
@@ -38,7 +38,7 @@ jobs:
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true
diff --git a/.github/workflows/security-ossf-scorecard.yml b/.github/workflows/security-ossf-scorecard.yml
index f2b804f..4e7a56e 100644
--- a/.github/workflows/security-ossf-scorecard.yml
+++ b/.github/workflows/security-ossf-scorecard.yml
@@ -41,7 +41,7 @@ jobs:
steps:
- name: Harden the runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
if: ${{ inputs.harden_runner != false }}
with:
disable-sudo: true