chore(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0

dependabot[bot] · web-flow · commit 6eb89260d589 · 2026-04-17T05:11:26.000Z
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.18.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@f808768...6c3c2f2) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: 'ubuntu-latest'
     steps:
       - name: 'Harden Runner'
-        uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0
+        uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0
         with:
           egress-policy: 'audit'
 
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: 'Harden Runner'
-        uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0
+        uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0
         with:
           egress-policy: 'audit'
 
