diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 41ec05e34..b7630c7d7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 70f08cee3..7ea018b5b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-aarch64.yml b/.github/workflows/lf-build-linux-aarch64.yml index 8f090b49f..ce6e22dd6 100644 --- a/.github/workflows/lf-build-linux-aarch64.yml +++ b/.github/workflows/lf-build-linux-aarch64.yml @@ -34,7 +34,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-x86_64.yml b/.github/workflows/lf-build-linux-x86_64.yml index 0a1fd4d1a..705bccb02 100644 --- a/.github/workflows/lf-build-linux-x86_64.yml +++ b/.github/workflows/lf-build-linux-x86_64.yml @@ -34,7 +34,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-windows-x86_64.yml b/.github/workflows/lf-build-windows-x86_64.yml index f2f99f5f8..9e51f4281 100644 --- a/.github/workflows/lf-build-windows-x86_64.yml +++ b/.github/workflows/lf-build-windows-x86_64.yml @@ -30,7 +30,7 @@ jobs: - 'windows-2025' # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 415d494ef..44559d202 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit