diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0f97ba509..ecab76389 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f172bf149..93101e796 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-aarch64.yml b/.github/workflows/lf-build-linux-aarch64.yml index 2da61a875..741efd241 100644 --- a/.github/workflows/lf-build-linux-aarch64.yml +++ b/.github/workflows/lf-build-linux-aarch64.yml @@ -29,7 +29,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -56,7 +56,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-x86_64.yml b/.github/workflows/lf-build-linux-x86_64.yml index d672f33ee..585d9bee4 100644 --- a/.github/workflows/lf-build-linux-x86_64.yml +++ b/.github/workflows/lf-build-linux-x86_64.yml @@ -29,7 +29,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -56,7 +56,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/lf-build-windows-x86_64.yml b/.github/workflows/lf-build-windows-x86_64.yml index 10b62f822..d5c83a094 100644 --- a/.github/workflows/lf-build-windows-x86_64.yml +++ b/.github/workflows/lf-build-windows-x86_64.yml @@ -29,7 +29,7 @@ jobs: - 'windows-2025' # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cbf08ea29..106e961b2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit