Skip to content

Bump step-security/harden-runner from 2.18.0 to 2.19.0#2458

Merged
brondani merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.0
Apr 29, 2026
Merged

Bump step-security/harden-runner from 2.18.0 to 2.19.0#2458
brondani merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown
Contributor

Bumps step-security/harden-runner from 2.18.0 to 2.19.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

  • Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.
  • System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@6c3c2f2...8d3c67d)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 26, 2026
@github-actions

github-actions Bot commented Apr 26, 2026

Copy link
Copy Markdown

Test Results

  7 files   -    51   53 suites   - 123   5m 33s ⏱️ - 17m 51s
185 tests  -   725  168 ✅  -   725  17 💤 ±0  0 ❌ ±0 
692 runs   - 2 175  624 ✅  - 2 175  68 💤 ±0  0 ❌ ±0 

Results for commit 7a41293. ± Comparison against base commit 79b66b5.

This pull request removes 725 tests.
CodeGenerator ‑ Check
CrossPlatformUnitTests ‑ CanExecute
CrossPlatformUnitTests ‑ ExecCommand
CrossPlatformUnitTests ‑ GetEnv_Empty
CrossPlatformUnitTests ‑ GetEnv_Existing
CrossPlatformUnitTests ‑ GetEnv_NoExising
CrossPlatformUnitTests ‑ GetExecutablePath
CrossPlatformUnitTests ‑ GetLongPathRegStatus
CrossPlatformUnitTests ‑ GetPackRootDir_Default
CrossPlatformUnitTests ‑ GetPackRootDir_NoEnvSet
…

♻️ This comment has been updated with latest results.

@brondani brondani merged commit cc8a847 into main Apr 29, 2026
109 checks passed
@brondani brondani deleted the dependabot/github_actions/step-security/harden-runner-2.19.0 branch April 29, 2026 06:57
@codecov

codecov Bot commented Apr 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.93%. Comparing base (79b66b5) to head (7a41293).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2458      +/-   ##
==========================================
- Coverage   64.93%   64.93%   -0.01%     
==========================================
  Files         145      145              
  Lines       26209    26209              
  Branches    15828    15828              
==========================================
- Hits        17020    17019       -1     
- Misses       7042     7045       +3     
+ Partials     2147     2145       -2     
Flag Coverage Δ
buildmgr-cov 79.87% <ø> (ø)
packchk-cov 69.75% <ø> (ø)
packgen-cov 82.02% <ø> (ø)
projmgr-cov 88.21% <ø> (-0.02%) ⬇️
svdconv-cov 40.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant