Merge branch 'main' into main

Author: steve-downey

.github/workflows/ci.yml

@@ -36,7 +36,7 @@ jobs:
           - {name: "Ubuntu GCC 12", tag: "gcc:12", toolchain: "gcc-12", cmake_args: "-G \"Ninja Multi-Config\" -DCMAKE_CONFIGURATION_TYPES=\"RelWithDebInfo;Asan\" -DCMAKE_PREFIX_PATH=\"./infra/cmake\" "}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -128,7 +128,7 @@ jobs:
     steps:
       # See https://github.com/cli/cli/issues/5075
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/ci_tests.yml

@@ -16,10 +16,10 @@ on:
 
 jobs:
   beman-submodule-check:
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-submodule-check.yml@82c1c6c07039084f047e56ef806612b9e2fa45cf # 1.5.0
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-submodule-check.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # 1.5.3
 
   preset-test:
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-preset-test.yml@4dff6993ff88c5f946e371f5cdbeca8340fdb49d # 1.5.1
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-preset-test.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # 1.5.3
     with:
       matrix_config: >
         [
@@ -34,7 +34,7 @@ jobs:
         ]
 
   build-and-test:
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-build-and-test.yml@4dff6993ff88c5f946e371f5cdbeca8340fdb49d # 1.5.1
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-build-and-test.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # 1.5.3
     with:
       matrix_config: >
         {
@@ -147,4 +147,4 @@ jobs:
     permissions:
       contents: read
       issues: write
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-create-issue-when-fault.yml@4dff6993ff88c5f946e371f5cdbeca8340fdb49d # 1.5.1
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-create-issue-when-fault.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # 1.5.3

.github/workflows/codeql.yml

@@ -59,7 +59,7 @@ jobs:
             # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/doxygen-gh-pages.yml

@@ -16,7 +16,7 @@ jobs:
       contents: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/ossf-scorecard-analysis.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 

.github/workflows/pre-commit-check.yml

@@ -15,4 +15,4 @@ jobs:
       checks: write
       issues: write
       pull-requests: write
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-pre-commit.yml@4dff6993ff88c5f946e371f5cdbeca8340fdb49d # ratchet:bemanproject/infra-workflows/.github/workflows/reusable-beman-pre-commit.yml@1.5.1
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-pre-commit.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # ratchet:bemanproject/infra-workflows/.github/workflows/reusable-beman-pre-commit.yml@1.5.3

.github/workflows/pre-commit-update.yml

@@ -15,7 +15,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-update-pre-commit.yml@4dff6993ff88c5f946e371f5cdbeca8340fdb49d # 1.5.1
+    uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-update-pre-commit.yml@503ac65da3fd803044bc82b2fe748b2fc6f503cd # 1.5.3
     secrets:
       APP_ID: ${{ secrets.AUTO_PR_BOT_APP_ID }}
       PRIVATE_KEY: ${{ secrets.AUTO_PR_BOT_PRIVATE_KEY }}

.github/workflows/pre-commit.yml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit
 
@@ -50,7 +50,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
         with:
           egress-policy: audit