From e71c93bbff07f0012a4b7474e31641cc23e45ec2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Apr 2026 06:44:42 +0000 Subject: [PATCH] chore(deps): bump step-security/harden-runner in the all group Bumps the all group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner). Updates `step-security/harden-runner` from 2.18.0 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/6c3c2f2c1c457b00c10c4848d6f5491db3b629df...8d3c67de8e2fe68ef647c8db1e6a09f647780f40) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/digestabot.yaml | 2 +- .github/workflows/fuzz.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/style.yaml | 8 ++++---- .github/workflows/update-yara-x.yaml | 4 ++-- .github/workflows/version.yaml | 2 +- .github/workflows/zizmor.yaml | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 2713b86a6..4185ebd2f 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index ab0043b01..7bb7492d2 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -26,7 +26,7 @@ jobs: packages: read security-events: write steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -120,7 +120,7 @@ jobs: packages: read security-events: write steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/digestabot.yaml b/.github/workflows/digestabot.yaml index 97aaac746..ef669d734 100644 --- a/.github/workflows/digestabot.yaml +++ b/.github/workflows/digestabot.yaml @@ -21,7 +21,7 @@ jobs: id-token: write steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/fuzz.yaml b/.github/workflows/fuzz.yaml index 4720acd8d..ae83bc572 100644 --- a/.github/workflows/fuzz.yaml +++ b/.github/workflows/fuzz.yaml @@ -45,7 +45,7 @@ jobs: targets: ${{ steps.find.outputs.targets }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 98bb1edbf..d6b339076 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,7 +19,7 @@ jobs: id-token: write contents: write steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9ed983395..261587556 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index b8f94ae52..8a5d9ca1c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -25,7 +25,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -62,7 +62,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -98,7 +98,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -136,7 +136,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/update-yara-x.yaml b/.github/workflows/update-yara-x.yaml index c36c65d92..ac08d2fd2 100644 --- a/.github/workflows/update-yara-x.yaml +++ b/.github/workflows/update-yara-x.yaml @@ -21,7 +21,7 @@ jobs: new_version: ${{ steps.check.outputs.new_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -91,7 +91,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/version.yaml b/.github/workflows/version.yaml index 8590e5e97..645a956ff 100644 --- a/.github/workflows/version.yaml +++ b/.github/workflows/version.yaml @@ -26,7 +26,7 @@ jobs: id-token: write pull-requests: write steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index b6658d131..49fe93e4d 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: >