From 3b4fc22a702e39efefb37716b1124962bf797def Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 07:25:32 +0000 Subject: [PATCH] chore(deps): bump the all group with 3 updates Bumps the all group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `step-security/harden-runner` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450) Updates `github/codeql-action` from 4.35.2 to 4.35.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...e46ed2cbd01164d986452f91f178727624ae40d7) Updates `chainguard-dev/actions` from 1.6.17 to 1.6.18 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Commits](https://github.com/chainguard-dev/actions/compare/916fec00fb80f3cd124a0b41eef79ee63f607c5d...4a81273c8653122cf4e48cc248f9073b660c5e6d) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: chainguard-dev/actions dependency-version: 1.6.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/codeql.yaml | 12 ++++++------ .github/workflows/digestabot.yaml | 4 ++-- .github/workflows/fuzz.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/style.yaml | 12 ++++++------ .github/workflows/third-party.yaml | 2 +- .github/workflows/update-yara-x.yaml | 6 +++--- .github/workflows/version.yaml | 4 ++-- .github/workflows/zizmor.yaml | 2 +- 11 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 4185ebd2f..053bc9f87 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 7bb7492d2..dec69fb0a 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -26,7 +26,7 @@ jobs: packages: read security-events: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -97,7 +97,7 @@ jobs: check-latest: true cache: true - name: Initialize CodeQL - uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: go build-mode: manual @@ -108,7 +108,7 @@ jobs: PKG_CONFIG_PATH: ${{ github.workspace }}/yara-x-install LD_LIBRARY_PATH: ${{ github.workspace }}/yara-x-install - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: category: "/language:go" analyze-actions: @@ -120,7 +120,7 @@ jobs: packages: read security-events: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -141,11 +141,11 @@ jobs: with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: actions build-mode: none - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: category: "/language:actions" diff --git a/.github/workflows/digestabot.yaml b/.github/workflows/digestabot.yaml index 4cc6fc83d..5a3fb1401 100644 --- a/.github/workflows/digestabot.yaml +++ b/.github/workflows/digestabot.yaml @@ -21,7 +21,7 @@ jobs: id-token: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -36,7 +36,7 @@ jobs: release-assets.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 - - uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d + - uses: chainguard-dev/actions/setup-gitsign@4a81273c8653122cf4e48cc248f9073b660c5e6d - uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/fuzz.yaml b/.github/workflows/fuzz.yaml index ae83bc572..ab73e3214 100644 --- a/.github/workflows/fuzz.yaml +++ b/.github/workflows/fuzz.yaml @@ -45,7 +45,7 @@ jobs: targets: ${{ steps.find.outputs.targets }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 426bbdcd5..595a61409 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,7 +19,7 @@ jobs: id-token: write contents: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -29,7 +29,7 @@ jobs: github.com:443 octo-sts.dev:443 release-assets.githubusercontent.com:443 - - uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d + - uses: chainguard-dev/actions/setup-gitsign@4a81273c8653122cf4e48cc248f9073b660c5e6d - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 261587556..db92a3ab0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -90,6 +90,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: sarif_file: results.sarif diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index bfa35257e..f58b699ae 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -25,7 +25,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -62,7 +62,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -98,7 +98,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -125,7 +125,7 @@ jobs: go-version-file: go.mod check-latest: true - - uses: chainguard-dev/actions/gofmt@916fec00fb80f3cd124a0b41eef79ee63f607c5d # main + - uses: chainguard-dev/actions/gofmt@4a81273c8653122cf4e48cc248f9073b660c5e6d # main with: args: -s @@ -136,7 +136,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -163,7 +163,7 @@ jobs: go-version-file: go.mod check-latest: true - - uses: chainguard-dev/actions/goimports@916fec00fb80f3cd124a0b41eef79ee63f607c5d # main + - uses: chainguard-dev/actions/goimports@4a81273c8653122cf4e48cc248f9073b660c5e6d # main golangci-lint: name: golangci-lint diff --git a/.github/workflows/third-party.yaml b/.github/workflows/third-party.yaml index 3c1556075..fed88fad5 100644 --- a/.github/workflows/third-party.yaml +++ b/.github/workflows/third-party.yaml @@ -41,7 +41,7 @@ jobs: run: | apk update apk add bash curl findutils gh git gnutar ${{ env.GO_RELEASE }} nodejs perl upx xz yara-x~${{ env.YARA_X_RELEASE }} - - uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d + - uses: chainguard-dev/actions/setup-gitsign@4a81273c8653122cf4e48cc248f9073b660c5e6d - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/update-yara-x.yaml b/.github/workflows/update-yara-x.yaml index 7680437c1..f6c88092c 100644 --- a/.github/workflows/update-yara-x.yaml +++ b/.github/workflows/update-yara-x.yaml @@ -21,7 +21,7 @@ jobs: new_version: ${{ steps.check.outputs.new_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -91,7 +91,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -111,7 +111,7 @@ jobs: sum.golang.org:443 tuf-repo-cdn.sigstore.dev:443 - - uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d + - uses: chainguard-dev/actions/setup-gitsign@4a81273c8653122cf4e48cc248f9073b660c5e6d - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/version.yaml b/.github/workflows/version.yaml index 6e1f3ba08..ceb0ab9d1 100644 --- a/.github/workflows/version.yaml +++ b/.github/workflows/version.yaml @@ -26,7 +26,7 @@ jobs: id-token: write pull-requests: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > @@ -39,7 +39,7 @@ jobs: rekor.sigstore.dev:443 release-assets.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 - - uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d + - uses: chainguard-dev/actions/setup-gitsign@4a81273c8653122cf4e48cc248f9073b660c5e6d - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 49fe93e4d..876f948e3 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: >