From f2e9557523007e4d5997d020e1853124b2b63b7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 14:54:48 +0000 Subject: [PATCH] build(deps): bump the actions group with 4 updates Bumps the actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [step-security/action-actionlint](https://github.com/step-security/action-actionlint), [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request). Updates `step-security/harden-runner` from 2.16.0 to 2.17.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.16.0...f808768d1510423e83855289c910610ca9b43176) Updates `step-security/action-actionlint` from 1.69.1 to 1.72.0 - [Release notes](https://github.com/step-security/action-actionlint/releases) - [Commits](https://github.com/step-security/action-actionlint/compare/d364e70a116a460ed220d67b1ca2f2579c48a40a...c3aa382d371c6b05513ae5907d4f77713e21813c) Updates `chainguard-dev/actions` from 1.6.13 to 1.6.14 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Commits](https://github.com/chainguard-dev/actions/compare/f45211d3e8f9d2676c6b8cdd6a765435e06c819d...de68b87302e6266db5fb5220246f8aa46fe94b67) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: step-security/action-actionlint dependency-version: 1.72.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: chainguard-dev/actions dependency-version: 1.6.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yaml | 4 ++-- .github/workflows/build-scanner-audit.yaml | 2 +- .github/workflows/regen-answers.yaml | 6 +++--- .github/workflows/zizmor.yaml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index c6e8c85..aef48cc 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: > @@ -48,7 +48,7 @@ jobs: echo "files=${yamls[*]}" >> "${GITHUB_OUTPUT}" - name: Action lint - uses: step-security/action-actionlint@d364e70a116a460ed220d67b1ca2f2579c48a40a # v1.69.1 + uses: step-security/action-actionlint@c3aa382d371c6b05513ae5907d4f77713e21813c # v1.72.0 env: SHELLCHECK_OPTS: "--exclude=SC2129" with: diff --git a/.github/workflows/build-scanner-audit.yaml b/.github/workflows/build-scanner-audit.yaml index 0686970..7bf8aa0 100644 --- a/.github/workflows/build-scanner-audit.yaml +++ b/.github/workflows/build-scanner-audit.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/regen-answers.yaml b/.github/workflows/regen-answers.yaml index b0e75f8..a5ce1f7 100644 --- a/.github/workflows/regen-answers.yaml +++ b/.github/workflows/regen-answers.yaml @@ -18,7 +18,7 @@ jobs: id-token: write # To gitsign and federate steps: - - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit @@ -55,12 +55,12 @@ jobs: echo "create_pr_update=true" >> $GITHUB_OUTPUT # Configure signed commits - - uses: chainguard-dev/actions/setup-gitsign@f45211d3e8f9d2676c6b8cdd6a765435e06c819d # v1.6.13 + - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 if: ${{ steps.check-diff.outputs.create_pr_update == 'true' }} # Based on usage in https://github.com/chainguard-dev/digestabot/blob/main/action.yml - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 if: ${{ steps.check-diff.outputs.create_pr_update == 'true' }} id: pull_request with: diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 31a349a..f876d19 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: >