From 44d7ac5238b27c6128f0bf9b5ea5b83d6044570c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 21:34:04 +0000 Subject: [PATCH] build(deps): bump the actions group across 1 directory with 2 updates Bumps the actions group with 2 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `step-security/harden-runner` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450) Updates `chainguard-dev/actions` from 1.6.15 to 1.6.19 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Commits](https://github.com/chainguard-dev/actions/compare/061bc0e921116bde1470f51fb5c86d5318f16558...c69a264ec2a5934c3186c618f368fc1c86f16cff) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.6.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: step-security/harden-runner dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/build-scanner-audit.yaml | 2 +- .github/workflows/regen-answers.yaml | 4 ++-- .github/workflows/zizmor.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 4185ebd..053bc9f 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/build-scanner-audit.yaml b/.github/workflows/build-scanner-audit.yaml index 1491a5b..fdb57cb 100644 --- a/.github/workflows/build-scanner-audit.yaml +++ b/.github/workflows/build-scanner-audit.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit diff --git a/.github/workflows/regen-answers.yaml b/.github/workflows/regen-answers.yaml index 3b77bef..ce7a135 100644 --- a/.github/workflows/regen-answers.yaml +++ b/.github/workflows/regen-answers.yaml @@ -18,7 +18,7 @@ jobs: id-token: write # To gitsign and federate steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -55,7 +55,7 @@ jobs: echo "create_pr_update=true" >> $GITHUB_OUTPUT # Configure signed commits - - uses: chainguard-dev/actions/setup-gitsign@061bc0e921116bde1470f51fb5c86d5318f16558 # v1.6.15 + - uses: chainguard-dev/actions/setup-gitsign@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19 if: ${{ steps.check-diff.outputs.create_pr_update == 'true' }} # Based on usage in https://github.com/chainguard-dev/digestabot/blob/main/action.yml diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 49fe93e..876f948 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block allowed-endpoints: >