diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index a00c2f8..171f842 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/build-scanner-audit.yaml b/.github/workflows/build-scanner-audit.yaml index 1151baa..b48e9bf 100644 --- a/.github/workflows/build-scanner-audit.yaml +++ b/.github/workflows/build-scanner-audit.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit diff --git a/.github/workflows/regen-answers.yaml b/.github/workflows/regen-answers.yaml index b2df711..dca5220 100644 --- a/.github/workflows/regen-answers.yaml +++ b/.github/workflows/regen-answers.yaml @@ -18,7 +18,7 @@ jobs: id-token: write # To gitsign and federate steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 595102f..d7cb060 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: >