diff --git a/.github/workflows/ci-actions.yaml b/.github/workflows/ci-actions.yaml index fdbf182..c575eaf 100644 --- a/.github/workflows/ci-actions.yaml +++ b/.github/workflows/ci-actions.yaml @@ -19,7 +19,7 @@ jobs: actions: read steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -37,7 +37,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3 + uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/ci-chart.yaml b/.github/workflows/ci-chart.yaml index 33ffbd4..314366d 100644 --- a/.github/workflows/ci-chart.yaml +++ b/.github/workflows/ci-chart.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit diff --git a/.github/workflows/ci-code.yaml b/.github/workflows/ci-code.yaml index 4d7ea06..ceaeb8c 100644 --- a/.github/workflows/ci-code.yaml +++ b/.github/workflows/ci-code.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -90,7 +90,7 @@ jobs: name: 'Full build linux-${{ matrix.arch }}' steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -120,7 +120,7 @@ jobs: name: 'Full test linux-${{ matrix.arch }}' steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -149,7 +149,7 @@ jobs: name: 'Full clippy linux-${{ matrix.arch }}' steps: - name: harden runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 298fe15..6cfc453 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,7 +25,7 @@ jobs: id-token: write # Needed for cosign to use github OIDC token steps: - name: 'Harden runner' - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit @@ -105,7 +105,7 @@ jobs: packages: write steps: - name: 'Harden runner' - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit