chore(deps): update step-security/harden-runner action to v2.14.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
step-security/harden-runner	action	minor	v2.13.1 -> v2.14.0

---

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.14.0

Compare Source

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

Compare Source

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

Compare Source

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Thu Nov 06 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Test Results

  5 files    5 suites   1m 2s ⏱️
 71 tests  71 ✅ 0 💤 0 ❌
355 runs  355 ✅ 0 💤 0 ❌

Results for commit 5f6f6df.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.00%. Comparing base (eee0e3a) to head (5f6f6df).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #116   +/-   ##
=======================================
  Coverage   85.00%   85.00%           
=======================================
  Files           5        5           
  Lines         240      240           
  Branches       53       53           
=======================================
  Hits          204      204           
  Misses          1        1           
  Partials       35       35           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud