Chore(deps): Bump step-security/harden-runner from 2.14.0 to 2.14.1

dependabot[bot] · lfit.gh2gerrit · commit 4ff231769360 · 2026-01-26T13:33:41.000Z
Bumps step-security/harden-runner from 2.14.0 to 2.14.1. ## Release notes Sourced from step-security/harden-runner's releases. v2.14.1 What's Changed In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers. Fixed npm audit vulnerabilities Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1 ## Commits e3f713f Merge pull request #631 from step-security/rc-31 423acdd chore: fix npm audit vulnerabilities 0ddb86c update agent See full diff in compare view ![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Signed-off-by: dependabot[bot] <support@github.com> Change-Id: Iba17c93fb640461dc4536df2441ab6a7325ce182 GitHub-PR: #38 GitHub-Hash: b9e92421d849fe9b Signed-off-by: lfit.gh2gerrit <releng+lfit-gh2gerrit@linuxfoundation.org>
diff --git a/.github/workflows/github2gerrit.yaml b/.github/workflows/github2gerrit.yaml
@@ -40,7 +40,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76  # v2.14.0
+      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9  # v2.14.1
         name: 'Harden runner'
         with:
           egress-policy: audit
