diff --git a/.github/workflows/issue-cleanup.yml b/.github/workflows/issue-cleanup.yml index 5e8d678e..871de4e2 100644 --- a/.github/workflows/issue-cleanup.yml +++ b/.github/workflows/issue-cleanup.yml @@ -14,7 +14,7 @@ jobs: issues: write pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/issue-creation-tool-versions.yml b/.github/workflows/issue-creation-tool-versions.yml index 75f4ba24..6739bf8f 100644 --- a/.github/workflows/issue-creation-tool-versions.yml +++ b/.github/workflows/issue-creation-tool-versions.yml @@ -15,7 +15,7 @@ jobs: permissions: issues: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 1b8a3ba9..b3e52ee2 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -25,7 +25,7 @@ jobs: pull-requests: write security-events: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit @@ -41,7 +41,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 if: success() || failure() with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 76628c04..6182ec43 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -18,7 +18,7 @@ jobs: security-events: write id-token: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit @@ -31,6 +31,6 @@ jobs: results_format: sarif repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 with: sarif_file: results.sarif diff --git a/.github/workflows/pr-conventional-title.yml b/.github/workflows/pr-conventional-title.yml index e5c70603..04588eee 100644 --- a/.github/workflows/pr-conventional-title.yml +++ b/.github/workflows/pr-conventional-title.yml @@ -16,7 +16,7 @@ jobs: permissions: pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: block diff --git a/.github/workflows/pr-image-cleanup.yml b/.github/workflows/pr-image-cleanup.yml index 9d00f525..bde1c229 100644 --- a/.github/workflows/pr-image-cleanup.yml +++ b/.github/workflows/pr-image-cleanup.yml @@ -19,7 +19,7 @@ jobs: permissions: packages: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit @@ -40,7 +40,7 @@ jobs: # actions: write permission is required to delete the cache actions: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/pr-report.yml b/.github/workflows/pr-report.yml index 9142cd3a..608ce5a3 100644 --- a/.github/workflows/pr-report.yml +++ b/.github/workflows/pr-report.yml @@ -17,7 +17,7 @@ jobs: actions: read runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index b767ba19..c6260aaf 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -38,7 +38,7 @@ jobs: permissions: contents: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit @@ -69,7 +69,7 @@ jobs: REF_NAME: ${{ github.ref_name }} REGISTRY: ghcr.io steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 191dae04..358a2646 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -16,7 +16,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index e5d8cf22..03333860 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -14,7 +14,7 @@ jobs: permissions: pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit diff --git a/.github/workflows/social-interaction.yml b/.github/workflows/social-interaction.yml index 1b05ca49..dd034fba 100644 --- a/.github/workflows/social-interaction.yml +++ b/.github/workflows/social-interaction.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write if: github.actor != 'dependabot[bot]' steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: block diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index d19b11a5..fd38753f 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -21,7 +21,7 @@ jobs: contents: write pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -53,7 +53,7 @@ jobs: contents: write pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 0af3ae87..8ad7e7be 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -17,7 +17,7 @@ jobs: permissions: security-events: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - uses: crazy-max/ghaction-container-scan@4d8e0acba576e46016cbd65b9ecfc604e85e3990 # v3.2.0 @@ -25,7 +25,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}-${{ matrix.flavor }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 if: steps.scan.outputs.sarif != '' with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/wc-acceptance-test.yml b/.github/workflows/wc-acceptance-test.yml index 3006ea2f..214c1c1b 100644 --- a/.github/workflows/wc-acceptance-test.yml +++ b/.github/workflows/wc-acceptance-test.yml @@ -28,7 +28,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: # Playwright requires root privileges to install browsers egress-policy: audit diff --git a/.github/workflows/wc-build-push-test.yml b/.github/workflows/wc-build-push-test.yml index 9cc46e94..19ae94ca 100644 --- a/.github/workflows/wc-build-push-test.yml +++ b/.github/workflows/wc-build-push-test.yml @@ -46,7 +46,7 @@ jobs: needs: build-push if: github.event_name == 'pull_request' steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo-and-containers: true egress-policy: audit @@ -91,7 +91,7 @@ jobs: needs: [acceptance-test, integration-test] if: always() steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/wc-build-push.yml b/.github/workflows/wc-build-push.yml index dc8c72c3..6ceff85c 100644 --- a/.github/workflows/wc-build-push.yml +++ b/.github/workflows/wc-build-push.yml @@ -28,7 +28,7 @@ jobs: permissions: packages: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit @@ -98,7 +98,7 @@ jobs: packages: write pull-requests: write steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/wc-integration-test.yml b/.github/workflows/wc-integration-test.yml index f9b06aab..c65c22d2 100644 --- a/.github/workflows/wc-integration-test.yml +++ b/.github/workflows/wc-integration-test.yml @@ -24,7 +24,7 @@ jobs: outputs: container: ${{ steps.set-container.outputs.container }} steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit @@ -42,7 +42,7 @@ jobs: runs-on: ${{ inputs.runner }} container: ${{ needs.determine-container.outputs.container }} steps: - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit