From 3728fd1f9303f39cf4d9d4622204840210a64136 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 20:33:41 +0000 Subject: [PATCH] Bump step-security/harden-runner from 2.5.1 to 2.6.0 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8ca2b8b2ece13480cda6dacd3511b49857a23c09...1b05615854632b887b69ae1be8cbefe72d3ae423) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-deploy.yml | 4 ++-- .github/workflows/cleanup-pr-assets.yml | 2 +- .github/workflows/lint-css-js-md.yml | 2 +- .github/workflows/lint-i18n.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/npm-release.yml | 2 +- .github/workflows/plugin-release.yml | 12 ++++++------ .github/workflows/scorecards.yml | 2 +- .github/workflows/tests-e2e.yml | 4 ++-- .github/workflows/tests-karma-dashboard.yml | 2 +- .github/workflows/tests-karma-editor.yml | 2 +- .github/workflows/tests-unit-js.yml | 2 +- .github/workflows/tests-unit-php.yml | 2 +- .github/workflows/update-browserslist.yml | 2 +- .github/workflows/update-google-fonts.yml | 2 +- .github/workflows/update-product-schema.yml | 2 +- .github/workflows/update-templates.yml | 2 +- 17 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 9a44a868d412..56c79d7b4c81 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -83,7 +83,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: block @@ -129,7 +129,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/cleanup-pr-assets.yml b/.github/workflows/cleanup-pr-assets.yml index 62b984360a44..52e8eaa9fa4c 100644 --- a/.github/workflows/cleanup-pr-assets.yml +++ b/.github/workflows/cleanup-pr-assets.yml @@ -21,7 +21,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true disable-sudo: true diff --git a/.github/workflows/lint-css-js-md.yml b/.github/workflows/lint-css-js-md.yml index 700474b91fd6..c26301819379 100644 --- a/.github/workflows/lint-css-js-md.yml +++ b/.github/workflows/lint-css-js-md.yml @@ -61,7 +61,7 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/lint-i18n.yml b/.github/workflows/lint-i18n.yml index 8caac11c5b09..180b289ef146 100644 --- a/.github/workflows/lint-i18n.yml +++ b/.github/workflows/lint-i18n.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 82118b109d1f..53ff3b510abd 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 1bc34f9a342f..f0a95b9bd3ff 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -102,7 +102,7 @@ jobs: needs: [dry-run] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index 4fb18b73b940..cc9cc9379097 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -41,7 +41,7 @@ jobs: environment: Production steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -104,7 +104,7 @@ jobs: needs: [checks] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -245,7 +245,7 @@ jobs: release_name: ${{ steps.release_branch.outputs.release_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -408,7 +408,7 @@ jobs: needs: [build] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -444,7 +444,7 @@ jobs: if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }} steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -500,7 +500,7 @@ jobs: SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a22b47d2a477..a0ce2fe6a7b7 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index cf3458d0fe94..9f18c2f1a6c3 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -70,7 +70,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -159,7 +159,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/tests-karma-dashboard.yml b/.github/workflows/tests-karma-dashboard.yml index 87be8e33db51..edcafa52058d 100644 --- a/.github/workflows/tests-karma-dashboard.yml +++ b/.github/workflows/tests-karma-dashboard.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-karma-editor.yml b/.github/workflows/tests-karma-editor.yml index ab6d6581b190..fbda947a5d57 100644 --- a/.github/workflows/tests-karma-editor.yml +++ b/.github/workflows/tests-karma-editor.yml @@ -83,7 +83,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-unit-js.yml b/.github/workflows/tests-unit-js.yml index 647f98d55506..7252b1ee2a64 100644 --- a/.github/workflows/tests-unit-js.yml +++ b/.github/workflows/tests-unit-js.yml @@ -51,7 +51,7 @@ jobs: shard: ['1/2', '2/2'] steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/tests-unit-php.yml b/.github/workflows/tests-unit-php.yml index 6eb8f9664ea2..cc2f3a82d0f2 100644 --- a/.github/workflows/tests-unit-php.yml +++ b/.github/workflows/tests-unit-php.yml @@ -80,7 +80,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/update-browserslist.yml b/.github/workflows/update-browserslist.yml index 6ce784990b3d..7b3c28a33cea 100644 --- a/.github/workflows/update-browserslist.yml +++ b/.github/workflows/update-browserslist.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-google-fonts.yml b/.github/workflows/update-google-fonts.yml index bb3db875f74c..5e5749b2c73e 100644 --- a/.github/workflows/update-google-fonts.yml +++ b/.github/workflows/update-google-fonts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-product-schema.yml b/.github/workflows/update-product-schema.yml index 436969259523..a8ab8567bfed 100644 --- a/.github/workflows/update-product-schema.yml +++ b/.github/workflows/update-product-schema.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-templates.yml b/.github/workflows/update-templates.yml index 199dea8e124e..7f45402fd365 100644 --- a/.github/workflows/update-templates.yml +++ b/.github/workflows/update-templates.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs