From 8c27a91249ff8ae3b5f2437fe817bb71d9ac9c95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 23:56:56 +0200 Subject: [PATCH] Bump step-security/harden-runner from 2.5.0 to 2.5.1 (#13453) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/cba0d00b1fc9a034e1e642ea0f1103c282990604...8ca2b8b2ece13480cda6dacd3511b49857a23c09) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-and-deploy.yml | 4 ++-- .github/workflows/cleanup-pr-assets.yml | 2 +- .github/workflows/lint-css-js-md.yml | 2 +- .github/workflows/lint-i18n.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/npm-release.yml | 2 +- .github/workflows/plugin-release.yml | 12 ++++++------ .github/workflows/scorecards.yml | 2 +- .github/workflows/tests-e2e.yml | 4 ++-- .github/workflows/tests-karma-dashboard.yml | 2 +- .github/workflows/tests-karma-editor.yml | 2 +- .github/workflows/tests-unit-js.yml | 2 +- .github/workflows/tests-unit-php.yml | 2 +- .github/workflows/update-browserslist.yml | 2 +- .github/workflows/update-google-fonts.yml | 2 +- .github/workflows/update-product-schema.yml | 2 +- .github/workflows/update-templates.yml | 2 +- 17 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index cb3510b367bc..550d84cc3525 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -83,7 +83,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block @@ -129,7 +129,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/cleanup-pr-assets.yml b/.github/workflows/cleanup-pr-assets.yml index f3555b81532e..62b984360a44 100644 --- a/.github/workflows/cleanup-pr-assets.yml +++ b/.github/workflows/cleanup-pr-assets.yml @@ -21,7 +21,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true disable-sudo: true diff --git a/.github/workflows/lint-css-js-md.yml b/.github/workflows/lint-css-js-md.yml index a02d9fb8d126..8bccf8869da4 100644 --- a/.github/workflows/lint-css-js-md.yml +++ b/.github/workflows/lint-css-js-md.yml @@ -61,7 +61,7 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/lint-i18n.yml b/.github/workflows/lint-i18n.yml index d327bef2d35d..ee890ec8dd26 100644 --- a/.github/workflows/lint-i18n.yml +++ b/.github/workflows/lint-i18n.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 75b4ff4779fc..eedb1dac5412 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index de5c2edaceee..ffebc9d06788 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -102,7 +102,7 @@ jobs: needs: [dry-run] steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index 65f6c2436faf..2a6e2750d4d1 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -41,7 +41,7 @@ jobs: environment: Production steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -104,7 +104,7 @@ jobs: needs: [checks] steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -245,7 +245,7 @@ jobs: release_name: ${{ steps.release_branch.outputs.release_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -408,7 +408,7 @@ jobs: needs: [build] steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -444,7 +444,7 @@ jobs: if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }} steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -500,7 +500,7 @@ jobs: SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c009248cebd7..ad2a537d051d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index ae7ee19454df..a84572e42528 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -70,7 +70,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -149,7 +149,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/tests-karma-dashboard.yml b/.github/workflows/tests-karma-dashboard.yml index ef8ea4b9c0ae..4966157039a7 100644 --- a/.github/workflows/tests-karma-dashboard.yml +++ b/.github/workflows/tests-karma-dashboard.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-karma-editor.yml b/.github/workflows/tests-karma-editor.yml index d525b5bc1d61..5eb05610abf6 100644 --- a/.github/workflows/tests-karma-editor.yml +++ b/.github/workflows/tests-karma-editor.yml @@ -83,7 +83,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-unit-js.yml b/.github/workflows/tests-unit-js.yml index d0c9f88a9543..750ad01f1916 100644 --- a/.github/workflows/tests-unit-js.yml +++ b/.github/workflows/tests-unit-js.yml @@ -51,7 +51,7 @@ jobs: shard: ['1/2', '2/2'] steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/tests-unit-php.yml b/.github/workflows/tests-unit-php.yml index fa08c1e0409e..53d6d0671bfd 100644 --- a/.github/workflows/tests-unit-php.yml +++ b/.github/workflows/tests-unit-php.yml @@ -80,7 +80,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/update-browserslist.yml b/.github/workflows/update-browserslist.yml index 694b96385a60..1ffe9d821553 100644 --- a/.github/workflows/update-browserslist.yml +++ b/.github/workflows/update-browserslist.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-google-fonts.yml b/.github/workflows/update-google-fonts.yml index 56e1e731cd6c..a06919feda0a 100644 --- a/.github/workflows/update-google-fonts.yml +++ b/.github/workflows/update-google-fonts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-product-schema.yml b/.github/workflows/update-product-schema.yml index 510dc355f9ef..d839e9683001 100644 --- a/.github/workflows/update-product-schema.yml +++ b/.github/workflows/update-product-schema.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-templates.yml b/.github/workflows/update-templates.yml index 8a871fc244ab..315e72c744e1 100644 --- a/.github/workflows/update-templates.yml +++ b/.github/workflows/update-templates.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs