Bump step-security/harden-runner from 2.6.1 to 2.7.0 (#1633)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <h2>What's Changed</h2> <p>Release 2.7.0 by <a href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a> and <a href="https://github.com/h0x0er"><code>@h0x0er</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/376">step-security/harden-runner#376</a> This release:</p> <ol> <li>Updates the node runtime to node20</li> <li>Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners</li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.7.0">https://github.com/step-security/harden-runner/compare/v2...v2.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/63c24ba6bd7ba022e95695ff85de572c04a18142"><code>63c24ba</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/376">#376</a> from step-security/rc-7</li> <li><a href="https://github.com/step-security/harden-runner/commit/95691d3d1cfc1f403f673ccbe70465d7c4254108"><code>95691d3</code></a> Update dist</li> <li><a href="https://github.com/step-security/harden-runner/commit/6339621ce7eb126e03da0cdd1e373bf4a86aa351"><code>6339621</code></a> Update to node20</li> <li><a href="https://github.com/step-security/harden-runner/commit/4a63cdab7412f310777ba8aba65aafca4c1dd47f"><code>4a63cda</code></a> Add tls-inspection capability (<a href="https://redirect.github.com/step-security/harden-runner/issues/368">#368</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/dece11172ed6b762b5421b294513d628edad7f7d"><code>dece111</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/372">#372</a> from step-security/readme-update</li> <li><a href="https://github.com/step-security/harden-runner/commit/1952f970702453e198ed55b40944bf4ffc0ad992"><code>1952f97</code></a> Updates</li> <li><a href="https://github.com/step-security/harden-runner/commit/32f00ffb1b198fae962ae378ca876e01f367043f"><code>32f00ff</code></a> Update README.md</li> <li><a href="https://github.com/step-security/harden-runner/commit/ea8b747819ff6d82907eb4018229f1a75c174697"><code>ea8b747</code></a> Publish test results (<a href="https://redirect.github.com/step-security/harden-runner/issues/363">#363</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/c0db65e1f64025718795419be8dbbf8c4050160f"><code>c0db65e</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/359">#359</a> from step-security/dependabot/github_actions/actions/...</li> <li><a href="https://github.com/step-security/harden-runner/commit/4151c053ff9c3daff63c12b5175c94870ec73b53"><code>4151c05</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/361">#361</a> from step-security/dependabot/github_actions/step-sec...</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/eb238b55efaa70779f274895e782ed17c84f2895...63c24ba6bd7ba022e95695ff85de572c04a18142">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.6.1&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Ouranosinc · Jan 31, 2024 · 843fe11 · 843fe11
2 parents 974a02b + 892b37d
commit 843fe11
Show file tree

Hide file tree

Showing 16 changed files with 21 additions and 21 deletions.
diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml
@@ -17,7 +17,7 @@ jobs:
       repository-projects: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
@@ -35,7 +35,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/cache-cleaner.yml b/.github/workflows/cache-cleaner.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -37,7 +37,7 @@ jobs:
           - 'python'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/first-pull-request.yml b/.github/workflows/first-pull-request.yml
@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/label-on-approval.yml b/.github/workflows/label-on-approval.yml
@@ -26,7 +26,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -56,7 +56,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -29,7 +29,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -44,7 +44,7 @@ jobs:
           - "3.9"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -79,7 +79,7 @@ jobs:
             python-version: "3.9"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -135,7 +135,7 @@ jobs:
             markers: -m 'not slow and not requires_internet'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: block
           allowed-endpoints: >
@@ -190,7 +190,7 @@ jobs:
         shell: bash -l {0}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -260,7 +260,7 @@ jobs:
     container: python:3-slim
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: Coveralls Finished

diff --git a/.github/workflows/publish-mastodon.yml b/.github/workflows/publish-mastodon.yml
@@ -25,7 +25,7 @@ jobs:
     environment: production
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/tag-testpypi.yml b/.github/workflows/tag-testpypi.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

diff --git a/.github/workflows/testdata-version.yml b/.github/workflows/testdata-version.yml
@@ -23,7 +23,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml
@@ -40,7 +40,7 @@ jobs:
         shell: bash -l {0}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/workflow-warning.yml b/.github/workflows/workflow-warning.yml
@@ -26,7 +26,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
           egress-policy: block