From ed648098c7a3b1590c51586783558c32d0e38605 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jun 2026 17:05:30 +0000 Subject: [PATCH] Bump step-security/harden-runner from 2.17.0 to 2.19.4 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.19.4. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...9af89fc71515a100421586dfdb3dc9c984fbf411) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/.github_test.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/sync-default-branch.yml | 2 +- .github/workflows/sync-major-version.yml | 2 +- .github/workflows/test.yml | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/.github_test.yml b/.github/workflows/.github_test.yml index 3d8905f..f2a6873 100644 --- a/.github/workflows/.github_test.yml +++ b/.github/workflows/.github_test.yml @@ -44,7 +44,7 @@ jobs: # - nodenv-update - nodenv-vars steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1cb7c64..7abe951 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: permissions: { contents: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { persist-credentials: false } @@ -47,7 +47,7 @@ jobs: permissions: { contents: read } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769 # v4.1 with: @@ -62,7 +62,7 @@ jobs: permissions: { id-token: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { persist-credentials: false } diff --git a/.github/workflows/sync-default-branch.yml b/.github/workflows/sync-default-branch.yml index f149376..15b917b 100644 --- a/.github/workflows/sync-default-branch.yml +++ b/.github/workflows/sync-default-branch.yml @@ -8,7 +8,7 @@ jobs: permissions: { contents: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: diff --git a/.github/workflows/sync-major-version.yml b/.github/workflows/sync-major-version.yml index 88ef781..4c085bd 100644 --- a/.github/workflows/sync-major-version.yml +++ b/.github/workflows/sync-major-version.yml @@ -9,7 +9,7 @@ jobs: permissions: { contents: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e80d368..8a66a47 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: { os: [ubuntu-latest, macOS-latest] } steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { persist-credentials: false } @@ -35,7 +35,7 @@ jobs: permissions: { contents: read, packages: read, statuses: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { fetch-depth: 0, persist-credentials: false } @@ -55,7 +55,7 @@ jobs: if: startsWith('pull_request', github.event_name) runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: > @@ -72,7 +72,7 @@ jobs: permissions: { id-token: write, security-events: write } runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: { egress-policy: audit } - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: { persist-credentials: false }