Bump step-security/harden-runner from 2.3.1 to 2.4.0 (#76)

dependabot[bot] · web-flow · commit c4acdd766872 · 2023-06-01T20:28:08.000-07:00
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.1 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <ul> <li>Release v2.4.0 by <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> and <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/292">step-security/harden-runner#292</a> Adds support for wildcard domains in <code>block</code> mode. e.g. you can add <code>*.data.mcr.microsoft.com:443</code> to the allowed list, and egress traffic will be allowed to <code>eastus.data.mcr.microsoft.com:443</code> and <code>westus.data.mcr.microsoft.com:443</code>. <a href="https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains">Link to documentation</a>.</li> <li>Bump actions/checkout from 3.5.0 to 3.5.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/277">step-security/harden-runner#277</a></li> <li>Bump github/codeql-action from 2.2.11 to 2.2.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/278">step-security/harden-runner#278</a></li> <li>Bump step-security/harden-runner from 2.3.0 to 2.3.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/282">step-security/harden-runner#282</a></li> <li>Added a workflow for reviewing code changes using stepsecurity code reviewer by <a href="https://github.com/boahc077"><code>@​boahc077</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/290">step-security/harden-runner#290</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.4.0">https://github.com/step-security/harden-runner/compare/v2...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/128a63446a954579617e875aaab7d2978154e969"><code>128a634</code></a> Release v2.4.0 (<a href="https://redirect.github.com/step-security/harden-runner/issues/292">#292</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/6dacdfc16caa5ebd987908a44ab5b425193385f6"><code>6dacdfc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/290">#290</a> from step-security/ak-code-reviewer-main</li> <li><a href="https://github.com/step-security/harden-runner/commit/50ba86cd8eefa60e3595a9995d17855396907291"><code>50ba86c</code></a> Update code-review.yml</li> <li><a href="https://github.com/step-security/harden-runner/commit/b4ed311ff3125a3dcccb3376aa1c241e359f3f90"><code>b4ed311</code></a> adding a workflow for reviewing code changes using stepsecurity code reviewer</li> <li><a href="https://github.com/step-security/harden-runner/commit/5d5d34225d930d298d52ae60999ca9b617dd2e3a"><code>5d5d342</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/282">#282</a> from step-security/dependabot/github_actions/step-sec...</li> <li><a href="https://github.com/step-security/harden-runner/commit/bb3ffe7c11441e1b254393d28ac7f426b067ff5f"><code>bb3ffe7</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/278">#278</a> from step-security/dependabot/github_actions/github/c...</li> <li><a href="https://github.com/step-security/harden-runner/commit/f4a62b32a72ad584a11aeb2e8817cc1d1b120d1f"><code>f4a62b3</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/277">#277</a> from step-security/dependabot/github_actions/actions/...</li> <li><a href="https://github.com/step-security/harden-runner/commit/0dcc8e68fdc3bd0337c4d5a6fb13b2a51fa63e9b"><code>0dcc8e6</code></a> Bump step-security/harden-runner from 2.3.0 to 2.3.1</li> <li><a href="https://github.com/step-security/harden-runner/commit/daacdded59db3735ca4711c638daecfbd3d50692"><code>daacdde</code></a> Bump github/codeql-action from 2.2.11 to 2.2.12</li> <li><a href="https://github.com/step-security/harden-runner/commit/012ac92c8dc640bb4aeeef6bfa802202c92b7175"><code>012ac92</code></a> Bump actions/checkout from 3.5.0 to 3.5.2</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/6b3083af2869dc3314a0257a42f4af696cc79ba3...128a63446a954579617e875aaab7d2978154e969">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.3.1&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3
+      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3
+      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
