From 7fc8d180537a026ff461ecd39480409017841abf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Apr 2026 05:16:05 +0000 Subject: [PATCH] chore(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.18.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...6c3c2f2c1c457b00c10c4848d6f5491db3b629df) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/docs.yml | 4 ++-- .github/workflows/lf-build.yml | 2 +- .github/workflows/lf-release.yml | 2 +- .github/workflows/pre-commit-autoupdate.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c6e539fb..1411443a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,7 +31,7 @@ jobs: steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 565015fc..8cf74043 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,7 +11,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 48ee44fe..3465f2e8 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -19,7 +19,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' @@ -53,7 +53,7 @@ jobs: url: '${{ steps.deployment.outputs.page_url }}' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/lf-build.yml b/.github/workflows/lf-build.yml index 104cb9e8..d1bfbbab 100644 --- a/.github/workflows/lf-build.yml +++ b/.github/workflows/lf-build.yml @@ -28,7 +28,7 @@ jobs: steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/lf-release.yml b/.github/workflows/lf-release.yml index 3d3ac2eb..57c2e764 100644 --- a/.github/workflows/lf-release.yml +++ b/.github/workflows/lf-release.yml @@ -17,7 +17,7 @@ jobs: steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/pre-commit-autoupdate.yml b/.github/workflows/pre-commit-autoupdate.yml index 0f123ce8..9abc9846 100644 --- a/.github/workflows/pre-commit-autoupdate.yml +++ b/.github/workflows/pre-commit-autoupdate.yml @@ -15,7 +15,7 @@ jobs: pull-requests: 'write' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 63164789..f18a9cc1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176' # v2.17.0 + uses: 'step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df' # v2.18.0 with: egress-policy: 'audit'