Skip to content

chore(deps): update non-major github actions #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update non-major github actions #23

wants to merge 1 commit into from

Conversation

@renovate-coveooss
Copy link
Contributor

@renovate-coveooss renovate-coveooss bot commented Jun 3, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v4.2.2 -> v4.3.1
actions/setup-go action minor v5.4.0 -> v5.5.0
go uses-with minor 1.21 -> 1.25
step-security/harden-runner action minor v2.11.1 -> v2.13.2

[skip release]

Release Notes

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

actions/setup-go (actions/setup-go)

v5.5.0

Compare Source

What's Changed

Bug fixes:
Dependency updates:

New Contributors

Full Changelog: actions/setup-go@v5...v5.5.0

actions/go-versions (go)

v1.25.4: 1.25.4

Compare Source

Go 1.25.4

v1.25.3: 1.25.3

Compare Source

Go 1.25.3

v1.25.2: 1.25.2

Compare Source

Go 1.25.2

v1.25.1: 1.25.1

Compare Source

Go 1.25.1

v1.25.0: 1.25.0

Compare Source

Go 1.25.0

v1.24.10: 1.24.10

Compare Source

Go 1.24.10

v1.24.9: 1.24.9

Compare Source

Go 1.24.9

v1.24.8: 1.24.8

Compare Source

Go 1.24.8

v1.24.7: 1.24.7

Compare Source

Go 1.24.7

v1.24.6: 1.24.6

Compare Source

Go 1.24.6

v1.24.5: 1.24.5

Compare Source

Go 1.24.5

v1.24.4: 1.24.4

Compare Source

Go 1.24.4

v1.24.3: 1.24.3

Compare Source

Go 1.24.3

v1.24.2: 1.24.2

Compare Source

Go 1.24.2

v1.24.1: 1.24.1

Compare Source

Go 1.24.1

v1.24.0: 1.24.0

Compare Source

Go 1.24.0

v1.23.12: 1.23.12

Compare Source

Go 1.23.12

v1.23.11: 1.23.11

Compare Source

Go 1.23.11

v1.23.10: 1.23.10

Compare Source

Go 1.23.10

v1.23.9: 1.23.9

Compare Source

Go 1.23.9

v1.23.8: 1.23.8

Compare Source

Go 1.23.8

v1.23.7: 1.23.7

Compare Source

Go 1.23.7

v1.23.6: 1.23.6

Compare Source

Go 1.23.6

v1.23.5: 1.23.5

Compare Source

Go 1.23.5

v1.23.4: 1.23.4

Compare Source

Go 1.23.4

v1.23.3: 1.23.3

Compare Source

Go 1.23.3

v1.23.2: 1.23.2

Compare Source

Go 1.23.2

v1.23.1: 1.23.1

Compare Source

Go 1.23.1

v1.23.0: 1.23.0

Compare Source

Go 1.23.0

v1.22.12: 1.22.12

Compare Source

Go 1.22.12

v1.22.11: 1.22.11

Compare Source

Go 1.22.11

v1.22.10: 1.22.10

Compare Source

Go 1.22.10

v1.22.9: 1.22.9

Compare Source

Go 1.22.9

v1.22.8: 1.22.8

Compare Source

Go 1.22.8

v1.22.7: 1.22.7

Compare Source

Go 1.22.7

v1.22.6: 1.22.6

Compare Source

Go 1.22.6

v1.22.5: 1.22.5

Compare Source

Go 1.22.5

v1.22.4: 1.22.4

Compare Source

Go 1.22.4

v1.22.3: 1.22.3

Compare Source

Go 1.22.3

v1.22.2: 1.22.2

Compare Source

Go 1.22.2

v1.22.1: 1.22.1

Compare Source

Go 1.22.1

v1.22.0: 1.22.0

Compare Source

Go 1.22.0

step-security/harden-runner (step-security/harden-runner)

v2.13.2

Compare Source

What's Changed
  • Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
  • Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

v2.13.1

Compare Source

What's Changed

  • Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

  • Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

  • Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

v2.13.0

Compare Source

What's Changed

  • Improved job markdown summary
  • Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

Compare Source

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com
Bug fixes:

  • Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
  • Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

Compare Source

What's Changed

  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

v2.12.0

Compare Source

What's Changed

  1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

  2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

Configuration

📅 Schedule: Branch creation - "before 4:00am on Tuesday" in timezone America/Toronto, Automerge - "after 9:00am and before 12:00pm on tuesday, wednesday, thursday" in timezone America/Toronto.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from c1913cc to fae52df Compare June 18, 2025 14:34
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from fae52df to c73a671 Compare July 7, 2025 06:34
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from c73a671 to ac9f808 Compare July 22, 2025 19:37
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from ac9f808 to 2b5b714 Compare August 18, 2025 10:33
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from 2b5b714 to abf1611 Compare August 27, 2025 11:37
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from abf1611 to d6c6609 Compare September 16, 2025 18:03
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from d6c6609 to 02e0d48 Compare October 15, 2025 21:34
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from 02e0d48 to 40e3168 Compare November 12, 2025 08:03
@renovate-coveooss renovate-coveooss bot force-pushed the renovate/github-actions-non-major branch from 40e3168 to b870b1a Compare November 20, 2025 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bot dependency update renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant