diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 1cb4cf6689..e032d0e8a5 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -23,7 +23,7 @@ jobs: if: github.repository == 'ossf/cve-bin-tool' # run on origin repo only steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c44d4997b1..1ef3a95ed0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 71b34b3927..ba7ac19ae2 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c409d18490..7b84dd1b60 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 46c0c394ad..469a5b3ffc 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 72a7c432fd..dcc223c260 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -24,7 +24,7 @@ jobs: tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy', 'interrogate'] steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index ac7cd3668e..73ba9d421e 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -22,7 +22,7 @@ jobs: python: ['3.10', '3.11', '3.12', '3.13'] steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index c806ab8b7d..1e41abcdb3 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 38f664d6bf..4462ec72a1 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: disable-sudo: true egress-policy: block @@ -81,7 +81,7 @@ jobs: timeout-minutes: 90 steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -630,7 +630,7 @@ jobs: EXTERNAL_SYSTEM: 1 steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > @@ -767,7 +767,7 @@ jobs: PYTHONIOENCODING: 'utf8' steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 83d578354d..5a5c60d878 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -36,7 +36,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index 9aace7d42b..8bcba6cdf0 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 89a99e956a..b9d1c114b4 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml index 0a07c1d7cb..917fd2624e 100644 --- a/.github/workflows/update-spdx-header.yml +++ b/.github/workflows/update-spdx-header.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml index 59827641be..ac9847831f 100644 --- a/.github/workflows/validate-yml.yml +++ b/.github/workflows/validate-yml.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit