diff --git a/.github/workflows/reusable-add-to-project.yml b/.github/workflows/reusable-add-to-project.yml index 37cab11..a378bcf 100644 --- a/.github/workflows/reusable-add-to-project.yml +++ b/.github/workflows/reusable-add-to-project.yml @@ -48,7 +48,7 @@ jobs: (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-alex.yml b/.github/workflows/reusable-alex.yml index 1729d9a..01d74b8 100644 --- a/.github/workflows/reusable-alex.yml +++ b/.github/workflows/reusable-alex.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-builder-aur.yml b/.github/workflows/reusable-builder-aur.yml index a169400..ebde2bd 100644 --- a/.github/workflows/reusable-builder-aur.yml +++ b/.github/workflows/reusable-builder-aur.yml @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-builder-deb.yml b/.github/workflows/reusable-builder-deb.yml index cb02b5f..309b237 100644 --- a/.github/workflows/reusable-builder-deb.yml +++ b/.github/workflows/reusable-builder-deb.yml @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-builder-flatpak.yml b/.github/workflows/reusable-builder-flatpak.yml index 29fbe07..3bee81c 100644 --- a/.github/workflows/reusable-builder-flatpak.yml +++ b/.github/workflows/reusable-builder-flatpak.yml @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: ${{ inputs.egress-policy || 'block' }} disable-telemetry: true diff --git a/.github/workflows/reusable-builder-go.yml b/.github/workflows/reusable-builder-go.yml index 7ab6d9f..743fb70 100644 --- a/.github/workflows/reusable-builder-go.yml +++ b/.github/workflows/reusable-builder-go.yml @@ -79,7 +79,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-builder-rpm.yml b/.github/workflows/reusable-builder-rpm.yml index 719c2f9..8b4ea49 100644 --- a/.github/workflows/reusable-builder-rpm.yml +++ b/.github/workflows/reusable-builder-rpm.yml @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-builder-snap.yml b/.github/workflows/reusable-builder-snap.yml index 51015bc..920b538 100644 --- a/.github/workflows/reusable-builder-snap.yml +++ b/.github/workflows/reusable-builder-snap.yml @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: ${{ inputs.egress-policy || 'block' }} disable-telemetry: true diff --git a/.github/workflows/reusable-codeql.yml b/.github/workflows/reusable-codeql.yml index 9b24bc6..b7f0388 100644 --- a/.github/workflows/reusable-codeql.yml +++ b/.github/workflows/reusable-codeql.yml @@ -31,7 +31,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-dependency-review.yml b/.github/workflows/reusable-dependency-review.yml index 851dd1d..59c6dd7 100644 --- a/.github/workflows/reusable-dependency-review.yml +++ b/.github/workflows/reusable-dependency-review.yml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-golangci.yml b/.github/workflows/reusable-golangci.yml index 3a901f1..3cb91fc 100644 --- a/.github/workflows/reusable-golangci.yml +++ b/.github/workflows/reusable-golangci.yml @@ -39,7 +39,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-goreportcard.yml b/.github/workflows/reusable-goreportcard.yml index d01bbcf..e92f538 100644 --- a/.github/workflows/reusable-goreportcard.yml +++ b/.github/workflows/reusable-goreportcard.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-license.yml b/.github/workflows/reusable-license.yml index 357950b..054793b 100644 --- a/.github/workflows/reusable-license.yml +++ b/.github/workflows/reusable-license.yml @@ -28,7 +28,7 @@ jobs: name: Check License Headers steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} @@ -61,7 +61,7 @@ jobs: name: "Check Dependencies' License" steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-releaser-gemfury.yml b/.github/workflows/reusable-releaser-gemfury.yml index dbad10d..f22c072 100644 --- a/.github/workflows/reusable-releaser-gemfury.yml +++ b/.github/workflows/reusable-releaser-gemfury.yml @@ -38,7 +38,7 @@ jobs: ARTIFACT_DIR: artifacts steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-releaser-go.yml b/.github/workflows/reusable-releaser-go.yml index 5731b95..561eef1 100644 --- a/.github/workflows/reusable-releaser-go.yml +++ b/.github/workflows/reusable-releaser-go.yml @@ -39,7 +39,7 @@ jobs: release-note: ${{ steps.misc.outputs.release-note }} steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-scorecards.yml b/.github/workflows/reusable-scorecards.yml index 27d19d5..ff5ea0d 100644 --- a/.github/workflows/reusable-scorecards.yml +++ b/.github/workflows/reusable-scorecards.yml @@ -43,7 +43,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-semgrep.yml b/.github/workflows/reusable-semgrep.yml index e4b2095..480502d 100644 --- a/.github/workflows/reusable-semgrep.yml +++ b/.github/workflows/reusable-semgrep.yml @@ -34,7 +34,7 @@ jobs: SEMGREP_SEND_METRICS: 'off' steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-stale.yml b/.github/workflows/reusable-stale.yml index 91b28c2..f127bd1 100644 --- a/.github/workflows/reusable-stale.yml +++ b/.github/workflows/reusable-stale.yml @@ -24,7 +24,7 @@ jobs: name: Close Stale Issues and PRs steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-super-linter.yml b/.github/workflows/reusable-super-linter.yml index dcf5ced..eb1fc66 100644 --- a/.github/workflows/reusable-super-linter.yml +++ b/.github/workflows/reusable-super-linter.yml @@ -42,7 +42,7 @@ jobs: statuses: write steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-trivy.yml b/.github/workflows/reusable-trivy.yml index 673ea94..2781255 100644 --- a/.github/workflows/reusable-trivy.yml +++ b/.github/workflows/reusable-trivy.yml @@ -41,7 +41,7 @@ jobs: if: ${{ inputs.scan-type == 'fs' }} steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} @@ -99,7 +99,7 @@ jobs: if: ${{ inputs.scan-type == 'image' }} steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'block' }} diff --git a/.github/workflows/reusable-urlcheck.yml b/.github/workflows/reusable-urlcheck.yml index 1d6fabc..7397216 100644 --- a/.github/workflows/reusable-urlcheck.yml +++ b/.github/workflows/reusable-urlcheck.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: ${{ inputs.egress-policy || 'audit' }}