diff --git a/.github/workflows/pr-actions.yaml b/.github/workflows/pr-actions.yaml index a2919fe..9d860ae 100644 --- a/.github/workflows/pr-actions.yaml +++ b/.github/workflows/pr-actions.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/pr-goreleaser.yaml b/.github/workflows/pr-goreleaser.yaml index 360b319..83eb18a 100644 --- a/.github/workflows/pr-goreleaser.yaml +++ b/.github/workflows/pr-goreleaser.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - name: Checkout diff --git a/.github/workflows/pr-label.yaml b/.github/workflows/pr-label.yaml index d341737..d857484 100644 --- a/.github/workflows/pr-label.yaml +++ b/.github/workflows/pr-label.yaml @@ -13,7 +13,7 @@ jobs: if: '!github.event.pull_request.head.repo.fork' steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/pr-stale.yaml b/.github/workflows/pr-stale.yaml index bb681be..bba598f 100644 --- a/.github/workflows/pr-stale.yaml +++ b/.github/workflows/pr-stale.yaml @@ -12,7 +12,7 @@ jobs: issues: write steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 diff --git a/.github/workflows/pr-trivy.yaml b/.github/workflows/pr-trivy.yaml index a35e15f..6adbc56 100644 --- a/.github/workflows/pr-trivy.yaml +++ b/.github/workflows/pr-trivy.yaml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/rebase.yaml b/.github/workflows/rebase.yaml index 1f9ec5e..29960bc 100644 --- a/.github/workflows/rebase.yaml +++ b/.github/workflows/rebase.yaml @@ -16,7 +16,7 @@ jobs: contents: write # needed to force push steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 5eb2eba..452307f 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -22,7 +22,7 @@ jobs: security-events: write # for codeQL to write security events steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - name: Checkout repository diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 35ac74c..590e5eb 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit