chore(deps): update step-security/harden-runner action to v2.9.1 #89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
prisis
approved these changes
Aug 19, 2024
prisis
pushed a commit
that referenced
this pull request
Feb 10, 2025
…-02-10) ### ⚠ BREAKING CHANGES * **deps:** updated dependencies to major versions Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> ### Features * added new groups ([fc1caaa](fc1caaa)) * enhance renovate configuration with improved security and automation, Added smart rate limiting (4 PRs/hour, 10 concurrent), Enhanced security with vulnerability alerts and auto-merge, Added package stability checks (3-day waiting period), Improved auto-merge rules for different package types, Added comprehensive labeling system, Enhanced scheduling for specific package groups, Added signed commit messages with emoji prefixes, Updated README with new features and improvements ([c9937c1](c9937c1)) ### Bug Fixes * added back the correct semantic commit type and scope ([1c5c2b3](1c5c2b3)) * updated all dependencies ([7505ffd](7505ffd)) ### Miscellaneous Chores * **deps:** lock file maintenance ([#91](#91)) ([16e34f2](16e34f2)) * **deps:** update actions/checkout action to v4.2.0 ([#102](#102)) ([799f90a](799f90a)) * **deps:** update actions/checkout action to v4.2.2 ([#111](#111)) ([f537cea](f537cea)) * **deps:** update actions/stale action to v9.1.0 ([#136](#136)) ([da9c3bb](da9c3bb)) * **deps:** update actions/upload-artifact action to v4.3.6 ([#83](#83)) ([4e9a026](4e9a026)) * **deps:** update actions/upload-artifact action to v4.4.0 ([#98](#98)) ([8c3794e](8c3794e)) * **deps:** update actions/upload-artifact action to v4.4.3 ([#112](#112)) ([a935e0b](a935e0b)) * **deps:** update actions/upload-artifact action to v4.5.0 ([#131](#131)) ([ec039ae](ec039ae)) * **deps:** update actions/upload-artifact action to v4.6.0 ([#137](#137)) ([91dac96](91dac96)) * **deps:** update dependency prettier to ^3.4.2 ([#128](#128)) ([df5e105](df5e105)) * **deps:** update dependency renovate to ^38.142.7 ([#122](#122)) ([7a7efb7](7a7efb7)) * **deps:** update dependency renovate to ^38.40.1 ([#81](#81)) ([e5dd8b5](e5dd8b5)) * **deps:** update dependency renovate to ^39.91.4 ([#133](#133)) ([e51e9c7](e51e9c7)) * **deps:** update dependency renovate to v39 ([#132](#132)) ([7c88ee7](7c88ee7)) * **deps:** update dependency semantic-release to ^24.1.2 ([#104](#104)) ([7ce3b0e](7ce3b0e)) * **deps:** update dependency semantic-release to ^24.1.3 ([#117](#117)) ([7f0743b](7f0743b)) * **deps:** update dependency semantic-release to ^24.2.0 ([#121](#121)) ([d67e799](d67e799)) * **deps:** update dependency taze to ^0.17.2 ([#105](#105)) ([45bbf7c](45bbf7c)) * **deps:** update dependency textlint to ^14.2.1 ([#109](#109)) ([7ddd0ee](7ddd0ee)) * **deps:** update dependency textlint to ^14.4.2 ([#129](#129)) ([06db8d2](06db8d2)) * **deps:** update dependency ubuntu to v24 ([#103](#103)) ([6c486e9](6c486e9)) * **deps:** update github/codeql-action action to v3.26.10 ([#106](#106)) ([2e0e5e1](2e0e5e1)) * **deps:** update github/codeql-action action to v3.26.12 ([#107](#107)) ([b7c2959](b7c2959)) * **deps:** update github/codeql-action action to v3.26.2 ([#86](#86)) ([24d2505](24d2505)) * **deps:** update github/codeql-action action to v3.26.5 ([#95](#95)) ([7fd061e](7fd061e)) * **deps:** update github/codeql-action action to v3.26.7 ([#97](#97)) ([4be827d](4be827d)) * **deps:** update github/codeql-action action to v3.26.8 ([#100](#100)) ([da3ea77](da3ea77)) * **deps:** update github/codeql-action action to v3.26.9 ([#101](#101)) ([5727bbc](5727bbc)) * **deps:** update github/codeql-action action to v3.27.0 ([#114](#114)) ([8b9b8e7](8b9b8e7)) * **deps:** update github/codeql-action action to v3.27.9 ([#124](#124)) ([d011982](d011982)) * **deps:** update github/codeql-action action to v3.28.3 ([#138](#138)) ([7dcbcb2](7dcbcb2)) * **deps:** update ossf/scorecard-action action to v2.4.0 ([#87](#87)) ([ba3bae6](ba3bae6)) * **deps:** update patch updates ([#94](#94)) ([5c35d7c](5c35d7c)) * **deps:** update pnpm to v9.11.0 ([#96](#96)) ([6521f65](6521f65)) * **deps:** update pnpm to v9.12.1 ([#108](#108)) ([7f2b141](7f2b141)) * **deps:** update pnpm to v9.12.2 ([#115](#115)) ([a0a1287](a0a1287)) * **deps:** update pnpm to v9.7.1 ([#88](#88)) ([23164b2](23164b2)) * **deps:** update step-security/harden-runner action to v2.10.1 ([#99](#99)) ([d6adfb3](d6adfb3)) * **deps:** update step-security/harden-runner action to v2.10.2 ([#125](#125)) ([b5ce371](b5ce371)) * **deps:** update step-security/harden-runner action to v2.10.4 ([#135](#135)) ([ee0426e](ee0426e)) * **deps:** update step-security/harden-runner action to v2.9.1 ([#89](#89)) ([323cff6](323cff6)) * optimized the lock file ([033b1fa](033b1fa)) * update dependencies and improve node version verification script ([f4affb5](f4affb5)) * update dev dependencies ([286ccbe](286ccbe))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.8.1->v2.9.1Release Notes
step-security/harden-runner (step-security/harden-runner)
v2.9.1Compare Source
What's Changed
Release v2.9.1 by @h0x0er and @varunsh-coder in #440
This release includes two changes:
Full Changelog: step-security/harden-runner@v2...v2.9.1
v2.9.0Compare Source
What's Changed
Release v2.9.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:
For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
Updated the
bracesnpm package dependency to a non-vulnerable version. The vulnerability inbracesdid not affect the Harden Runner ActionFull Changelog: step-security/harden-runner@v2...v2.9.0
Configuration
📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.