From 7459dd5e071c8879bbec2f9a736b0657ee6235bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 17:43:33 +0000 Subject: [PATCH] Bump step-security/harden-runner from 2.4.0 to 2.5.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.0 to 2.5.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/128a63446a954579617e875aaab7d2978154e969...8ca2b8b2ece13480cda6dacd3511b49857a23c09) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/add-milestone.yml | 2 +- .github/workflows/build-and-deploy.yml | 4 ++-- .github/workflows/cleanup-pr-assets.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/deploy-storybook.yml | 2 +- .github/workflows/lint-css-js-md.yml | 2 +- .github/workflows/lint-i18n.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/npm-release.yml | 2 +- .github/workflows/plugin-release.yml | 12 ++++++------ .github/workflows/scorecards.yml | 2 +- .github/workflows/tests-e2e.yml | 4 ++-- .github/workflows/tests-karma-dashboard.yml | 2 +- .github/workflows/tests-karma-editor.yml | 2 +- .github/workflows/tests-unit-js.yml | 2 +- .github/workflows/tests-unit-php.yml | 2 +- .github/workflows/update-browserslist.yml | 2 +- .github/workflows/update-google-fonts.yml | 2 +- .github/workflows/update-product-schema.yml | 2 +- .github/workflows/update-templates.yml | 2 +- 20 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/add-milestone.yml b/.github/workflows/add-milestone.yml index ddd3b76f74a7..6db443e61894 100644 --- a/.github/workflows/add-milestone.yml +++ b/.github/workflows/add-milestone.yml @@ -27,7 +27,7 @@ jobs: if: github.event.pull_request.merged == true steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 1bab60b688b8..1537c7cfcadf 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -83,7 +83,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block @@ -128,7 +128,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/cleanup-pr-assets.yml b/.github/workflows/cleanup-pr-assets.yml index 9f83c39e70dc..62b984360a44 100644 --- a/.github/workflows/cleanup-pr-assets.yml +++ b/.github/workflows/cleanup-pr-assets.yml @@ -21,7 +21,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true disable-sudo: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1c1ab866221b..e7d08b26b7e9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/deploy-storybook.yml b/.github/workflows/deploy-storybook.yml index ba78d7b46c78..a4a7e5a63d23 100644 --- a/.github/workflows/deploy-storybook.yml +++ b/.github/workflows/deploy-storybook.yml @@ -62,7 +62,7 @@ jobs: needs: [build-storybook] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/lint-css-js-md.yml b/.github/workflows/lint-css-js-md.yml index fa7bd41645d1..675978c19479 100644 --- a/.github/workflows/lint-css-js-md.yml +++ b/.github/workflows/lint-css-js-md.yml @@ -61,7 +61,7 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/lint-i18n.yml b/.github/workflows/lint-i18n.yml index 137c22e99635..287929ccccf7 100644 --- a/.github/workflows/lint-i18n.yml +++ b/.github/workflows/lint-i18n.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index e17b139d3b84..90c613a8aad8 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 073b29c1ac5b..1941373c6f66 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -102,7 +102,7 @@ jobs: needs: [dry-run] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index e991224c2a05..a95e8836ae96 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -41,7 +41,7 @@ jobs: environment: Production steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -104,7 +104,7 @@ jobs: needs: [checks] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -245,7 +245,7 @@ jobs: release_name: ${{ steps.release_branch.outputs.release_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -408,7 +408,7 @@ jobs: needs: [build] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -444,7 +444,7 @@ jobs: if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }} steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -500,7 +500,7 @@ jobs: SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3021122a3721..2288468fd578 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index c805d36f770a..3c124022e15c 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -70,7 +70,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -149,7 +149,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/tests-karma-dashboard.yml b/.github/workflows/tests-karma-dashboard.yml index 372b15919fd0..03a9af2e95c0 100644 --- a/.github/workflows/tests-karma-dashboard.yml +++ b/.github/workflows/tests-karma-dashboard.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-karma-editor.yml b/.github/workflows/tests-karma-editor.yml index 603aa05bddd0..ec029b45f9a3 100644 --- a/.github/workflows/tests-karma-editor.yml +++ b/.github/workflows/tests-karma-editor.yml @@ -83,7 +83,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-unit-js.yml b/.github/workflows/tests-unit-js.yml index 0fc31c0c83db..a05ba7fa2de9 100644 --- a/.github/workflows/tests-unit-js.yml +++ b/.github/workflows/tests-unit-js.yml @@ -51,7 +51,7 @@ jobs: shard: ['1/2', '2/2'] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/tests-unit-php.yml b/.github/workflows/tests-unit-php.yml index 44aaee1e3dd0..ce8d0030a247 100644 --- a/.github/workflows/tests-unit-php.yml +++ b/.github/workflows/tests-unit-php.yml @@ -79,7 +79,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/update-browserslist.yml b/.github/workflows/update-browserslist.yml index 0fd4a8b5f18f..5ecea72faa53 100644 --- a/.github/workflows/update-browserslist.yml +++ b/.github/workflows/update-browserslist.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-google-fonts.yml b/.github/workflows/update-google-fonts.yml index 3c924b54ad2d..fd92e6d88491 100644 --- a/.github/workflows/update-google-fonts.yml +++ b/.github/workflows/update-google-fonts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-product-schema.yml b/.github/workflows/update-product-schema.yml index a3f1af622ead..6e04600c0929 100644 --- a/.github/workflows/update-product-schema.yml +++ b/.github/workflows/update-product-schema.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-templates.yml b/.github/workflows/update-templates.yml index b3594ebb506b..d9305aa3c8c5 100644 --- a/.github/workflows/update-templates.yml +++ b/.github/workflows/update-templates.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs