diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2c0763620..abfea4c10 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index 4f452e20e..7611be096 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3b2acc294..7b8a7efd4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 76aeeae1c..d6e84a8a9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -35,7 +35,7 @@ jobs: package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -60,7 +60,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -111,7 +111,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -162,7 +162,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -213,7 +213,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -237,7 +237,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -262,7 +262,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -280,7 +280,7 @@ jobs: - name: "Use Node.js 20.x" uses: "actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020" # v4.4.0 with: - node-version: "20.19.3" + node-version: "20.19.4" cache: "pnpm" - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies" @@ -312,7 +312,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml index 76d01e45f..4d520fa13 100644 --- a/.github/workflows/lock-file-maintenance.yml +++ b/.github/workflows/lock-file-maintenance.yml @@ -21,7 +21,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml index 492ee9092..3c8b1fed4 100644 --- a/.github/workflows/preview-release.yaml +++ b/.github/workflows/preview-release.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml index a7233c9dd..05ec981ff 100644 --- a/.github/workflows/require-allow-edits.yml +++ b/.github/workflows/require-allow-edits.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3fab0d99b..cb48f1ca2 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index ab11b84f2..1cc953dbc 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -46,7 +46,7 @@ jobs: revert test - - uses: "marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943" # v2.9.3 + - uses: "marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405" # v2.9.4 # When the previous steps fail, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: "always() && (steps.lint_pr_title.outputs.error_message != null)" @@ -65,7 +65,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: "${{ steps.lint_pr_title.outputs.error_message == null }}" - uses: "marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943" # v2.9.3 + uses: "marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405" # v2.9.4 with: header: "pr-title-lint-error" message: | diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 81ecd5cc5..6f8648b99 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1676f92c4..d1f8af4f6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: codecov: "${{ steps.changes.outputs.codecov }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -72,7 +72,7 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit" @@ -141,7 +141,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2 + uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 with: egress-policy: "audit"