From 76878e5b4da07aa6d3c9ca7cd426346007673383 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 12:16:39 -0500 Subject: [PATCH] :seedling: Bump the github-actions group with 2 updates (#3686) Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/github-script](https://github.com/actions/github-script). Updates `step-security/harden-runner` from 2.6.0 to 2.6.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/1b05615854632b887b69ae1be8cbefe72d3ae423...eb238b55efaa70779f274895e782ed17c84f2895) Updates `actions/github-script` from 6.4.1 to 7.0.1 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/d7906e4ad0b1822421a7e6a35d5ca353c962f410...60a0d83039c74a4aee543508d2ffcb1c3799cdea) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/gitlab.yml | 2 +- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 4 ++-- .github/workflows/lint.yml | 2 +- .github/workflows/main.yml | 18 +++++++++--------- .github/workflows/publishimage.yml | 2 +- .github/workflows/scdiff.yml | 4 ++-- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 11 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b31a4696..a5810335 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3874978c..7fea70ef 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -70,7 +70,7 @@ jobs: steps: - name: Harden Runner if: (needs.docs_only_check.outputs.docs_only != 'true') - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index ce248f1e..4084a0d4 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -33,7 +33,7 @@ jobs: environment: gitlab steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 782191e9..41ad2ea1 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 710813f8..5be19ddd 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -44,7 +44,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4e138a68..cd26d590 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -19,7 +19,7 @@ jobs: name: check-linter runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b3d91a8a..d24685c6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -95,7 +95,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -143,7 +143,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -221,7 +221,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Cache builds @@ -260,7 +260,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -303,7 +303,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -349,7 +349,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -384,7 +384,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 876b97b5..4d0fb9ef 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scdiff.yml b/.github/workflows/scdiff.yml index 7ffc03e6..e457fc89 100644 --- a/.github/workflows/scdiff.yml +++ b/.github/workflows/scdiff.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write # to create the PR comment steps: - name: share link to workflow run - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | github.rest.issues.createComment({ @@ -58,7 +58,7 @@ jobs: echo "body=$BODY" >> $GITHUB_OUTPUT - name: configure scdiff id: config - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const allowedAssociations = ["COLLABORATOR", "CONTRIBUTOR", "MEMBER", "OWNER"]; diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8dbc78bf..974bfed6 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 2dba7a8e..78bc7d0b 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs