diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index a24b85e..02b4817 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/build-directory-cache.yaml b/.github/workflows/build-directory-cache.yaml index 3146fe7..a3b51d9 100644 --- a/.github/workflows/build-directory-cache.yaml +++ b/.github/workflows/build-directory-cache.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9d909d4..8b8f74a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,7 +39,7 @@ jobs: fail-fast: false steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 173a9bf..951912d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 24355ed..49e70f6 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -18,7 +18,7 @@ jobs: if: ${{ github.event.action == 'opened' || github.event.action == 'ready_for_review' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'force ci') }} steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/notify-on-force-push.yml b/.github/workflows/notify-on-force-push.yml index b22e800..87d76bc 100644 --- a/.github/workflows/notify-on-force-push.yml +++ b/.github/workflows/notify-on-force-push.yml @@ -15,7 +15,7 @@ jobs: github.event.forced runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0cfef72..21d2b42 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event.action == 'opened' || github.event.action == 'ready_for_review' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'force ci') }} steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/update-links.yml b/.github/workflows/update-links.yml index c209214..9b582a9 100644 --- a/.github/workflows/update-links.yml +++ b/.github/workflows/update-links.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: block allowed-endpoints: >