diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index e252bf1..a24b85e 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/build-directory-cache.yaml b/.github/workflows/build-directory-cache.yaml index 653f4d6..3146fe7 100644 --- a/.github/workflows/build-directory-cache.yaml +++ b/.github/workflows/build-directory-cache.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b6d42f8..9d909d4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,7 +39,7 @@ jobs: fail-fast: false steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ff1c581..173a9bf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index d4d5247..24355ed 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -18,7 +18,7 @@ jobs: if: ${{ github.event.action == 'opened' || github.event.action == 'ready_for_review' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'force ci') }} steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/notify-on-force-push.yml b/.github/workflows/notify-on-force-push.yml index 7bfa27c..b22e800 100644 --- a/.github/workflows/notify-on-force-push.yml +++ b/.github/workflows/notify-on-force-push.yml @@ -15,7 +15,7 @@ jobs: github.event.forced runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4528cde..0cfef72 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event.action == 'opened' || github.event.action == 'ready_for_review' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'force ci') }} steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/update-links.yml b/.github/workflows/update-links.yml index 65d0b28..c209214 100644 --- a/.github/workflows/update-links.yml +++ b/.github/workflows/update-links.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: block allowed-endpoints: >