diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7af66627..b3641fff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b3f620bd..4373ef8d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-aarch64.yml b/.github/workflows/lf-build-linux-aarch64.yml index 38dfe445..56ca6814 100644 --- a/.github/workflows/lf-build-linux-aarch64.yml +++ b/.github/workflows/lf-build-linux-aarch64.yml @@ -29,7 +29,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit @@ -56,7 +56,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-x86_64.yml b/.github/workflows/lf-build-linux-x86_64.yml index 82add496..71151556 100644 --- a/.github/workflows/lf-build-linux-x86_64.yml +++ b/.github/workflows/lf-build-linux-x86_64.yml @@ -29,7 +29,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit @@ -56,7 +56,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-windows-x86_64.yml b/.github/workflows/lf-build-windows-x86_64.yml index adbb4c2e..8c21eae2 100644 --- a/.github/workflows/lf-build-windows-x86_64.yml +++ b/.github/workflows/lf-build-windows-x86_64.yml @@ -29,7 +29,7 @@ jobs: - 'windows-2025' # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 240e4d22..5030e975 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 with: egress-policy: audit