Skip to content

Bump step-security/harden-runner from 2.16.0 to 2.16.1 in the github-actions group across 1 directory#49

Merged
angela-tarantula merged 1 commit intomainfrom
dependabot/github_actions/github-actions-bd09a0e644
Apr 8, 2026
Merged

Bump step-security/harden-runner from 2.16.0 to 2.16.1 in the github-actions group across 1 directory#49
angela-tarantula merged 1 commit intomainfrom
dependabot/github_actions/github-actions-bd09a0e644

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps the github-actions group with 1 update in the / directory: step-security/harden-runner.

Updates step-security/harden-runner from 2.16.0 to 2.16.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.16.1

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: step-security/harden-runner@v2.16.0...v2.16.1

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 8, 2026
@dependabot dependabot bot requested a review from angela-tarantula as a code owner April 8, 2026 04:25
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 8, 2026
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:25 Inactive
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:25 Inactive
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:25 Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f972224.
Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/step-security/harden-runner fe104658747b27e96e4f7e80cd0a94068e53901d 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1013 out of 13 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1010 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 013 existing vulnerabilities detected

Scanned Files

  • .github/workflows/codeql.yml
  • .github/workflows/stale.yml

@dependabot dependabot bot changed the title Bump step-security/harden-runner from 2.16.0 to 2.16.1 in the github-actions group Bump step-security/harden-runner from 2.16.0 to 2.16.1 in the github-actions group across 1 directory Apr 8, 2026
@dependabot
Bump step-security/harden-runner in the github-actions group
f972224 
Bumps the github-actions group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner).


Updates `step-security/harden-runner` from 2.16.0 to 2.16.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@v2.16.0...fe10465)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-bd09a0e644 branch from 702e707 to f972224 Compare April 8, 2026 04:28
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:28 Inactive
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:28 Inactive
@dependabot dependabot bot temporarily deployed to codecov-automation April 8, 2026 04:28 Inactive
@angela-tarantula angela-tarantula merged commit f23d745 into main Apr 8, 2026
11 checks passed
@angela-tarantula angela-tarantula deleted the dependabot/github_actions/github-actions-bd09a0e644 branch April 8, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@angela-tarantula angela-tarantula angela-tarantula approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@angela-tarantula