diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 895e2ad7..19ad11d9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ @@ -334,7 +334,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 526b8d73..6d5136ef 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c5e77a84..0b6231d2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index d97e9a9b..8289421c 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ce3ee6b9..8c53cd1b 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ @@ -97,7 +97,7 @@ jobs: contents: write steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 3a87f38c..26ed9894 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f67d1ec5..f525a534 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: release_id: ${{ steps.release_info.outputs.tag }} steps: - - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index b790460b..e98e03c7 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ @@ -149,7 +149,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: ${{ matrix.allowed-endpoints }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b5a6a187..04e213f1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/source-provenance.yml b/.github/workflows/source-provenance.yml index ff8eed00..8273bbcd 100644 --- a/.github/workflows/source-provenance.yml +++ b/.github/workflows/source-provenance.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 48a2a3da..a598ccf7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: block # dfetch.invalid and giiiiiidhub.com are intentionally invalid test