diff --git a/.github/workflows/approve-bot-pr.yml b/.github/workflows/approve-bot-pr.yml index 4a5ebdb1..1a21239a 100644 --- a/.github/workflows/approve-bot-pr.yml +++ b/.github/workflows/approve-bot-pr.yml @@ -40,7 +40,7 @@ jobs: if: github.actor == 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/approve-it.yml b/.github/workflows/approve-it.yml index 065f1c7f..7576a3c0 100644 --- a/.github/workflows/approve-it.yml +++ b/.github/workflows/approve-it.yml @@ -45,7 +45,7 @@ jobs: if: github.actor == 'claudioandre-br' || github.actor == 'solardiz' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/build_CI.yml b/.github/workflows/build_CI.yml index 970585df..cf47ff2b 100644 --- a/.github/workflows/build_CI.yml +++ b/.github/workflows/build_CI.yml @@ -63,7 +63,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit diff --git a/.github/workflows/cflite_fuzz.yml b/.github/workflows/cflite_fuzz.yml index 612e1feb..9931a0b6 100644 --- a/.github/workflows/cflite_fuzz.yml +++ b/.github/workflows/cflite_fuzz.yml @@ -48,7 +48,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c120c0ca..455c14bd 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 03ff2d92..c9136ecf 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -44,7 +44,7 @@ jobs: if: github.repository == 'openwall/john-packages' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9a5dccfd..958f02fa 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/flatpak-bundle.yml b/.github/workflows/flatpak-bundle.yml index 7b3c90cb..9897e638 100644 --- a/.github/workflows/flatpak-bundle.yml +++ b/.github/workflows/flatpak-bundle.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index de71dc87..12b3b5d5 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -42,7 +42,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 383e671c..54fd5d6d 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/merge-pr.yml b/.github/workflows/merge-pr.yml index e19b38ab..40ce3f5b 100644 --- a/.github/workflows/merge-pr.yml +++ b/.github/workflows/merge-pr.yml @@ -61,7 +61,7 @@ jobs: if: github.actor == 'claudioandre-br' || github.actor == 'solardiz' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 608494d5..936cd8d0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block @@ -72,7 +72,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d84e0980..2dc23090 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: (github.event_name == 'push' || github.event_name == 'schedule') steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index d2fbdf46..3ac10559 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -48,7 +48,7 @@ jobs: cancel-in-progress: true steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > @@ -84,7 +84,7 @@ jobs: if: (success() || failure()) && needs.spelling.outputs.followup && github.event_name == 'push' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > @@ -114,7 +114,7 @@ jobs: if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, 'pull_request') steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 70dd3417..093fc721 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/trivy-scanfs.yml b/.github/workflows/trivy-scanfs.yml index 248e70eb..663b16fc 100644 --- a/.github/workflows/trivy-scanfs.yml +++ b/.github/workflows/trivy-scanfs.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index b9ee4986..a4c7d2dd 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -45,7 +45,7 @@ jobs: (github.event_name == 'push' || github.event_name == 'schedule') steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 07eeb7cb..3cbe2370 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: if: github.actor != 'dependabot[bot]' && github.actor != 'step-security-bot' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block @@ -69,7 +69,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block