diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index af72bef..291b363 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1b495db..f77888b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-aarch64.yml b/.github/workflows/lf-build-linux-aarch64.yml index 7e8c034..02a1c83 100644 --- a/.github/workflows/lf-build-linux-aarch64.yml +++ b/.github/workflows/lf-build-linux-aarch64.yml @@ -34,7 +34,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-linux-x86_64.yml b/.github/workflows/lf-build-linux-x86_64.yml index 793116a..cb1aef3 100644 --- a/.github/workflows/lf-build-linux-x86_64.yml +++ b/.github/workflows/lf-build-linux-x86_64.yml @@ -34,7 +34,7 @@ jobs: # Transform the spaceā€separated string into a valid JSON array using shell commands (with sed), # then pass that result as an output to be used in the matrix of a subsequent job. - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit diff --git a/.github/workflows/lf-build-windows-x86_64.yml b/.github/workflows/lf-build-windows-x86_64.yml index 0ecf95d..e68c54e 100644 --- a/.github/workflows/lf-build-windows-x86_64.yml +++ b/.github/workflows/lf-build-windows-x86_64.yml @@ -30,7 +30,7 @@ jobs: - 'windows-2025' # https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit