Skip to content

ci: update action step-security/harden-runner from 8d3c67d to 9af89fc#14

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-tags/step-security-harden-runner-2.x
Open

ci: update action step-security/harden-runner from 8d3c67d to 9af89fc#14
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-tags/step-security-harden-runner-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 21, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence OpenSSF
step-security/harden-runner v2.19.0v2.19.4 age adoption passing confidence OpenSSF Scorecard

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.19.4

Compare Source

What's Changed
  • Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

Compare Source

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

Compare Source

What's Changed
  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

Compare Source

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers
If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from codeismyid as a code owner April 21, 2025 23:36
@renovate renovate Bot added bot Bot involvement dependency Additions or changes involving dependency renovate Anything from renovatebot workflow Additions or changes involving workflow labels Apr 21, 2025
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 21, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from f94ffa8 to 77f1e0e Compare May 9, 2025 07:37
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 77f1e0e to acd97d0 Compare June 11, 2025 20:10
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 0634a26 ci: update action step-security/harden-runner from c6295a6 to 002fdce Jun 11, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from acd97d0 to b6a2ca0 Compare June 30, 2025 13:38
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 002fdce ci: update action step-security/harden-runner from c6295a6 to 6c439dc Jun 30, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from b6a2ca0 to 701cb07 Compare July 15, 2025 23:24
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 6c439dc ci: update action step-security/harden-runner from c6295a6 to ec9f2d5 Jul 15, 2025
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to ec9f2d5 ci: update action step-security/harden-runner from c6295a6 to f4a75cf Sep 9, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 701cb07 to 4e8f45a Compare September 9, 2025 18:44
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to f4a75cf ci: update action step-security/harden-runner from c6295a6 to 95d9a5d Nov 5, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 4e8f45a to 880b181 Compare November 5, 2025 13:41
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 880b181 to a4c0ec4 Compare December 2, 2025 06:28
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 95d9a5d ci: update action step-security/harden-runner from c6295a6 to df199fb Dec 2, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from a4c0ec4 to 2d33b62 Compare December 10, 2025 02:51
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to df199fb ci: update action step-security/harden-runner from c6295a6 to 20cf305 Dec 10, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 2d33b62 to c309788 Compare January 26, 2026 05:39
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 20cf305 ci: update action step-security/harden-runner from c6295a6 to e3f713f Jan 26, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from c309788 to 09e6230 Compare February 7, 2026 04:25
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to e3f713f ci: update action step-security/harden-runner from c6295a6 to 5ef0c07 Feb 7, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 09e6230 to 9316e36 Compare February 25, 2026 02:41
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 5ef0c07 ci: update action step-security/harden-runner from c6295a6 to a90bcbc Feb 25, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 9316e36 to 7b14957 Compare March 8, 2026 11:55
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to a90bcbc ci: update action step-security/harden-runner from c6295a6 to 58077d3 Mar 8, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 7b14957 to 4f17f8d Compare March 16, 2026 10:50
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 58077d3 ci: update action step-security/harden-runner from c6295a6 to fa2e9d6 Mar 16, 2026
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to fa2e9d6 ci: update action step-security/harden-runner from c6295a6 to fe10465 Mar 31, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 4f17f8d to 0fcebdf Compare March 31, 2026 14:50
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 0fcebdf to 3e9d6e7 Compare April 9, 2026 17:47
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to fe10465 ci: update action step-security/harden-runner from c6295a6 to f808768 Apr 9, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 3e9d6e7 to 8b85219 Compare April 15, 2026 17:24
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to f808768 ci: update action step-security/harden-runner from c6295a6 to 6c3c2f2 Apr 15, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 8b85219 to 5e05cc5 Compare April 20, 2026 08:44
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 6c3c2f2 ci: update action step-security/harden-runner from c6295a6 to 8d3c67d Apr 20, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 5e05cc5 to 74ee9d2 Compare April 23, 2026 09:13
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 74ee9d2 to b9547db Compare May 2, 2026 17:41
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to 8d3c67d ci: update action step-security/harden-runner from c6295a6 to a5ad31d May 2, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from b9547db to 6da8b95 Compare May 2, 2026 20:58
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from c6295a6 to a5ad31d ci: update action step-security/harden-runner from 8d3c67d to a5ad31d May 2, 2026
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 8d3c67d to a5ad31d ci: update action step-security/harden-runner from 8d3c67d to 9ca718d May 13, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch 2 times, most recently from c8f7157 to b41e58c Compare May 15, 2026 01:51
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 8d3c67d to 9ca718d ci: update action step-security/harden-runner from 8d3c67d to ab7a940 May 15, 2026
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 8d3c67d to ab7a940 ci: update action step-security/harden-runner from 8d3c67d to 9af89fc May 21, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from b41e58c to 5dfef3a Compare May 21, 2026 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codeismyid codeismyid Awaiting requested review from codeismyid codeismyid is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bot Bot involvement dependency Additions or changes involving dependency renovate Anything from renovatebot workflow Additions or changes involving workflow

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter