Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit32b72bf

Browse files
ci: bump the github-actions group with 3 updates (#19824)
Bumps the github-actions group with 3 updates:[step-security/harden-runner](https://github.com/step-security/harden-runner),[tj-actions/changed-files](https://github.com/tj-actions/changed-files)and [github/codeql-action](https://github.com/github/codeql-action).Updates `step-security/harden-runner` from 2.13.0 to 2.13.1<details><summary>Release notes</summary><p><em>Sourced from <ahref="https://github.com/step-security/harden-runner/releases">step-security/harden-runner'sreleases</a>.</em></p><blockquote><h2>v2.13.1</h2><h2>What's Changed</h2><ul><li><p>Graceful handling of HTTP errors: Improved error handling whenfetching Harden Runner policies from the StepSecurity Policy Store API,ensuring more reliable execution even in case of temporary network/APIissues.</p></li><li><p>Security updates for npm dependencies: Updated vulnerable npm packagedependencies to the latest secure versions.</p></li><li><p>Faster enterprise agent downloads: The enterprise agent is nowdownloaded from GitHub Releases instead of packages.stepsecurity.io,improving download speed and reliability.</p></li></ul><p><strong>Full Changelog</strong>: <ahref="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p></blockquote></details><details><summary>Commits</summary><ul><li><ahref="https://github.com/step-security/harden-runner/commit/f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a"><code>f4a75cf</code></a>Merge pull request <ahref="https://redirect.github.com/step-security/harden-runner/issues/588">#588</a>from step-security/rc-26</li><li><ahref="https://github.com/step-security/harden-runner/commit/95503d076c107b91d03775aee93f4cb86a134dda"><code>95503d0</code></a>ci: remove code-review workflow</li><li><ahref="https://github.com/step-security/harden-runner/commit/4b250a07397b4cabc038948e3d832967764db6b4"><code>4b250a0</code></a>ci: add job to confirm dist is as expected</li><li><ahref="https://github.com/step-security/harden-runner/commit/5b0ab6abcf4c643b4ddf49d19fdb13c5821d124b"><code>5b0ab6a</code></a>update dependencies</li><li><ahref="https://github.com/step-security/harden-runner/commit/d11f2c1d65a99d8b0f20925c425d4d932e6d3366"><code>d11f2c1</code></a>fix bug where status code was not being preserved</li><li><ahref="https://github.com/step-security/harden-runner/commit/b3fc98e4dfca39273624a95b9c5fd70d759997e5"><code>b3fc98e</code></a>improve error handling for policy store sceanrio</li><li><ahref="https://github.com/step-security/harden-runner/commit/92fc5d4bf78f09f5494523f3d8f2f85786fe757f"><code>92fc5d4</code></a>update error message</li><li><ahref="https://github.com/step-security/harden-runner/commit/b61b0a4938ef1a80f368fbb9a0abcf78846e15a4"><code>b61b0a4</code></a>policy store improvements</li><li><ahref="https://github.com/step-security/harden-runner/commit/e3d3f2baeacadcbf3b2ad500171dd444855d4577"><code>e3d3f2b</code></a>use GitHub release instead of packages</li><li><ahref="https://github.com/step-security/harden-runner/commit/646ac01e72c16075733090f55857fc2f2d9a7e7a"><code>646ac01</code></a>update agent</li><li>Additional commits viewable in <ahref="https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a">compareview</a></li></ul></details><br />Updates `tj-actions/changed-files` from8c14441336bb3d84fd6b7fa83b6d7201c740baf5 to1ac60965030588f3b867cdd4a3900f37ec99970c<details><summary>Changelog</summary><p><em>Sourced from <ahref="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files'schangelog</a>.</em></p><blockquote><h1>Changelog</h1><h1><ahref="https://github.com/tj-actions/changed-files/compare/v46.0.5...v47.0.0">47.0.0</a>- (2025-09-13)</h1><h2><!-- raw HTML omitted -->🚀 Features</h2><ul><li>Add any_added to outputs (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2567">#2567</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/c260d49a827b5eb266673bed7871c5d3ee9b5aef">c260d49</a>)- (Jellyfrog)</li></ul><h2><!-- raw HTML omitted -->➖ Remove</h2><ul><li>Commit and push step from build job (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2538">#2538</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/be393a90381e27c9fec2c8c2e02b00f005710145">be393a9</a>)- (Tonye Jack)</li></ul><h2><!-- raw HTML omitted -->🔄 Update</h2><ul><li>Updated README.md (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2592">#2592</a>)</li></ul><p>Co-authored-by: github-actions[bot]&lt;41898282+github-actions[bot]<ahref="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;(<ahref="https://github.com/tj-actions/changed-files/commit/3dbc1e181273d808ccff822a6e00cf18b6628ef0">3dbc1e1</a>)- (github-actions[bot])</p><ul><li>Updated README.md (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2591">#2591</a>)</li></ul><p>Co-authored-by: github-actions[bot]&lt;41898282+github-actions[bot]<ahref="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;(<ahref="https://github.com/tj-actions/changed-files/commit/b1ccff8c0892ad141d7d2de6f31e526a9dad931f">b1ccff8</a>)- (github-actions[bot])</p><ul><li>Updated README.md (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2574">#2574</a>)</li></ul><p>Co-authored-by: github-actions[bot]&lt;41898282+github-actions[bot]<ahref="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;(<ahref="https://github.com/tj-actions/changed-files/commit/050a3d3360d29711ee9d8210fc639d902d23ad07">050a3d3</a>)- (github-actions[bot])</p><h2><!-- raw HTML omitted -->📚 Documentation</h2><ul><li>Update link to glob patterns (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2590">#2590</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/a892f50f7a7187bc288633c09230b09ce7ad8fd0">a892f50</a>)- (Tonye Jack)</li><li>Add Jellyfrog as a contributor for code, and doc (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2573">#2573</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/f000a9b97f254f9590ff26f651cccde827ad36da">f000a9b</a>)- (allcontributors[bot])</li></ul><h2><!-- raw HTML omitted -->🧪 Testing</h2><ul><li>Manual triggered workflows (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2637">#2637</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/c2ca2493190021783138cb8aac49bcee14b4bb89">c2ca249</a>)- (Tonye Jack)</li></ul><h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2><ul><li><strong>deps-dev:</strong> Bump jest from 30.0.5 to 30.1.3 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2655">#2655</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/9a6755550a331fdcc8ec45443738933f8fa22eea">9a67555</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump tj-actions/git-cliff from 2.1.0 to 2.2.0(<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2660">#2660</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/b67e30df88f43e244f4e83775e5ad8335114fb95">b67e30d</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump github/codeql-action from 3.30.2 to3.30.3 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2661">#2661</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/62aef422ffa195474d80d73387535cf4622b2824">62aef42</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump github/codeql-action from 3.29.11 to3.30.2 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2659">#2659</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/e874f3cddd0f54ae776e6995ae6dae4cf40fd3d3">e874f3c</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump actions/setup-node from 4.4.0 to 5.0.0(<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2656">#2656</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/8c14441336bb3d84fd6b7fa83b6d7201c740baf5">8c14441</a>)- (dependabot[bot])</li><li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from24.3.0 to 24.3.1 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2657">#2657</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/e995ac4be5be2bcb6e29556edc51fb63aca6b49b">e995ac4</a>)- (dependabot[bot])</li><li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from24.2.1 to 24.3.0 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2649">#2649</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/3b04099b21072562f07469c10deb182b24236ca9">3b04099</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump github/codeql-action from 3.29.9 to3.29.11 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2651">#2651</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/e7b6c977e51984988e3cc1d6b18abe2a3ba8daaa">e7b6c97</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump tj-actions/git-cliff from 2.0.2 to 2.1.0(<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2648">#2648</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/765d62bc041415a5b494ef13d02d566128b25973">765d62b</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump github/codeql-action from 3.29.8 to3.29.9 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2647">#2647</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/2036da178f85576f1940fedb74bb93a36cd89ab7">2036da1</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump github/codeql-action from 3.29.7 to3.29.8 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2644">#2644</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/239aef84a5502c79a1cea96e495d17588c66c659">239aef8</a>)- (dependabot[bot])</li><li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from24.2.0 to 24.2.1 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2645">#2645</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/a7d5f5f4919b6dbc6d3a3689887964361e8dd88f">a7d5f5f</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump actions/checkout from 4.2.2 to 5.0.0 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2646">#2646</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/5107f3abcc0c3737db51e2949f181e2c197d4d5b">5107f3a</a>)- (dependabot[bot])</li><li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from24.1.0 to 24.2.0 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2640">#2640</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/f963b3f3562b00b6d2dd25efc390eb04e51ef6c6">f963b3f</a>)- (dependabot[bot])</li><li><strong>deps:</strong> Bump actions/download-artifact from 4.3.0 to5.0.0 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2641">#2641</a>)(<ahref="https://github.com/tj-actions/changed-files/commit/f956744105e18d78bba3844a1199ce43d6503017">f956744</a>)- (dependabot[bot])</li></ul><!-- raw HTML omitted --></blockquote><p>... (truncated)</p></details><details><summary>Commits</summary><ul><li><ahref="https://github.com/tj-actions/changed-files/commit/1ac60965030588f3b867cdd4a3900f37ec99970c"><code>1ac6096</code></a>Upgraded to v47 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2663">#2663</a>)</li><li><ahref="https://github.com/tj-actions/changed-files/commit/24d32ffd492484c1d75e0c0b894501ddb9d30d62"><code>24d32ff</code></a>upgrade: to node24 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2662">#2662</a>)</li><li><ahref="https://github.com/tj-actions/changed-files/commit/9a6755550a331fdcc8ec45443738933f8fa22eea"><code>9a67555</code></a>chore(deps-dev): bump jest from 30.0.5 to 30.1.3 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2655">#2655</a>)</li><li><ahref="https://github.com/tj-actions/changed-files/commit/b67e30df88f43e244f4e83775e5ad8335114fb95"><code>b67e30d</code></a>chore(deps): bump tj-actions/git-cliff from 2.1.0 to 2.2.0 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2660">#2660</a>)</li><li><ahref="https://github.com/tj-actions/changed-files/commit/62aef422ffa195474d80d73387535cf4622b2824"><code>62aef42</code></a>chore(deps): bump github/codeql-action from 3.30.2 to 3.30.3 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2661">#2661</a>)</li><li><ahref="https://github.com/tj-actions/changed-files/commit/e874f3cddd0f54ae776e6995ae6dae4cf40fd3d3"><code>e874f3c</code></a>chore(deps): bump github/codeql-action from 3.29.11 to 3.30.2 (<ahref="https://redirect.github.com/tj-actions/changed-files/issues/2659">#2659</a>)</li><li>See full diff in <ahref="https://github.com/tj-actions/changed-files/compare/8c14441336bb3d84fd6b7fa83b6d7201c740baf5...1ac60965030588f3b867cdd4a3900f37ec99970c">compareview</a></li></ul></details><br />Updates `github/codeql-action` from 3.30.1 to 3.30.3<details><summary>Release notes</summary><p><em>Sourced from <ahref="https://github.com/github/codeql-action/releases">github/codeql-action'sreleases</a>.</em></p><blockquote><h2>v3.30.3</h2><h1>CodeQL Action Changelog</h1><p>See the <ahref="https://github.com/github/codeql-action/releases">releasespage</a> for the relevant changes to the CodeQL CLI and languagepacks.</p><h2>3.30.3 - 10 Sep 2025</h2><p>No user facing changes.</p><p>See the full <ahref="https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md">CHANGELOG.md</a>for more information.</p><h2>v3.30.2</h2><h1>CodeQL Action Changelog</h1><p>See the <ahref="https://github.com/github/codeql-action/releases">releasespage</a> for the relevant changes to the CodeQL CLI and languagepacks.</p><h2>3.30.2 - 09 Sep 2025</h2><ul><li>Fixed a bug which could cause language autodetection to fail. <ahref="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li><li>Experimental: The <code>quality-queries</code> input that was addedin <code>3.29.2</code> as part of an internal experiment is nowdeprecated and will be removed in an upcoming version of the CodeQLAction. It has been superseded by a new <code>analysis-kinds</code>input, which is part of the same internal experiment. Do not use this inproduction as it is subject to change at any time. <ahref="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li></ul><p>See the full <ahref="https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md">CHANGELOG.md</a>for more information.</p></blockquote></details><details><summary>Changelog</summary><p><em>Sourced from <ahref="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action'schangelog</a>.</em></p><blockquote><h1>CodeQL Action Changelog</h1><p>See the <ahref="https://github.com/github/codeql-action/releases">releasespage</a> for the relevant changes to the CodeQL CLI and languagepacks.</p><h2>[UNRELEASED]</h2><ul><li>We have improved the CodeQL Action's ability to validate that theworkflow it is used in does not use different versions of the CodeQLAction for different workflow steps. Mixing different versions of theCodeQL Action in the same workflow is unsupported and can lead tounpredictable results. A warning will now be emitted from the<code>codeql-action/init</code> step if different versions of the CodeQLAction are detected in the workflow file. Additionally, an error willnow be thrown by the other CodeQL Action steps if they load aconfiguration file that was generated by a different version of the<code>codeql-action/init</code> step. <ahref="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>and <ahref="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li><li>We added support for reducing the size of dependency caches for Javaanalyses, which will reduce cache usage and speed up workflows. Thiswill be enabled automatically at a later time. <ahref="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li></ul><h2>3.30.3 - 10 Sep 2025</h2><p>No user facing changes.</p><h2>3.30.2 - 09 Sep 2025</h2><ul><li>Fixed a bug which could cause language autodetection to fail. <ahref="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li><li>Experimental: The <code>quality-queries</code> input that was addedin <code>3.29.2</code> as part of an internal experiment is nowdeprecated and will be removed in an upcoming version of the CodeQLAction. It has been superseded by a new <code>analysis-kinds</code>input, which is part of the same internal experiment. Do not use this inproduction as it is subject to change at any time. <ahref="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li></ul><h2>3.30.1 - 05 Sep 2025</h2><ul><li>Update default CodeQL bundle version to 2.23.0. <ahref="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li></ul><h2>3.30.0 - 01 Sep 2025</h2><ul><li>Reduce the size of the CodeQL Action, speeding up workflows byapproximately 4 seconds. <ahref="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li></ul><h2>3.29.11 - 21 Aug 2025</h2><ul><li>Update default CodeQL bundle version to 2.22.4. <ahref="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li></ul><h2>3.29.10 - 18 Aug 2025</h2><p>No user facing changes.</p><h2>3.29.9 - 12 Aug 2025</h2><p>No user facing changes.</p><h2>3.29.8 - 08 Aug 2025</h2><ul><li>Fix an issue where the Action would autodetect unsupported languagessuch as HTML. <ahref="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li></ul><h2>3.29.7 - 07 Aug 2025</h2><p>This release rolls back 3.29.6 to address issues with languageautodetection. It is identical to 3.29.5.</p><h2>3.29.6 - 07 Aug 2025</h2><ul><li>The <code>cleanup-level</code> input to the <code>analyze</code>Action is now deprecated. The CodeQL Action has written a limited amountof intermediate results to the database since version 2.2.5, and nowautomatically manages cleanup. <ahref="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li><li>Update default CodeQL bundle version to 2.22.3. <ahref="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li></ul><!-- raw HTML omitted --></blockquote><p>... (truncated)</p></details><details><summary>Commits</summary><ul><li><ahref="https://github.com/github/codeql-action/commit/192325c86100d080feab897ff886c34abd4c83a3"><code>192325c</code></a>Merge pull request <ahref="https://redirect.github.com/github/codeql-action/issues/3104">#3104</a>from github/update-v3.30.3-b660efdcf</li><li><ahref="https://github.com/github/codeql-action/commit/e68956d90b7fe2260904652cd8de5d73563e4944"><code>e68956d</code></a>Update changelog for v3.30.3</li><li><ahref="https://github.com/github/codeql-action/commit/b660efdcfdfa893d74568cd884067ed18e8d6f88"><code>b660efd</code></a>Merge pull request <ahref="https://redirect.github.com/github/codeql-action/issues/3103">#3103</a>from github/mbg/fix/category-check</li><li><ahref="https://github.com/github/codeql-action/commit/e49458befe579c5a1088aacda9f2ae384da104ff"><code>e49458b</code></a>Fix <code>runInterpretResultsFor</code> using the wrong<code>AnalysisConfig</code> for <code>category</code> fix</li><li><ahref="https://github.com/github/codeql-action/commit/f374a62c8bedef779582aeb425a68f7798f2078c"><code>f374a62</code></a>Merge pull request <ahref="https://redirect.github.com/github/codeql-action/issues/3098">#3098</a>from github/kaspersv/increase-overlay-base-size-limit</li><li><ahref="https://github.com/github/codeql-action/commit/5efa438e92992578d794ae4ceed960bf81011677"><code>5efa438</code></a>Merge pull request <ahref="https://redirect.github.com/github/codeql-action/issues/3101">#3101</a>from github/mbg/public-repo-notice-in-pr-template</li><li><ahref="https://github.com/github/codeql-action/commit/8a84a62542ea24fd569eb5afdfb2507c25328ab9"><code>8a84a62</code></a>Overlay: Increase size limit for cached overlay base database</li><li><ahref="https://github.com/github/codeql-action/commit/eb50a881d87eb8488328fefe024ae2f6add8384f"><code>eb50a88</code></a>Merge pull request <ahref="https://redirect.github.com/github/codeql-action/issues/3097">#3097</a>from github/redsun82/only-dump-sarif</li><li><ahref="https://github.com/github/codeql-action/commit/4c534612bf77788909753a5602e96710156f5758"><code>4c53461</code></a>Tweak sarif dump log</li><li><ahref="https://github.com/github/codeql-action/commit/dae3742b0a3b9e08acc580e15ef74bdc454d650a"><code>dae3742</code></a>Dump soon to be uploaded SARIF on request</li><li>Additional commits viewable in <ahref="https://github.com/github/codeql-action/compare/f1f6e5f6af878fb37288ce1c627459e94dbf7d01...192325c86100d080feab897ff886c34abd4c83a3">compareview</a></li></ul></details><br />Dependabot will resolve any conflicts with this PR as long as you don'talter it yourself. You can also trigger a rebase manually by commenting`@dependabot rebase`.[//]: # (dependabot-automerge-start)[//]: # (dependabot-automerge-end)---<details><summary>Dependabot commands and options</summary><br />You can trigger Dependabot actions by commenting on this PR:- `@dependabot rebase` will rebase this PR- `@dependabot recreate` will recreate this PR, overwriting any editsthat have been made to it- `@dependabot merge` will merge this PR after your CI passes on it- `@dependabot squash and merge` will squash and merge this PR afteryour CI passes on it- `@dependabot cancel merge` will cancel a previously requested mergeand block automerging- `@dependabot reopen` will reopen this PR if it is closed- `@dependabot close` will close this PR and stop Dependabot recreatingit. You can achieve the same result by closing it manually- `@dependabot show <dependency name> ignore conditions` will show allof the ignore conditions of the specified dependency- `@dependabot ignore <dependency name> major version` will close thisgroup update PR and stop Dependabot creating any more for the specificdependency's major version (unless you unignore this specificdependency's major version or upgrade to it yourself)- `@dependabot ignore <dependency name> minor version` will close thisgroup update PR and stop Dependabot creating any more for the specificdependency's minor version (unless you unignore this specificdependency's minor version or upgrade to it yourself)- `@dependabot ignore <dependency name>` will close this group update PRand stop Dependabot creating any more for the specific dependency(unless you unignore this specific dependency or upgrade to it yourself)- `@dependabot unignore <dependency name>` will remove all of the ignoreconditions of the specified dependency- `@dependabot unignore <dependency name> <ignore condition>` willremove the ignore condition of the specified dependency and ignoreconditions</details>Signed-off-by: dependabot[bot] <support@github.com>Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent4fde5f8 commit32b72bf

14 files changed

+46
-46
lines changed

‎.github/workflows/ci.yaml‎

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
tailnet-integration:${{ steps.filter.outputs.tailnet-integration }}
3535
steps:
3636
-name:Harden Runner
37-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
37+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
3838
with:
3939
egress-policy:audit
4040

@@ -156,7 +156,7 @@ jobs:
156156
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
157157
steps:
158158
-name:Harden Runner
159-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
159+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
160160
with:
161161
egress-policy:audit
162162

@@ -234,7 +234,7 @@ jobs:
234234
if:${{ !cancelled() }}
235235
steps:
236236
-name:Harden Runner
237-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
237+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
238238
with:
239239
egress-policy:audit
240240

@@ -290,7 +290,7 @@ jobs:
290290
timeout-minutes:7
291291
steps:
292292
-name:Harden Runner
293-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
293+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
294294
with:
295295
egress-policy:audit
296296

@@ -340,7 +340,7 @@ jobs:
340340
-windows-2022
341341
steps:
342342
-name:Harden Runner
343-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
343+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
344344
with:
345345
egress-policy:audit
346346

@@ -543,7 +543,7 @@ jobs:
543543
timeout-minutes:25
544544
steps:
545545
-name:Harden Runner
546-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
546+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
547547
with:
548548
egress-policy:audit
549549

@@ -592,7 +592,7 @@ jobs:
592592
timeout-minutes:25
593593
steps:
594594
-name:Harden Runner
595-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
595+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
596596
with:
597597
egress-policy:audit
598598

@@ -652,7 +652,7 @@ jobs:
652652
timeout-minutes:20
653653
steps:
654654
-name:Harden Runner
655-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
655+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
656656
with:
657657
egress-policy:audit
658658

@@ -679,7 +679,7 @@ jobs:
679679
timeout-minutes:20
680680
steps:
681681
-name:Harden Runner
682-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
682+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
683683
with:
684684
egress-policy:audit
685685

@@ -712,7 +712,7 @@ jobs:
712712
name:${{ matrix.variant.name }}
713713
steps:
714714
-name:Harden Runner
715-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
715+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
716716
with:
717717
egress-policy:audit
718718

@@ -784,7 +784,7 @@ jobs:
784784
if:needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
785785
steps:
786786
-name:Harden Runner
787-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
787+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
788788
with:
789789
egress-policy:audit
790790

@@ -865,7 +865,7 @@ jobs:
865865

866866
steps:
867867
-name:Harden Runner
868-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
868+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
869869
with:
870870
egress-policy:audit
871871

@@ -935,7 +935,7 @@ jobs:
935935
if:always()
936936
steps:
937937
-name:Harden Runner
938-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
938+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
939939
with:
940940
egress-policy:audit
941941

@@ -1054,7 +1054,7 @@ jobs:
10541054
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
10551055
steps:
10561056
-name:Harden Runner
1057-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
1057+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
10581058
with:
10591059
egress-policy:audit
10601060

@@ -1109,7 +1109,7 @@ jobs:
11091109
IMAGE:ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
11101110
steps:
11111111
-name:Harden Runner
1112-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
1112+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
11131113
with:
11141114
egress-policy:audit
11151115

@@ -1484,7 +1484,7 @@ jobs:
14841484
id-token:write
14851485
steps:
14861486
-name:Harden Runner
1487-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
1487+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
14881488
with:
14891489
egress-policy:audit
14901490

@@ -1549,7 +1549,7 @@ jobs:
15491549
if:github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
15501550
steps:
15511551
-name:Harden Runner
1552-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
1552+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
15531553
with:
15541554
egress-policy:audit
15551555

@@ -1585,7 +1585,7 @@ jobs:
15851585
if:needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
15861586
steps:
15871587
-name:Harden Runner
1588-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
1588+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
15891589
with:
15901590
egress-policy:audit
15911591

‎.github/workflows/docker-base.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
if:github.repository_owner == 'coder'
3939
steps:
4040
-name:Harden Runner
41-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
41+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
4242
with:
4343
egress-policy:audit
4444

‎.github/workflows/docs-ci.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
-name:Setup Node
3131
uses:./.github/actions/setup-node
3232

33-
-uses:tj-actions/changed-files@8c14441336bb3d84fd6b7fa83b6d7201c740baf5# v45.0.7
33+
-uses:tj-actions/changed-files@1ac60965030588f3b867cdd4a3900f37ec99970c# v45.0.7
3434
id:changed-files
3535
with:
3636
files:|

‎.github/workflows/dogfood.yaml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }}
2727
steps:
2828
-name:Harden Runner
29-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
29+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
3030
with:
3131
egress-policy:audit
3232

@@ -125,7 +125,7 @@ jobs:
125125
id-token:write
126126
steps:
127127
-name:Harden Runner
128-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
128+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
129129
with:
130130
egress-policy:audit
131131

‎.github/workflows/nightly-gauntlet.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
-windows-2022
2828
steps:
2929
-name:Harden Runner
30-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
30+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
3131
with:
3232
egress-policy:audit
3333

‎.github/workflows/pr-auto-assign.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on:ubuntu-latest
1616
steps:
1717
-name:Harden Runner
18-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
18+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
1919
with:
2020
egress-policy:audit
2121

‎.github/workflows/pr-cleanup.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
packages:write
2020
steps:
2121
-name:Harden Runner
22-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
22+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
2323
with:
2424
egress-policy:audit
2525

‎.github/workflows/pr-deploy.yaml‎

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
PR_OPEN:${{ steps.check_pr.outputs.pr_open }}
4040
steps:
4141
-name:Harden Runner
42-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
42+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
4343
with:
4444
egress-policy:audit
4545

@@ -76,7 +76,7 @@ jobs:
7676
runs-on:"ubuntu-latest"
7777
steps:
7878
-name:Harden Runner
79-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
79+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
8080
with:
8181
egress-policy:audit
8282

@@ -184,7 +184,7 @@ jobs:
184184
pull-requests:write# needed for commenting on PRs
185185
steps:
186186
-name:Harden Runner
187-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
187+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
188188
with:
189189
egress-policy:audit
190190

@@ -228,7 +228,7 @@ jobs:
228228
CODER_IMAGE_TAG:${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
229229
steps:
230230
-name:Harden Runner
231-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
231+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
232232
with:
233233
egress-policy:audit
234234

@@ -288,7 +288,7 @@ jobs:
288288
PR_HOSTNAME:"pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
289289
steps:
290290
-name:Harden Runner
291-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
291+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
292292
with:
293293
egress-policy:audit
294294

‎.github/workflows/release-validation.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414

1515
steps:
1616
-name:Harden Runner
17-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
17+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
1818
with:
1919
egress-policy:audit
2020

‎.github/workflows/release.yaml‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,7 @@ jobs:
164164
version:${{ steps.version.outputs.version }}
165165
steps:
166166
-name:Harden Runner
167-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
167+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
168168
with:
169169
egress-policy:audit
170170

@@ -802,7 +802,7 @@ jobs:
802802
# TODO: skip this if it's not a new release (i.e. a backport). This is
803803
# fine right now because it just makes a PR that we can close.
804804
-name:Harden Runner
805-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
805+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
806806
with:
807807
egress-policy:audit
808808

@@ -878,7 +878,7 @@ jobs:
878878

879879
steps:
880880
-name:Harden Runner
881-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
881+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
882882
with:
883883
egress-policy:audit
884884

@@ -971,7 +971,7 @@ jobs:
971971
if:${{ !inputs.dry_run }}
972972
steps:
973973
-name:Harden Runner
974-
uses:step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911# v2.13.0
974+
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
975975
with:
976976
egress-policy:audit
977977

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp