diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d7e93356..030fb929 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ @@ -335,7 +335,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e6c1c150..f70665a8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 51a3f236..e9bbe3d8 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index 45b87e89..7aff91d7 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ea1bcd24..65077d06 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ @@ -97,7 +97,7 @@ jobs: contents: write steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index c7196350..1933310c 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4ab644a3..c8c3639a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: release_id: ${{ steps.release_info.outputs.tag }} steps: - - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + - uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index 6f10b053..3169e44b 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ @@ -149,7 +149,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: ${{ matrix.allowed-endpoints }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2a062c9d..aeb60a58 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/source-provenance.yml b/.github/workflows/source-provenance.yml index 1c7edf76..b9e873d2 100644 --- a/.github/workflows/source-provenance.yml +++ b/.github/workflows/source-provenance.yml @@ -21,7 +21,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ @@ -55,7 +55,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+ diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8f9c9826..c2b69ec4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block # dfetch.invalid and giiiiiidhub.com are intentionally invalid test diff --git a/.github/workflows/winget-publish.yml b/.github/workflows/winget-publish.yml index 052399e7..e0c2a21a 100644 --- a/.github/workflows/winget-publish.yml +++ b/.github/workflows/winget-publish.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)" - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: block allowed-endpoints: >+