Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(action): update step-security/harden-runner action to v2.10.1 #882

Merged
merged 1 commit into from
Nov 7, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 30, 2024

This PR contains the following updates:

Package Type Update Change OpenSSF
step-security/harden-runner action minor v2.7.0 -> v2.10.1 OpenSSF Scorecard

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.10.1

Compare Source

What's Changed

Release v2.10.1 by @​varunsh-coder in https://github.com/step-security/harden-runner/pull/463
Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

v2.10.0

Compare Source

What's Changed

Release v2.10.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

v2.9.1

Compare Source

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #​440
This release includes two changes:

  1. Updated markdown displayed in the job summary by the Harden-Runner Action.
  2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

v2.8.1

Compare Source

What's Changed

Full Changelog: step-security/harden-runner@v2...v2.8.1

v2.8.0

Compare Source

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/416
This release includes:

  • File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
  • Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

Compare Source

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

  • Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
  • Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
  • Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1


Configuration

📅 Schedule: Branch creation - "before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 30, 2024
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.7.1 ci(action): update step-security/harden-runner action to v2.8.0 May 22, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 8ce6d57 to 5f588d5 Compare May 22, 2024 11:46
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 5f588d5 to f1a4817 Compare June 7, 2024 15:03
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.8.0 ci(action): update step-security/harden-runner action to v2.8.1 Jun 7, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from f1a4817 to 0084ae7 Compare July 18, 2024 22:49
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.8.1 ci(action): update step-security/harden-runner action to v2.9.0 Jul 18, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 0084ae7 to 38a2076 Compare August 5, 2024 23:05
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.9.0 ci(action): update step-security/harden-runner action to v2.9.1 Aug 5, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 38a2076 to 361761d Compare September 11, 2024 00:50
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.9.1 ci(action): update step-security/harden-runner action to v2.10.0 Sep 11, 2024
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 361761d to 5796372 Compare September 11, 2024 06:22
@renovate renovate bot changed the title ci(action): update step-security/harden-runner action to v2.10.0 ci(action): update step-security/harden-runner action to v2.10.1 Sep 11, 2024
@intcreator intcreator force-pushed the renovate/step-security-harden-runner-2.x branch from 5796372 to 39932ca Compare November 6, 2024 23:55
@intcreator intcreator merged commit b09438e into main Nov 7, 2024
18 checks passed
@intcreator intcreator deleted the renovate/step-security-harden-runner-2.x branch November 7, 2024 00:06
@ncb000gt
Copy link
Member

🎉 This PR is included in version 3.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

intcreator pushed a commit that referenced this pull request Nov 12, 2024
## [3.2.0](v3.1.9...v3.2.0) (2024-11-12)

### ✨ Features

* add support for Node v22 ([#914](#914)) ([9147b20](9147b20))

### ⚙️ Continuous Integrations

* **action:** update actions/checkout action to v4.2.2 ([#880](#880)) ([293f54a](293f54a))
* **action:** update actions/checkout digest to 11bd719 ([#879](#879)) ([0287c69](0287c69))
* **action:** update actions/setup-node digest to 39370e3 ([#889](#889)) ([0f7a3aa](0f7a3aa))
* **action:** update actions/upload-artifact action to v4.4.3 ([#878](#878)) ([226ad5b](226ad5b))
* **action:** update step-security/harden-runner action to v2.10.1 ([#882](#882)) ([b09438e](b09438e))

### ♻️ Chores

* **deps:** lock file maintenance ([ad613cb](ad613cb))
* **deps:** update dependency [@fast-check](https://github.com/fast-check)/jest to v2.0.3 ([2d00739](2d00739))
* **deps:** update dependency [@semantic-release](https://github.com/semantic-release)/github to v11.0.1 ([a17bbdd](a17bbdd))
* **deps:** update dependency [@types](https://github.com/types)/node to v20.17.6 ([4509c4d](4509c4d))
* **deps:** update dependency husky to v9 ([#844](#844)) ([9ea2216](9ea2216))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file released
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants