From d491886bbc896975b2143d379cb1aded5edca1b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 16:07:40 +0000 Subject: [PATCH] Bump the actions group with 2 updates Bumps the actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `step-security/harden-runner` from 2.9.1 to 2.10.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7) Updates `actions/create-github-app-token` from 1.10.4 to 1.11.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/3378cda945da322a8db4b193e19d46352ebe2de5...5d869da34e18e7287c1daad50e0b8ea0f506ce69) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/add-to-project.yml | 2 +- .github/workflows/bump-version.yml | 2 +- .github/workflows/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index a7b43fd4d..c565a7a43 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -25,7 +25,7 @@ jobs: - name: Generate App Token id: token_generator - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }} private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }} diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index ba0d986cd..572a2723d 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -46,7 +46,7 @@ jobs: pypi.org:443 - name: Generate App Token id: token_generator - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }} private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 30d1ee4ef..97c8ae459 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -324,7 +324,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: disable-sudo: true egress-policy: audit