From d9306313fd587582bbd723b43a562364b70ec40e Mon Sep 17 00:00:00 2001
From: Craig Edwards <craigedwards@brainbox.cc>
Date: Wed, 20 Sep 2023 08:53:49 +0000
Subject: [PATCH] harden runner

---
 .github/workflows/target-master.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/target-master.yml b/.github/workflows/target-master.yml
index 36a37fa516..d3e4063ff8 100644
--- a/.github/workflows/target-master.yml
+++ b/.github/workflows/target-master.yml
@@ -9,7 +9,13 @@ jobs:
   run:
     runs-on: ubuntu-latest
     steps:
-    - uses: superbrothers/close-pull-request@9c18513d320d7b2c7185fb93396d0c664d5d8448 # v3.1.2
-      with:
-        comment: "Thank you for your contribution, but PRs must be raised against the `dev` branch. Please log your issue against the `dev` branch not `master`. You can also retarget this pull request, then reopen it."
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
+
+      - name: Close PRs
+        uses: superbrothers/close-pull-request@9c18513d320d7b2c7185fb93396d0c664d5d8448 # v3.1.2
+        with:
+          comment: "Thank you for your contribution, but PRs must be raised against the `dev` branch. Please log your issue against the `dev` branch not `master`. You can also retarget this pull request, then reopen it."