[PR #419] [MERGED] Update step-security/harden-runner action to v2.7.1 #429

New issue

Closed

opened 2026-03-03 14:31:08 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:31:08 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/419
Author: @renovate[bot]
Created: 4/29/2024
Status: ✅ Merged
Merged: 4/29/2024
Merged by: @konstruktoid

Base: master ← Head: renovate/step-security-harden-runner-2.x

📝 Commits (1)

badd5be Update step-security/harden-runner action to v2.7.1

📊 Changes

5 files changed (+5 additions, -5 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)
📝 .github/workflows/issues.yml (+1 -1)
📝 .github/workflows/scorecards.yml (+1 -1)
📝 .github/workflows/shellcheck.yml (+1 -1)
📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
step-security/harden-runner	action	patch	`v2.7.0` -> `v2.7.1`

Release Notes

step-security/harden-runner (step-security/harden-runner)

`v2.7.1`

Compare Source

What's Changed

Release v2.7.1 by @varunsh-coder, @h0x0er, @ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
Addresses minor bugs

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/419 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 4/29/2024 **Status:** ✅ Merged **Merged:** 4/29/2024 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `renovate/step-security-harden-runner-2.x` --- ### 📝 Commits (1) - [`badd5be`](https://github.com/konstruktoid/hardening/commit/badd5be22ac25421fca5f2aafb4037d1442b7346) Update step-security/harden-runner action to v2.7.1 ### 📊 Changes **5 files changed** (+5 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) 📝 `.github/workflows/issues.yml` (+1 -1) 📝 `.github/workflows/scorecards.yml` (+1 -1) 📝 `.github/workflows/shellcheck.yml` (+1 -1) 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | patch | `v2.7.0` -> `v2.7.1` | --- ### Release Notes <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1) ##### What's Changed Release v2.7.1 by [@varunsh-coder](https://togithub.com/varunsh-coder), [@h0x0er](https://togithub.com/h0x0er), [@ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397) This release: - Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners - Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project - Addresses minor bugs **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>