starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-26 09:15:55 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[PR #464] [MERGED] chore(deps): update step-security/harden-runner action to v2.9.0 #474

New issue
Closed
opened 2026-03-03 14:31:20 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 14:31:20 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/464
Author: @renovate[bot]
Created: 7/19/2024
Status: Merged
Merged: 7/19/2024
Merged by: @renovate[bot]

Base: masterHead: renovate/step-security-harden-runner-2.x

📝 Commits (1)

  • 66034a9 chore(deps): update step-security/harden-runner action to v2.9.0

📊 Changes

5 files changed (+5 additions, -5 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)
📝 .github/workflows/issues.yml (+1 -1)
📝 .github/workflows/scorecards.yml (+1 -1)
📝 .github/workflows/shellcheck.yml (+1 -1)
📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

Mend Renovate

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action minor v2.8.1 -> v2.9.0

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.9.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/464 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 7/19/2024 **Status:** ✅ Merged **Merged:** 7/19/2024 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/step-security-harden-runner-2.x` --- ### 📝 Commits (1) - [`66034a9`](https://github.com/konstruktoid/hardening/commit/66034a9774f945577abf740fea0ecfe470b6a2ca) chore(deps): update step-security/harden-runner action to v2.9.0 ### 📊 Changes **5 files changed** (+5 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) 📝 `.github/workflows/issues.yml` (+1 -1) 📝 `.github/workflows/scorecards.yml` (+1 -1) 📝 `.github/workflows/shellcheck.yml` (+1 -1) 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and [@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM3LjQzMS40IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 14:31:20 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#474
No description provided.