[PR #605] [MERGED] chore(deps): update step-security/harden-runner action to v2.12.0 #606

New issue

Closed

opened 2026-03-03 14:31:57 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:31:57 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/605
Author: @renovate[bot]
Created: 4/21/2025
Status: ✅ Merged
Merged: 4/28/2025
Merged by: @renovate[bot]

Base: master ← Head: renovate/step-security-harden-runner-2.x

---

📝 Commits (1)

• 564b20a chore(deps): update step-security/harden-runner action to v2.12.0

📊 Changes

5 files changed (+5 additions, -5 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)
📝 .github/workflows/issues.yml (+1 -1)
📝 .github/workflows/scorecards.yml (+1 -1)
📝 .github/workflows/shellcheck.yml (+1 -1)
📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
step-security/harden-runner	action	minor	v2.11.1 -> v2.12.0

---

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.12.0

Compare Source

What's Changed

1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.12.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/605 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 4/21/2025 **Status:** ✅ Merged **Merged:** 4/28/2025 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/step-security-harden-runner-2.x` --- ### 📝 Commits (1) - [`564b20a`](https://github.com/konstruktoid/hardening/commit/564b20aab3d6edec1311c0e53cf3ec38616e5e16) chore(deps): update step-security/harden-runner action to v2.12.0 ### 📊 Changes **5 files changed** (+5 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) 📝 `.github/workflows/issues.yml` (+1 -1) 📝 `.github/workflows/scorecards.yml` (+1 -1) 📝 `.github/workflows/shellcheck.yml` (+1 -1) 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://redirect.github.com/step-security/harden-runner) | action | minor | `v2.11.1` -> `v2.12.0` | --- ### Release Notes <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.12.0`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.12.0) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.11.1...v2.12.0) #### What's Changed 1. A new option, `disable-sudo-and-containers`, is now available to replace the `disable-sudo policy`, addressing Docker-based privilege escalation ([CVE-2025-32955](https://redirect.github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r)). More details can be found in this [blog post](https://www.stepsecurity.io/blog/evolving-harden-runners-disable-sudo-policy-for-improved-runner-security). 2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.12.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNDguNCIsInVwZGF0ZWRJblZlciI6IjM5LjI0OC40IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-03-03 14:31:57 +03:00

kerem referenced this issue 2026-03-03 14:31:57 +03:00

[PR #606] [CLOSED] build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 #607

kerem closed this issue 2026-03-03 14:31:57 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#606

No description provided.