starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-26 17:25:52 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[PR #666] [MERGED] chore(deps): update step-security/harden-runner action to v2.13.1 #663

New issue
Closed
opened 2026-03-03 14:32:13 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 14:32:13 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/666
Author: @renovate[bot]
Created: 9/10/2025
Status: Merged
Merged: 9/13/2025
Merged by: @renovate[bot]

Base: masterHead: renovate/step-security-harden-runner-2.x

📝 Commits (1)

  • 4173947 chore(deps): update step-security/harden-runner action to v2.13.1

📊 Changes

5 files changed (+5 additions, -5 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)
📝 .github/workflows/issues.yml (+1 -1)
📝 .github/workflows/scorecards.yml (+1 -1)
📝 .github/workflows/shellcheck.yml (+1 -1)
📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action patch v2.13.0 -> v2.13.1

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.13.1

Compare Source

What's Changed

  • Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

  • Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

  • Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/666 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 9/10/2025 **Status:** ✅ Merged **Merged:** 9/13/2025 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/step-security-harden-runner-2.x` --- ### 📝 Commits (1) - [`4173947`](https://github.com/konstruktoid/hardening/commit/4173947a00ed558b51508928c6e886dab81e9dc2) chore(deps): update step-security/harden-runner action to v2.13.1 ### 📊 Changes **5 files changed** (+5 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) 📝 `.github/workflows/issues.yml` (+1 -1) 📝 `.github/workflows/scorecards.yml` (+1 -1) 📝 `.github/workflows/shellcheck.yml` (+1 -1) 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://redirect.github.com/step-security/harden-runner) | action | patch | `v2.13.0` -> `v2.13.1` | --- ### Release Notes <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.13.1`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.1) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1) ##### What's Changed - Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues. - Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions. - Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability. **Full Changelog**: <https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 14:32:13 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#663
No description provided.