diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 15510499..a228b319 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -23,7 +23,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/c-i.yaml b/.github/workflows/c-i.yaml index e9936246..0f455c88 100644 --- a/.github/workflows/c-i.yaml +++ b/.github/workflows/c-i.yaml @@ -23,12 +23,12 @@ jobs: contents: read runs-on: ubuntu-24.04-${{matrix.arch}} steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: chainguard-dev/actions/apt-faster@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19 - - uses: chainguard-dev/actions/setup-melange@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19 + - uses: chainguard-dev/actions/apt-faster@9978bf17926f53444b5eff45479954d94ec12e32 # v1.6.24 + - uses: chainguard-dev/actions/setup-melange@9978bf17926f53444b5eff45479954d94ec12e32 # v1.6.24 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index ed13a3c4..a068f21c 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -25,7 +25,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: >