Skip to content

chore: update step-security/harden-runner action to v2.13.2 #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update step-security/harden-runner action to v2.13.2 #131

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 9, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action minor v2.10.2 -> v2.13.2

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.13.2

Compare Source

What's Changed
  • Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
  • Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

v2.13.1

Compare Source

What's Changed

  • Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

  • Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

  • Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

v2.13.0

Compare Source

What's Changed

  • Improved job markdown summary
  • Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

Compare Source

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com
Bug fixes:

  • Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
  • Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

Compare Source

What's Changed
  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

v2.12.0

Compare Source

What's Changed

  1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

  2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

v2.11.1

Compare Source

What's Changed

Full Changelog: step-security/harden-runner@v2...v2.11.1

v2.11.0

Compare Source

What's Changed

Release v2.11.0 in #​498
Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Jan 9, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 4a0a726 to 090a168 Compare January 20, 2025 01:36
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.10.3 chore: update step-security/harden-runner action to v2.10.4 Jan 20, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 090a168 to 81b408d Compare February 17, 2025 03:32
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.10.4 chore: update step-security/harden-runner action to v2.11.0 Feb 17, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 3 times, most recently from fba926e to 6762c00 Compare March 17, 2025 16:13
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 2 times, most recently from ad624bc to 6ebd719 Compare March 31, 2025 23:54
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.11.0 chore: update step-security/harden-runner action to v2.11.1 Apr 1, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 2 times, most recently from 9a33ce8 to d750d95 Compare April 7, 2025 03:02
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 2 times, most recently from 2d3a3c4 to fe415c9 Compare April 15, 2025 01:10
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.11.1 chore: update step-security/harden-runner action to v2.12.0 Apr 21, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from fe415c9 to e75de74 Compare April 21, 2025 23:08
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 2 times, most recently from 088e51c to 1bd97bb Compare May 22, 2025 19:43
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 1bd97bb to 370518a Compare June 10, 2025 03:12
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.12.0 chore: update step-security/harden-runner action to v2.12.1 Jun 11, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 370518a to e175a01 Compare June 11, 2025 16:53
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.12.1 chore: update step-security/harden-runner action to v2.12.2 Jun 30, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from e175a01 to 15fb18d Compare June 30, 2025 07:13
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.12.2 chore: update step-security/harden-runner action to v2.13.0 Jul 15, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 15fb18d to 01f4955 Compare July 15, 2025 22:13
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch 2 times, most recently from 56df51c to 2354469 Compare August 19, 2025 19:28
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.13.0 chore: update step-security/harden-runner action to v2.13.1 Sep 9, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 2354469 to 1bbe506 Compare September 9, 2025 18:37
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from 1bbe506 to f81b21a Compare October 28, 2025 15:09
@renovate
chore: update step-security/harden-runner action to v2.13.2
7c48de9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot changed the title chore: update step-security/harden-runner action to v2.13.1 chore: update step-security/harden-runner action to v2.13.2 Nov 5, 2025
@renovate renovate bot force-pushed the renovate/step-security-harden-runner-2.x branch from f81b21a to 7c48de9 Compare November 5, 2025 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant