Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump step-security/harden-runner from 2.7.0 to 2.8.0 #2295

Merged
merged 1 commit into from
May 22, 2024
Merged

chore(deps): bump step-security/harden-runner from 2.7.0 to 2.8.0 #2295

merged 1 commit into from
May 22, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 22, 2024

Bumps step-security/harden-runner from 2.7.0 to 2.8.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.8.0

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#416 This release includes:

  • File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
  • Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in step-security/harden-runner#397 This release:

  • Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
  • Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
  • Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

Commits
  • f086349 Merge pull request #416 from step-security/rc-8
  • b9c325d Update image
  • 808a771 Add info about file and process events
  • 7171429 Update agent
  • 9ff9d14 Merge pull request #406 from step-security/dependabot/github_actions/step-sec...
  • ac5fa01 Bump step-security/harden-runner from 2.7.0 to 2.7.1
  • a4aa98b Release v2.7.1 (#397)
  • 6c3b1c9 Merge pull request #379 from step-security/dependabot/github_actions/step-sec...
  • 3498091 Bump step-security/harden-runner from 2.6.1 to 2.7.0
  • 63a88e2 Merge pull request #378 from step-security/update-readme3
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
---
7019cba 
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from a team as code owners May 22, 2024 02:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 22, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 22, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@codecov Codecov
Copy link

codecov bot commented May 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.30%. Comparing base (5c428d4) to head (7019cba).
Report is 65 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2295      +/-   ##
==========================================
- Coverage   76.49%   76.30%   -0.19%     
==========================================
  Files         304      306       +2     
  Lines       75800    76804    +1004     
==========================================
+ Hits        57986    58609     +623     
- Misses      17814    18195     +381

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jeromy-cannon jeromy-cannon merged commit 9e952db into main May 22, 2024
10 of 11 checks passed
@jeromy-cannon jeromy-cannon deleted the dependabot/github_actions/step-security/harden-runner-2.8.0 branch May 22, 2024 09:47
@hedera-eng-infrastructure hedera-eng-infrastructure mentioned this pull request Jun 28, 2024
Open
@swirlds-automation swirlds-automation mentioned this pull request Jul 3, 2024
Merged
@hedera-eng-infrastructure hedera-eng-infrastructure mentioned this pull request Jul 6, 2024
Closed
@si618 si618 mentioned this pull request Jul 6, 2024
Closed
@hedera-eng-infrastructure hedera-eng-infrastructure mentioned this pull request Jul 9, 2024
Closed
@swirlds-automation swirlds-automation mentioned this pull request Aug 22, 2024
Open
This was referenced Aug 31, 2024
Closed
Closed
Closed
This was referenced Sep 4, 2024
Merged
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeromy-cannon jeromy-cannon jeromy-cannon approved these changes

@isavov isavov Awaiting requested review from isavov isavov was automatically assigned from hashgraph/release-engineering

@rwalworth rwalworth Awaiting requested review from rwalworth rwalworth is a code owner automatically assigned from hashgraph/hedera-sdk

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jeromy-cannon