Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump step-security/harden-runner from 2.1.0 to 2.2.0 (jaegertracing#4245
) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.1.0 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Release v2.2.0 by <a href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a> in <a href="https://github-redirect.dependabot.com/step-security/harden-runner/pull/245">step-security/harden-runner#245</a> <ol> <li>Added functionality that allows for skipping Harden Runner installation if any errors arise during the installation process.</li> <li>Updated Harden-Runner GitHub Action to use the latest version of the Harden Runner agent, which resolves three issues: <ul> <li>Addressed a bug that allowed calls to direct IP addresses not included in the allowed list when executing code in a docker image.</li> <li>Enhanced annotations to eliminate false positives, specifically not showing false positive calls to docker.io</li> <li>Upgraded <code>containerd</code> dependency to a non-vulnerable version.</li> </ul> </li> </ol> </li> <li>Bump codecov/codecov-action from 2.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/step-security/harden-runner/pull/233">step-security/harden-runner#233</a></li> <li>Bump step-security/harden-runner from 2.0.0 to 2.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/step-security/harden-runner/pull/232">step-security/harden-runner#232</a></li> <li>Bump github/codeql-action from 2.1.37 to 2.1.38 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/step-security/harden-runner/pull/229">step-security/harden-runner#229</a></li> <li>Update README.md by <a href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a> in <a href="https://github-redirect.dependabot.com/step-security/harden-runner/pull/231">step-security/harden-runner#231</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.2.0">https://github.com/step-security/harden-runner/compare/v2...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/c8454efe5d0bdefd25384362fe217428ca277d57"><code>c8454ef</code></a> Release v2.2.0 (<a href="https://github-redirect.dependabot.com/step-security/harden-runner/issues/245">#245</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/8f144f8401c4e3693085dff03603f617f566ec6b"><code>8f144f8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/step-security/harden-runner/issues/231">#231</a> from step-security/varunsh-coder-patch-1</li> <li><a href="https://github.com/step-security/harden-runner/commit/5dfad97a98ee73b6c9b6242855ec468cd5d03619"><code>5dfad97</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/step-security/harden-runner/issues/229">#229</a> from step-security/dependabot/github_actions/github/c...</li> <li><a href="https://github.com/step-security/harden-runner/commit/b696244f12518d47fcb03e1e51cae100acec1429"><code>b696244</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/step-security/harden-runner/issues/232">#232</a> from step-security/dependabot/github_actions/step-sec...</li> <li><a href="https://github.com/step-security/harden-runner/commit/10aedff7e5ae9361cf300f4169653d6a06edbd5a"><code>10aedff</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/step-security/harden-runner/issues/233">#233</a> from step-security/dependabot/github_actions/codecov/...</li> <li><a href="https://github.com/step-security/harden-runner/commit/4660e3651541d46ab9d9546b3e4ca00545b1c430"><code>4660e36</code></a> Bump codecov/codecov-action from 2.1.0 to 3.1.1</li> <li><a href="https://github.com/step-security/harden-runner/commit/6dc7d6afef3245943b52c8f26b03196ffab774a2"><code>6dc7d6a</code></a> Bump step-security/harden-runner from 2.0.0 to 2.1.0</li> <li><a href="https://github.com/step-security/harden-runner/commit/6519f4ce27b60af1b6e8b2d72250e258e370941d"><code>6519f4c</code></a> Update README.md</li> <li><a href="https://github.com/step-security/harden-runner/commit/ce7687506a853926062c92d87084e480371212f6"><code>ce76875</code></a> Bump github/codeql-action from 2.1.37 to 2.1.38</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/18bf8ad2ca49c14cbb28b91346d626ccfb00c518...c8454efe5d0bdefd25384362fe217428ca277d57">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: shubbham1215 <[email protected]>
- Loading branch information
1 parent
a7620bc
commit 618e5ad