[PR #5930] [MERGED] build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 #5736

New issue

Closed

opened 2026-05-05 10:43:56 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented 2026-05-05 10:43:56 -06:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/5930
Author: @dependabot[bot]
Created: 7/31/2023
Status: ✅ Merged
Merged: 7/31/2023
Merged by: @kmk3

Base: master ← Head: dependabot/github_actions/step-security/harden-runner-2.5.0

---

📝 Commits (1)

• 60ba011 build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0

📊 Changes

4 files changed (+8 additions, -8 deletions)

View changed files

📝 .github/workflows/build-extra.yml (+5 -5)
📝 .github/workflows/build.yml (+1 -1)
📝 .github/workflows/codeql-analysis.yml (+1 -1)
📝 .github/workflows/profile-checks.yml (+1 -1)

📄 Description

Bumps step-security/harden-runner from 2.4.1 to 2.5.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.5.0

What's Changed

Release v2.5.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#325

This release:

1. Adds support for Actions Runner Controller (ARC) environment
2. Improves the job summary markdown

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.5.0

Commits

• cba0d00 Release v2.5.0 (#325)
• aa817ef Update README (#321)
• 75ac554 Merge pull request #314 from step-security/codecov-allow-domain
• df76f09 Allow endpoint for codecov
• 1d7cff8 Merge pull request #313 from step-security-bot/stepsecurity_remediation_16884...
• 1931def [StepSecurity] Apply security best practices
• eba9113 Merge pull request #312 from step-security/dependabot/github_actions/ossf/sco...
• 28a46cf Bump ossf/scorecard-action from 2.1.3 to 2.2.0
• 532ef4a Merge pull request #311 from step-security/dependabot/github_actions/step-sec...
• 9973777 Bump step-security/harden-runner from 2.4.0 to 2.4.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/5930 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 7/31/2023 **Status:** ✅ Merged **Merged:** 7/31/2023 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `dependabot/github_actions/step-security/harden-runner-2.5.0` --- ### 📝 Commits (1) - [`60ba011`](https://github.com/netblue30/firejail/commit/60ba01175e616d0dbdaa5ebb9bcb6e3a8b85fff6) build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 ### 📊 Changes **4 files changed** (+8 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build-extra.yml` (+5 -5) 📝 `.github/workflows/build.yml` (+1 -1) 📝 `.github/workflows/codeql-analysis.yml` (+1 -1) 📝 `.github/workflows/profile-checks.yml` (+1 -1) </details> ### 📄 Description Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.1 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <h2>What's Changed</h2> <p>Release v2.5.0 by <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/325">step-security/harden-runner#325</a></p> <p>This release:</p> <ol> <li>Adds support for Actions Runner Controller (ARC) environment</li> <li>Improves the job summary markdown</li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.5.0">https://github.com/step-security/harden-runner/compare/v2...v2.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/cba0d00b1fc9a034e1e642ea0f1103c282990604"><code>cba0d00</code></a> Release v2.5.0 (<a href="https://redirect.github.com/step-security/harden-runner/issues/325">#325</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/aa817ef3512b39bbe179e1c24cc63b4a421ab219"><code>aa817ef</code></a> Update README (<a href="https://redirect.github.com/step-security/harden-runner/issues/321">#321</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/75ac55456f91a43ec55fa9768ebac0fde49ef6fc"><code>75ac554</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/314">#314</a> from step-security/codecov-allow-domain</li> <li><a href="https://github.com/step-security/harden-runner/commit/df76f095bff67ef6adde09ef13b1d16151765625"><code>df76f09</code></a> Allow endpoint for codecov</li> <li><a href="https://github.com/step-security/harden-runner/commit/1d7cff8f224225f40f4ad98a1bf71794fc8433de"><code>1d7cff8</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/313">#313</a> from step-security-bot/stepsecurity_remediation_16884...</li> <li><a href="https://github.com/step-security/harden-runner/commit/1931def3f2480883319b9e25a8f91273b31607a1"><code>1931def</code></a> [StepSecurity] Apply security best practices</li> <li><a href="https://github.com/step-security/harden-runner/commit/eba91136efc2e47cf9832255264a9dcd1fb9defb"><code>eba9113</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/312">#312</a> from step-security/dependabot/github_actions/ossf/sco...</li> <li><a href="https://github.com/step-security/harden-runner/commit/28a46cf74295b6411ac5d12e55d5847c41ceb377"><code>28a46cf</code></a> Bump ossf/scorecard-action from 2.1.3 to 2.2.0</li> <li><a href="https://github.com/step-security/harden-runner/commit/532ef4a868ff5b0fcb05cad9f2aa4f6c81a35bf7"><code>532ef4a</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/311">#311</a> from step-security/dependabot/github_actions/step-sec...</li> <li><a href="https://github.com/step-security/harden-runner/commit/9973777dd488cdaff1ceaf70b5257cd04d02a30b"><code>9973777</code></a> Bump step-security/harden-runner from 2.4.0 to 2.4.1</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/55d479fb1c5bcad5a4f9099a5d9f37c8857b2845...cba0d00b1fc9a034e1e642ea0f1103c282990604">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

gitea-mirror 2026-05-05 10:43:56 -06:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5736

No description provided.