[PR #5953] [MERGED] ci: update step-security/harden-runner and update allowed endpoints #5749

New issue

Closed

opened 2026-05-05 10:44:12 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:44:12 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/5953
Author: @varunsh-coder
Created: 8/12/2023
Status: ✅ Merged
Merged: 8/12/2023
Merged by: @kmk3

Base: master ← Head: update-harden-runner

📝 Commits (2)

8d923fc build(deps): bump step-security/harden-runner from 2.5.0 to 2.5.1
7facc38 Update allowed endpoints

📊 Changes

4 files changed (+31 additions, -8 deletions)

View changed files

📝 .github/workflows/build-extra.yml (+26 -5)
📝 .github/workflows/build.yml (+1 -1)
📝 .github/workflows/codeql-analysis.yml (+3 -1)
📝 .github/workflows/profile-checks.yml (+1 -1)

📄 Description

This PR does two things:

Updates step-security/harden-runner from 2.5.0 to 2.5.1 in the GitHub Actions workflows.

GitHub Actions recently started making outbound calls to a few endpoints not in the default allowed list. This causes the build to get stuck when using a block policy with harden-runner. This update to harden-runner (version v2.5.1), adds these new endpoints to the default allowed list.

I noticed that some of the workflows in this repository are getting stuck, so creating a PR to bump up the version to the latest.

Release notes for the latest version are here:
https://github.com/step-security/harden-runner/releases/tag/v2.5.1
I also noticed while testing the workflows that some endpoints that should be allowed were not in the allowed list, and were getting blocked, so added them to the allowed list.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/5953 **Author:** [@varunsh-coder](https://github.com/varunsh-coder) **Created:** 8/12/2023 **Status:** ✅ Merged **Merged:** 8/12/2023 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `update-harden-runner` --- ### 📝 Commits (2) - [`8d923fc`](https://github.com/netblue30/firejail/commit/8d923fc586097ea6c45fbbb80df1e70eb546848d) build(deps): bump step-security/harden-runner from 2.5.0 to 2.5.1 - [`7facc38`](https://github.com/netblue30/firejail/commit/7facc386cd085c7bf401d4742b9f9c6267caa3cd) Update allowed endpoints ### 📊 Changes **4 files changed** (+31 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build-extra.yml` (+26 -5) 📝 `.github/workflows/build.yml` (+1 -1) 📝 `.github/workflows/codeql-analysis.yml` (+3 -1) 📝 `.github/workflows/profile-checks.yml` (+1 -1) </details> ### 📄 Description This PR does two things: 1. Updates `step-security/harden-runner` from 2.5.0 to 2.5.1 in the GitHub Actions workflows. GitHub Actions recently started making outbound calls to a few endpoints not in the default allowed list. This causes the build to get stuck when using a `block` policy with `harden-runner`. This update to harden-runner (version v2.5.1), adds these new endpoints to the default allowed list. I noticed that some of the workflows in this repository are getting stuck, so creating a PR to bump up the version to the latest. Release notes for the latest version are here: https://github.com/step-security/harden-runner/releases/tag/v2.5.1 2. I also noticed while testing the workflows that some endpoints that should be allowed were not in the allowed list, and were getting blocked, so added them to the allowed list. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:44:12 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5749

No description provided.

Rows
Columns