[PR #7123] [MERGED] build(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1 #6327

New issue

Closed

opened 2026-05-05 10:54:53 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:54:53 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/7123
Author: @dependabot[bot]
Created: 4/1/2026
Status: ✅ Merged
Merged: 4/1/2026
Merged by: @kmk3

Base: master ← Head: dependabot/github_actions/step-security/harden-runner-2.16.1

📝 Commits (1)

35dbed8 build(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1

📊 Changes

7 files changed (+14 additions, -14 deletions)

View changed files

📝 .github/workflows/build-extra.yml (+2 -2)
📝 .github/workflows/build.yml (+1 -1)
📝 .github/workflows/check-c.yml (+3 -3)
📝 .github/workflows/check-profiles.yml (+1 -1)
📝 .github/workflows/check-python.yml (+1 -1)
📝 .github/workflows/codespell.yml (+1 -1)
📝 .github/workflows/test.yml (+5 -5)

📄 Description

Bumps step-security/harden-runner from 2.15.0 to 2.16.1.

Release notes

Sourced from step-security/harden-runner's releases.

v2.16.1

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1

v2.16.0

What's Changed

Updated action.yml to use node24

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-46g3-37rh-v698 for details.

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-g699-3x6g-wm3g for details.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0

v2.15.1

What's Changed

Fixes step-security/harden-runner#642 bug due to which post step was failing on Windows ARM runners

Updates npm packages

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1

Commits

fe10465 v2.16.1 (#654)
fa2e9d6 Release v2.16.0 (#646)
58077d3 Release v2.15.1 (#641)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/7123 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/1/2026 **Status:** ✅ Merged **Merged:** 4/1/2026 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `dependabot/github_actions/step-security/harden-runner-2.16.1` --- ### 📝 Commits (1) - [`35dbed8`](https://github.com/netblue30/firejail/commit/35dbed8aeb3cc7acfc9fea491d440d2e8c80f624) build(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1 ### 📊 Changes **7 files changed** (+14 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build-extra.yml` (+2 -2) 📝 `.github/workflows/build.yml` (+1 -1) 📝 `.github/workflows/check-c.yml` (+3 -3) 📝 `.github/workflows/check-profiles.yml` (+1 -1) 📝 `.github/workflows/check-python.yml` (+1 -1) 📝 `.github/workflows/codespell.yml` (+1 -1) 📝 `.github/workflows/test.yml` (+5 -5) </details> ### 📄 Description Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.15.0 to 2.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.16.1</h2> <h2>What's Changed</h2> <p>Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1">https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1</a></p> <h2>v2.16.0</h2> <h2>What's Changed</h2> <ul> <li>Updated action.yml to use node24</li> <li>Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698">GHSA-46g3-37rh-v698</a> for details.</li> <li>Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g">GHSA-g699-3x6g-wm3g</a> for details.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0">https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0</a></p> <h2>v2.15.1</h2> <h2>What's Changed</h2> <ul> <li>Fixes <a href="https://redirect.github.com/step-security/harden-runner/issues/642">step-security/harden-runner#642</a> bug due to which post step was failing on Windows ARM runners</li> <li>Updates npm packages</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1">https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/fe104658747b27e96e4f7e80cd0a94068e53901d"><code>fe10465</code></a> v2.16.1 (<a href="https://redirect.github.com/step-security/harden-runner/issues/654">#654</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594"><code>fa2e9d6</code></a> Release v2.16.0 (<a href="https://redirect.github.com/step-security/harden-runner/issues/646">#646</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc"><code>58077d3</code></a> Release v2.15.1 (<a href="https://redirect.github.com/step-security/harden-runner/issues/641">#641</a>)</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...fe104658747b27e96e4f7e80cd0a94068e53901d">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.15.0&new-version=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:54:53 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6327

No description provided.

Rows
Columns