diff --git a/.github/workflows/ci-vcpkg.yml b/.github/workflows/ci-vcpkg.yml index a1a99a9..ab18ae2 100644 --- a/.github/workflows/ci-vcpkg.yml +++ b/.github/workflows/ci-vcpkg.yml @@ -31,7 +31,7 @@ jobs: VCPKG_DEFAULT_HOST_TRIPLET: ${{ matrix.triplet }} steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d82fc6d..e48da1a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/clang-tidy.yml b/.github/workflows/clang-tidy.yml index 50d7102..9f8137a 100644 --- a/.github/workflows/clang-tidy.yml +++ b/.github/workflows/clang-tidy.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dff770e..be18861 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: - actions steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8ba01b1..9ee5e24 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 58af3c7..05428ee 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -22,7 +22,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: block allowed-endpoints: diff --git a/.github/workflows/update-vcpkg-baseline.yml b/.github/workflows/update-vcpkg-baseline.yml index f94f7fe..6966855 100644 --- a/.github/workflows/update-vcpkg-baseline.yml +++ b/.github/workflows/update-vcpkg-baseline.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit