caffeine (original) (raw)

Bumps step-security/harden-runner from 1.5.0 to 2.0.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.0.0
Release v2.0.0

Feature to disable sudo: Use disable-sudo: true to run job steps without sudo access on the GitHub-hosted runner. disable-sudo is false by default and needs to be opted-into. (documentation)

File monitoring improvements: All source code files are monitored now for overwrite, instead of a few extensions. Instead of getting annotations for overwrites, you can also opt-in to getting email or Slack notifications if source code is overwritten. (documentation)

Support for private repositories: Starting with Harder Runner v2.0.0, use of harden runner for private repositories will require a Team/ Enterprise license. Harder Runner GitHub Action is free for all public repositories.

What's Changed

Update README.md by @varunsh-coder in step-security/harden-runner#187

Bump step-security/harden-runner from 1.4.5 to 1.5.0 by @dependabot in step-security/harden-runner#188

Bump github/codeql-action from 2.1.22 to 2.1.26 by @dependabot in step-security/harden-runner#189

Add scorecard by @varunsh-coder in step-security/harden-runner#192

Bump actions/checkout from 3.0.0 to 3.1.0 by @dependabot in step-security/harden-runner#198

Bump github/codeql-action from 2.1.26 to 2.1.27 by @dependabot in step-security/harden-runner#197

Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in step-security/harden-runner#194

Bump ossf/scorecard-action from 2.0.4 to 2.0.6 by @dependabot in step-security/harden-runner#202

Bump github/codeql-action from 2.1.27 to 2.1.28 by @dependabot in step-security/harden-runner#201

Bump actions/upload-artifact from 3.1.0 to 3.1.1 by @dependabot in step-security/harden-runner#203

Bump github/codeql-action from 2.1.28 to 2.1.29 by @dependabot in step-security/harden-runner#204

Update README by @varunsh-coder in step-security/harden-runner#208

Full Changelog: step-security/harden-runner@v1...v2.0.0

Commits

ebacdc2 Merge pull request #209 from step-security/release-v2.0.0
f28b626 Update README (#208)
620cac5 Update version
118e400 Changes for v2.0.0 (#207)
3888ae1 Merge pull request #204 from step-security/dependabot/github_actions/github/c...
1e3c2df Bump github/codeql-action from 2.1.28 to 2.1.29
5e53a69 Merge pull request #203 from step-security/dependabot/github_actions/actions/...
33d7981 Bump actions/upload-artifact from 3.1.0 to 3.1.1
5565dcd Merge pull request #201 from step-security/dependabot/github_actions/github/c...
d5b1e9d Merge pull request #202 from step-security/dependabot/github_actions/ossf/sco...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)