build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by dependabot[bot] · Pull Request #2203 · nodejs/undici (original) (raw)
Bumps step-security/harden-runner from 2.4.1 to 2.5.0.
Release notes
Sourced from step-security/harden-runner's releases.
v2.5.0
What's Changed
Release v2.5.0 by @h0x0er and @varunsh-coder in step-security/harden-runner#325
This release:
- Adds support for Actions Runner Controller (ARC) environment
- Improves the job summary markdown
Full Changelog: step-security/harden-runner@v2...v2.5.0
Commits
- cba0d00 Release v2.5.0 (#325)
- aa817ef Update README (#321)
- 75ac554 Merge pull request #314 from step-security/codecov-allow-domain
- df76f09 Allow endpoint for codecov
- 1d7cff8 Merge pull request #313 from step-security-bot/stepsecurity_remediation_16884...
- 1931def [StepSecurity] Apply security best practices
- eba9113 Merge pull request #312 from step-security/dependabot/github_actions/ossf/sco...
- 28a46cf Bump ossf/scorecard-action from 2.1.3 to 2.2.0
- 532ef4a Merge pull request #311 from step-security/dependabot/github_actions/step-sec...
- 9973777 Bump step-security/harden-runner from 2.4.0 to 2.4.1
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)