Upgrade step-security/harden-runner v2.8.0 -> v2.10.1 #1404

Picnic-DevPla-Bot · 2024-11-07T02:17:01Z

This PR contains the following updates:

Package	Type	Update	Change
step-security/harden-runner	action	minor	`v2.8.0` -> `v2.10.1`

Release Notes

step-security/harden-runner (step-security/harden-runner)

`v2.10.1`

Compare Source

What's Changed

Release v2.10.1 by @varunsh-coder in https://github.com/step-security/harden-runner/pull/463
Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

`v2.10.0`

Compare Source

What's Changed

Release v2.10.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

`v2.9.1`

Compare Source

What's Changed

Release v2.9.1 by @h0x0er and @varunsh-coder in #440
This release includes two changes:

Updated markdown displayed in the job summary by the Harden-Runner Action.
Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

`v2.9.0`

Compare Source

What's Changed

Release v2.9.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
README Update:
A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
Dependency Update:
Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

`v2.8.1`

Compare Source

What's Changed

Bug fix: Update isGitHubHosted implementation by @varunsh-coder in https://github.com/step-security/harden-runner/pull/425
The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.

Full Changelog: step-security/harden-runner@v2...v2.8.1

If you want to rebase/retry this PR, check this box

Picnic-DevPla-Bot · 2024-11-07T02:17:27Z

Suggested commit message:

Upgrade step-security/harden-runner v2.8.0 -> v2.10.1 (#1404)

See:
- https://github.com/step-security/harden-runner/releases/tag/v2.10.1
- https://github.com/step-security/harden-runner/releases/tag/v2.10.0
- https://github.com/step-security/harden-runner/releases/tag/v2.9.1
- https://github.com/step-security/harden-runner/releases/tag/v2.9.0
- https://github.com/step-security/harden-runner/releases/tag/v2.8.1

github-actions · 2024-11-07T02:18:59Z