From 2e0ab4044bca1bcf9828681222b85607daacb80f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 09:18:40 -0700 Subject: [PATCH] chore: bump the all group with 3 updates (#1056) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-id.yaml | 2 +- .github/workflows/codeql.yaml | 8 ++++---- .github/workflows/dep-review.yaml | 2 +- .github/workflows/deploy_docs.yaml | 2 +- .github/workflows/e2e-build.yaml | 8 ++++---- .github/workflows/e2e-test.yaml | 4 ++-- .github/workflows/patch-docs.yaml | 2 +- .github/workflows/release-pr.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scan-images.yaml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/test.yaml | 16 ++++++++-------- 12 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/build-id.yaml b/.github/workflows/build-id.yaml index a91b299cc9..5c71e0a1ac 100644 --- a/.github/workflows/build-id.yaml +++ b/.github/workflows/build-id.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 6f9ac99884..6ac643e2ac 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit @@ -32,12 +32,12 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f + uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac diff --git a/.github/workflows/dep-review.yaml b/.github/workflows/dep-review.yaml index c432159900..96f753e6b3 100644 --- a/.github/workflows/dep-review.yaml +++ b/.github/workflows/dep-review.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit diff --git a/.github/workflows/deploy_docs.yaml b/.github/workflows/deploy_docs.yaml index dfdf3579d6..2e18709428 100644 --- a/.github/workflows/deploy_docs.yaml +++ b/.github/workflows/deploy_docs.yaml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit diff --git a/.github/workflows/e2e-build.yaml b/.github/workflows/e2e-build.yaml index 5418d720ee..42aa152864 100644 --- a/.github/workflows/e2e-build.yaml +++ b/.github/workflows/e2e-build.yaml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Set up Go @@ -57,7 +57,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Set up Go @@ -99,7 +99,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Set up Go @@ -141,7 +141,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Set up Go diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 97f74df440..3e896a00b6 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit @@ -47,7 +47,7 @@ jobs: E2E_TEST: ${{ fromJson(needs.build-e2e-test-list.outputs.e2e-tests) }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Check out code into the Go module directory diff --git a/.github/workflows/patch-docs.yaml b/.github/workflows/patch-docs.yaml index 0234ce91b3..7b252e4e23 100644 --- a/.github/workflows/patch-docs.yaml +++ b/.github/workflows/patch-docs.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 98756ec3ae..4ab2fe907a 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d647748a88..50c8bc91dd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit diff --git a/.github/workflows/scan-images.yaml b/.github/workflows/scan-images.yaml index 0f43edff06..0f02519112 100644 --- a/.github/workflows/scan-images.yaml +++ b/.github/workflows/scan-images.yaml @@ -37,7 +37,7 @@ jobs: - {image: eraser-trivy-scanner, build_cmd: docker-build-trivy-scanner, repo_environment_var: TRIVY_SCANNER_REPO} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit @@ -79,7 +79,7 @@ jobs: image: [remover, eraser-manager, collector, eraser-trivy-scanner] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit @@ -90,6 +90,6 @@ jobs: merge-multiple: true - name: Upload results to GitHub Security - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v2.14.4 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v2.14.4 with: sarif_file: ${{ matrix.image }}-results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 29bd730c87..a20bdf0fd7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit @@ -66,6 +66,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v2.2.4 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v2.2.4 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 0a30d19c77..9dedb201bd 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,7 +45,7 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -87,7 +87,7 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Set up Go @@ -120,7 +120,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Check out code into the Go module directory @@ -145,7 +145,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit @@ -170,7 +170,7 @@ jobs: make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test - name: Run trivy for remover - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: ${{ env.REGISTRY }}/remover:test exit-code: "1" @@ -178,7 +178,7 @@ jobs: vuln-type: "os,library" - name: Run trivy for eraser-manager - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test exit-code: "1" @@ -186,7 +186,7 @@ jobs: vuln-type: "os,library" - name: Run trivy for collector - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: ${{ env.REGISTRY }}/collector:test exit-code: "1" @@ -194,7 +194,7 @@ jobs: vuln-type: "os,library" - name: Run trivy for trivy-scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test exit-code: "1"