4k4xs4pH1r3 / xss

xss
GNU General Public License v3.0
0 stars 1 forks source link

Update step-security/harden-runner action to v2.7.1 #26

Closed renovate[bot] closed 7 months ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action patch v2.7.0 -> v2.7.1

Release Notes

step-security/harden-runner (step-security/harden-runner) ### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1) ##### What's Changed Release v2.7.1 by [@​varunsh-coder](https://togithub.com/varunsh-coder), [@​h0x0er](https://togithub.com/h0x0er), [@​ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397) This release: - Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners - Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project - Addresses minor bugs **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

secure-code-warrior-for-github[bot] commented 7 months ago

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "xss"

What is this? (2min video)

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references
difflens[bot] commented 7 months ago

View changes in DiffLens

difflens[bot] commented 7 months ago

View changes in DiffLens