[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.9.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.9.0...v2.9.1)
##### What's Changed
Release v2.9.1 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [#440](https://togithub.com/step-security/harden-runner/issues/440)
This release includes two changes:
1. Updated markdown displayed in the job summary by the Harden-Runner Action.
2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.1
### [`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)
##### What's Changed
Release v2.9.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:
- Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
- Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
- README Update:
A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
- Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v2.8.1->v2.9.1Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.9.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.9.0...v2.9.1) ##### What's Changed Release v2.9.1 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [#440](https://togithub.com/step-security/harden-runner/issues/440) This release includes two changes: 1. Updated markdown displayed in the job summary by the Harden-Runner Action. 2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.1 ### [`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.