chore(deps): bump step-security/harden-runner from 2.4.0 to 2.5.1

dependabot[bot] commented 1 year ago

Bumps step-security/harden-runner from 2.4.0 to 2.5.1.

Release notes

Sourced from step-security/harden-runner's releases.

v2.5.1

What's Changed

Updated default allowed endpoints to include *.actions.githubusercontent.com. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints.

Update README.md by @varunsh-coder in step-security/harden-runner#326

Bump step-security/harden-runner from 2.4.1 to 2.5.0 by @dependabot in step-security/harden-runner#327

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.5.1

v2.5.0

What's Changed

Release v2.5.0 by @h0x0er and @varunsh-coder in step-security/harden-runner#325

This release:

Adds support for Actions Runner Controller (ARC) environment

Improves the job summary markdown

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.5.0

v2.4.1

What's Changed

Release v2.4.1 by @varunsh-coder and @Devils-Knight in step-security/harden-runner#309

This release

Shows a preview of the network events in the job summary markdown

Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.4.1

Commits

8ca2b8b Release v2.5.1 (#332)
9768986 Merge pull request #327 from step-security/dependabot/github_actions/step-sec...
4735c31 Bump step-security/harden-runner from 2.4.1 to 2.5.0
2bd96dc Merge pull request #326 from step-security/varunsh-coder-patch-1
781663b Update README.md
cba0d00 Release v2.5.0 (#325)
aa817ef Update README (#321)
75ac554 Merge pull request #314 from step-security/codecov-allow-domain
df76f09 Allow endpoint for codecov
1d7cff8 Merge pull request #313 from step-security-bot/stepsecurity_remediation_16884...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] commented 1 year ago

The following labels could not be found: Type: Security Patch.

netlify[bot] commented 1 year ago

Deploy Preview for veascan ready!

Name	Link
Latest commit	f70173be7527108bb8eb891a00801701756e0801
Latest deploy log	https://app.netlify.com/sites/veascan/deploys/64d4830274bddf00080d0c1e
Deploy Preview	https://deploy-preview-264--veascan.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

dependabot[bot] commented 2 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

kleros / vea