renovate[bot]
commented
1 year ago Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠ Warning: custom changes will be lost.
This PR contains the following updates:
3284643->50c33adv2.1.37->v2.2.5v2.0.0->v2.2.0Release Notes
github/codeql-action
### [`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) ### [`v2.2.4`](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) ### [`v2.2.3`](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) ### [`v2.2.2`](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) ### [`v2.2.1`](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) ### [`v2.2.0`](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) ### [`v2.1.39`](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) ### [`v2.1.38`](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38)step-security/harden-runner
### [`v2.2.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.2.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.1.0...v2.2.0) ##### What's Changed - Release v2.2.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/245](https://togithub.com/step-security/harden-runner/pull/245) 1. Added functionality that allows for skipping Harden Runner installation if any errors arise during the installation process. 2. Updated Harden-Runner GitHub Action to use the latest version of the Harden Runner agent, which resolves three issues: - Addressed a bug that allowed calls to direct IP addresses not included in the allowed list when executing code in a docker image. - Enhanced annotations to eliminate false positives, specifically not showing false positive calls to docker.io - Upgraded `containerd` dependency to a non-vulnerable version. - Bump codecov/codecov-action from 2.1.0 to 3.1.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/233](https://togithub.com/step-security/harden-runner/pull/233) - Bump step-security/harden-runner from 2.0.0 to 2.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/232](https://togithub.com/step-security/harden-runner/pull/232) - Bump github/codeql-action from 2.1.37 to 2.1.38 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/229](https://togithub.com/step-security/harden-runner/pull/229) - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/231](https://togithub.com/step-security/harden-runner/pull/231) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.2.0 ### [`v2.1.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.1.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.0.0...v2.1.0) ##### What's Changed - Add harden-runner insights URL in job summary by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/227](https://togithub.com/step-security/harden-runner/pull/227). This makes it easier to locate and click on the insights link. One had to look for it in the build log earlier. - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/210](https://togithub.com/step-security/harden-runner/pull/210) - Bump github/codeql-action from 2.1.29 to 2.1.31 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/206](https://togithub.com/step-security/harden-runner/pull/206) - Bump step-security/harden-runner from 1.5.0 to 2.0.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/211](https://togithub.com/step-security/harden-runner/pull/211) - Update README by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/216](https://togithub.com/step-security/harden-runner/pull/216) - Bump ossf/scorecard-action from 2.0.6 to 2.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/221](https://togithub.com/step-security/harden-runner/pull/221) - Bump github/codeql-action from 2.1.31 to 2.1.37 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/220](https://togithub.com/step-security/harden-runner/pull/220) - Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/223](https://togithub.com/step-security/harden-runner/pull/223) - Bump actions/upload-artifact from 3.1.1 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/225](https://togithub.com/step-security/harden-runner/pull/225) - Bump actions/checkout from 3.1.0 to 3.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/224](https://togithub.com/step-security/harden-runner/pull/224) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.1.0Configuration
📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.