⬆️upgrade(ci): Bump step-security/harden-runner from 2.1.0 to 2.2.0 in /.github/workflows

[dependabot[bot]]

Bumps step-security/harden-runner from 2.1.0 to 2.2.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.2.0

What's Changed

• Release v2.2.0 by @​varunsh-coder in step-security/harden-runner#245
  1. Added functionality that allows for skipping Harden Runner installation if any errors arise during the installation process.
  2. Updated Harden-Runner GitHub Action to use the latest version of the Harden Runner agent, which resolves three issues:
     • Addressed a bug that allowed calls to direct IP addresses not included in the allowed list when executing code in a docker image.
     • Enhanced annotations to eliminate false positives, specifically not showing false positive calls to docker.io
     • Upgraded containerd dependency to a non-vulnerable version.
• Bump codecov/codecov-action from 2.1.0 to 3.1.1 by @​dependabot in step-security/harden-runner#233
• Bump step-security/harden-runner from 2.0.0 to 2.1.0 by @​dependabot in step-security/harden-runner#232
• Bump github/codeql-action from 2.1.37 to 2.1.38 by @​dependabot in step-security/harden-runner#229
• Update README.md by @​varunsh-coder in step-security/harden-runner#231

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.2.0

Commits

• c8454ef Release v2.2.0 (#245)
• 8f144f8 Merge pull request #231 from step-security/varunsh-coder-patch-1
• 5dfad97 Merge pull request #229 from step-security/dependabot/github_actions/github/c...
• b696244 Merge pull request #232 from step-security/dependabot/github_actions/step-sec...
• 10aedff Merge pull request #233 from step-security/dependabot/github_actions/codecov/...
• 4660e36 Bump codecov/codecov-action from 2.1.0 to 3.1.1
• 6dc7d6a Bump step-security/harden-runner from 2.0.0 to 2.1.0
• 6519f4c Update README.md
• ce76875 Bump github/codeql-action from 2.1.37 to 2.1.38
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Dependabot tried to add @wr-projects/devops as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/wr-projects/monorepojs-scaffolding/pulls/13/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the wr-projects/monorepojs-scaffolding repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request

[dependabot[bot]]

The following labels could not be found: source:💚github_actions, source:🤖bot.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.