⬆️upgrade(ci): Bump step-security/harden-runner from 2.0.0 to 2.1.0 in /.github/workflows

[dependabot[bot]]

Bumps step-security/harden-runner from 2.0.0 to 2.1.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.1.0

What's Changed

• Add harden-runner insights URL in job summary by @​h0x0er and @​varunsh-coder in step-security/harden-runner#227. This makes it easier to locate and click on the insights link. One had to look for it in the build log earlier.
• Update README.md by @​varunsh-coder in step-security/harden-runner#210
• Bump github/codeql-action from 2.1.29 to 2.1.31 by @​dependabot in step-security/harden-runner#206
• Bump step-security/harden-runner from 1.5.0 to 2.0.0 by @​dependabot in step-security/harden-runner#211
• Update README by @​varunsh-coder in step-security/harden-runner#216
• Bump ossf/scorecard-action from 2.0.6 to 2.1.0 by @​dependabot in step-security/harden-runner#221
• Bump github/codeql-action from 2.1.31 to 2.1.37 by @​dependabot in step-security/harden-runner#220
• Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by @​dependabot in step-security/harden-runner#223
• Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @​dependabot in step-security/harden-runner#225
• Bump actions/checkout from 3.1.0 to 3.3.0 by @​dependabot in step-security/harden-runner#224

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.1.0

Commits

• 18bf8ad Add step-security insights url in job summary (#227)
• 8a1ef77 Merge pull request #224 from step-security/dependabot/github_actions/actions/...
• 55ac879 Merge pull request #225 from step-security/dependabot/github_actions/actions/...
• df4ea73 Merge pull request #223 from step-security/dependabot/github_actions/ossf/sco...
• 1a7bdcd Merge pull request #220 from step-security/dependabot/github_actions/github/c...
• 6e39bc0 Bump actions/upload-artifact from 3.1.1 to 3.1.2
• 96d83b3 Bump actions/checkout from 3.1.0 to 3.3.0
• 717b0e7 Bump ossf/scorecard-action from 2.1.0 to 2.1.2
• 266a5d6 Merge pull request #221 from step-security/dependabot/github_actions/ossf/sco...
• ec78446 Bump ossf/scorecard-action from 2.0.6 to 2.1.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

The following labels could not be found: source:💚github_actions, source:🤖bot.

[pull-request-quantifier-deprecated[bot]]

This PR has 34 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

``` Label : Extra Small Size : +17 -17 Percentile : 13.6% Total files changed: 11 Change summary by file extension: .yml : +17 -17 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? :thumbsup:  :ok_hand:  :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot[bot]]

Looks like step-security/harden-runner is up-to-date now, so this is no longer needed.