Skip to content

chore(deps): bump step-security/harden-runner from 2.10.1 to 2.20.0#64

Merged
anurag-stepsecurity merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.12.0
Jul 9, 2026
Merged

chore(deps): bump step-security/harden-runner from 2.10.1 to 2.20.0#64
anurag-stepsecurity merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.12.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 22, 2025

Copy link
Copy Markdown
Contributor

Bumps step-security/harden-runner from 2.10.1 to 2.20.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.20.0

What's Changed

  • Support for block policy for MacOS and Windows GitHub-hosted runners
  • Support for Bitrise MacOS GitHub Actions runners
  • HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0

v2.19.4

What's Changed

  • Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

... (truncated)

Commits
  • bf7454d Merge pull request #673 from step-security/fix/aggregate-error-startup-hang
  • 1188420 Update non-TLS agent to v0.16.2
  • 162cfea Update non-TLS agent to v0.16.1
  • eb9e1f4 Bring macOS runner updates from PR 674
  • 1a10b01 Update Windows agent to v1.0.7
  • 8b4a105 Apply npm audit fixes with release-age cooldown
  • 3626e03 Default TLS status check failures to enabled
  • 100e08b Update agent-ebpf to v1.8.12
  • 774f75f Update agent to v1.8.9
  • f312657 Extend missing-agent-dir guard to Linux and macOS cleanup paths
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 22, 2025
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.12.0 branch from 41e929f to b6f7dbd Compare May 5, 2025 11:08
@dependabot @github

dependabot Bot commented on behalf of github Sep 30, 2025

Copy link
Copy Markdown
Contributor Author

A newer version of step-security/harden-runner exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@anurag-stepsecurity

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.10.1 to 2.20.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@91182cc...bf7454d)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump step-security/harden-runner from 2.10.1 to 2.12.0 chore(deps): bump step-security/harden-runner from 2.10.1 to 2.20.0 Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.12.0 branch from 3ef4768 to 1fbeec7 Compare July 9, 2026 08:35
@anurag-stepsecurity anurag-stepsecurity merged commit b3e902b into main Jul 9, 2026
7 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/step-security/harden-runner-2.12.0 branch July 9, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant