3 недель назад · d81bdbc74d
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
 
				     outputs:
			
 
				       noop: ${{ steps.noop.outputs.should_skip }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Detect No-op Changes
			
@@ -43,7 +43,7 @@ jobs:
 
				     if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main'
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
@@ -61,7 +61,7 @@ jobs:
 
				       contents: read
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
@@ -98,7 +98,7 @@ jobs:
 
				       contents: read
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,7 +26,7 @@ jobs:
 
				           - language: actions
			
 
				             build-mode: none
			
 
				     steps:
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				     - name: Checkout repository
			
--- a/.github/workflows/crds.yml
+++ b/.github/workflows/crds.yml
@@ -18,7 +18,7 @@ jobs:
 
				   crd-tests:
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/dependabot-approve.yml
+++ b/.github/workflows/dependabot-approve.yml
@@ -12,7 +12,7 @@ jobs:
 
				     # PRs but also ensures that it only does work for Dependabot PRs.
			
 
				     if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]'
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
			
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				       - name: Harden the runner (Audit all outbound calls)
			
 
				-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
--- a/.github/workflows/dlc.yml
+++ b/.github/workflows/dlc.yml
@@ -16,7 +16,7 @@ jobs:
 
				   fossa-scan:
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         if: ${{ env.HAS_FOSSA_KEY == 'true' }}
			
 
				         with:
			
 
				           egress-policy: audit
			
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -14,7 +14,7 @@ jobs:
 
				     permissions:
			
 
				       contents: write #needed to publish documentation
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
			
--- a/.github/workflows/e2e-managed.yml
+++ b/.github/workflows/e2e-managed.yml
@@ -28,7 +28,7 @@ jobs:
 
				     outputs:
			
 
				       check_run_id: ${{ steps.create_check.outputs.check_run_id }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
@@ -82,7 +82,7 @@ jobs:
 
				       TF_VAR_AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }}
			
 
				       TF_VAR_AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
@@ -169,7 +169,7 @@ jobs:
 
				       GCP_FED_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_FED_SERVICE_ACCOUNT_EMAIL }}
			
 
				       GCP_FED_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_FED_WORKLOAD_IDENTITY_PROVIDER }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
@@ -264,7 +264,7 @@ jobs:
 
				       TFC_AZURE_SUBSCRIPTION_ID: ${{ secrets.TFC_AZURE_SUBSCRIPTION_ID }}
			
 
				       TFC_VAULT_URL: ${{ secrets.TFC_VAULT_URL }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -53,7 +53,7 @@ jobs:
 
				       GRAFANA_URL: ${{ secrets.GRAFANA_URL }}
			
 
				       GRAFANA_TOKEN: ${{ secrets.GRAFANA_TOKEN }}
			
 
				     steps:
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				 
			
@@ -105,7 +105,7 @@ jobs:
 
				       GRAFANA_URL: ${{ secrets.GRAFANA_URL }}
			
 
				       GRAFANA_TOKEN: ${{ secrets.GRAFANA_TOKEN }}
			
 
				     steps:
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				 
			
--- a/.github/workflows/helm.yml
+++ b/.github/workflows/helm.yml
@@ -16,7 +16,7 @@ jobs:
 
				     permissions:
			
 
				       contents: read
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
@@ -71,7 +71,7 @@ jobs:
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				       - name: Harden the runner (Audit all outbound calls)
			
 
				-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
--- a/.github/workflows/ok-to-test-managed.yml
+++ b/.github/workflows/ok-to-test-managed.yml
@@ -20,7 +20,7 @@ jobs:
 
				     # To create a new GitHub App:
			
 
				     #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
			
 
				     # See app.yml for an example app manifest
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				     - name: Generate token
			
--- a/.github/workflows/ok-to-test.yml
+++ b/.github/workflows/ok-to-test.yml
@@ -16,7 +16,7 @@ jobs:
 
				     # Only run for PRs, not issue comments
			
 
				     if: ${{ github.event.issue.pull_request }}
			
 
				     steps:
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				     # Generate a GitHub App installation access token from an App ID and private key
			
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -53,7 +53,7 @@ jobs:
 
				     outputs:
			
 
				       image-tag: ${{ steps.container_info.outputs.image-tag }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
@@ -159,7 +159,7 @@ jobs:
 
				       id-token: write #for keyless sign
			
 
				       packages: write #to update packages with added SBOMs.
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/rebuild-image.yml
+++ b/.github/workflows/rebuild-image.yml
@@ -19,7 +19,7 @@ jobs:
 
				       timestamp: ${{ steps.timestamp.outputs.timestamp }}
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,7 +26,7 @@ jobs:
 
				       contents: write # to create a release and push new docs
			
 
				     steps:
			
 
				       - name: Harden the runner (Audit all outbound calls)
			
 
				-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				 
			
@@ -110,7 +110,7 @@ jobs:
 
				       RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/release_esoctl.yml
+++ b/.github/workflows/release_esoctl.yml
@@ -24,7 +24,7 @@ jobs:
 
				     permissions:
			
 
				       contents: write # for publishing the release
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -20,7 +20,7 @@ jobs:
 
				       id-token: write
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: "Checkout code"
			
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -13,7 +13,7 @@ jobs:
 
				       pull-requests: write  # for actions/stale to close stale PRs
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
			
--- a/.github/workflows/update-deps.yml
+++ b/.github/workflows/update-deps.yml
@@ -20,7 +20,7 @@ jobs:
 
				       branches: ${{ steps.branches.outputs.branches }}
			
 
				 
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Checkout
			
@@ -42,7 +42,7 @@ jobs:
 
				       matrix:
			
 
				         branch: ${{ fromJson(needs.branches.outputs.branches) }}
			
 
				     steps:
			
 
				-    - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+    - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				       with:
			
 
				         egress-policy: audit
			
 
				 
			
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -24,7 +24,7 @@ jobs:
 
				     outputs:
			
 
				       noop: ${{ steps.noop.outputs.should_skip }}
			
 
				     steps:
			
 
				-      - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
			
 
				+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
			
 
				         with:
			
 
				           egress-policy: audit
			
 
				       - name: Detect No-op Changes