Skip to content

ci: update action step-security/harden-runner from 8d3c67d to a5ad31d#15

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-tags/step-security-harden-runner-2.x
Open

ci: update action step-security/harden-runner from 8d3c67d to a5ad31d#15
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-tags/step-security-harden-runner-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jun 14, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence OpenSSF
step-security/harden-runner v2.19.0v2.19.1 age adoption passing confidence OpenSSF Scorecard

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.19.1

Compare Source

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers
If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added bot Bot involvement dependency Additions or changes involving dependency renovate Anything from renovatebot workflow Additions or changes involving workflow labels Jun 14, 2025
@renovate renovate Bot requested a review from codeismyid as a code owner June 14, 2025 08:01
@renovate renovate Bot added bot Bot involvement dependency Additions or changes involving dependency renovate Anything from renovatebot workflow Additions or changes involving workflow labels Jun 14, 2025
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jun 14, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from cdb6243 to 6d59a47 Compare July 6, 2025 16:04
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 002fdce ci: update action step-security/harden-runner from 0634a26 to 6c439dc Jul 6, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 6d59a47 to cfc10dc Compare July 27, 2025 07:54
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 6c439dc ci: update action step-security/harden-runner from 0634a26 to ec9f2d5 Jul 27, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from cfc10dc to 9bb9042 Compare September 10, 2025 16:15
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to ec9f2d5 ci: update action step-security/harden-runner from 0634a26 to f4a75cf Sep 10, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 9bb9042 to 7ed1e3f Compare November 9, 2025 08:14
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to f4a75cf ci: update action step-security/harden-runner from 0634a26 to 95d9a5d Nov 9, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 7ed1e3f to 02ab050 Compare December 2, 2025 12:13
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 95d9a5d ci: update action step-security/harden-runner from 0634a26 to df199fb Dec 2, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 02ab050 to df47a6e Compare December 10, 2025 07:05
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to df199fb ci: update action step-security/harden-runner from 0634a26 to 20cf305 Dec 10, 2025
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from df47a6e to 2e6ee46 Compare January 26, 2026 07:44
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 20cf305 ci: update action step-security/harden-runner from 0634a26 to e3f713f Jan 26, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 2e6ee46 to 775ae84 Compare February 7, 2026 04:16
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to e3f713f ci: update action step-security/harden-runner from 0634a26 to 5ef0c07 Feb 7, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 775ae84 to 9c19fbd Compare March 1, 2026 08:14
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 5ef0c07 ci: update action step-security/harden-runner from 0634a26 to a90bcbc Mar 1, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 9c19fbd to 8211047 Compare March 8, 2026 08:02
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to a90bcbc ci: update action step-security/harden-runner from 0634a26 to 58077d3 Mar 8, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 8211047 to 6c8632e Compare March 31, 2026 09:39
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 58077d3 ci: update action step-security/harden-runner from 0634a26 to fa2e9d6 Mar 31, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from 6c8632e to de7081a Compare April 15, 2026 13:56
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to fa2e9d6 ci: update action step-security/harden-runner from 0634a26 to 6c3c2f2 Apr 15, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch from de7081a to c87ba6a Compare April 30, 2026 17:40
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 6c3c2f2 ci: update action step-security/harden-runner from 0634a26 to 8d3c67d Apr 30, 2026
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 8d3c67d ci: update action step-security/harden-runner from 0634a26 to 8d3c67d - autoclosed Apr 30, 2026
@renovate renovate Bot closed this Apr 30, 2026
@renovate renovate Bot deleted the renovate/github-tags/step-security-harden-runner-2.x branch April 30, 2026 17:50
@renovate renovate Bot changed the title ci: update action step-security/harden-runner from 0634a26 to 8d3c67d - autoclosed ci: update action step-security/harden-runner from 8d3c67d to a5ad31d May 2, 2026
@renovate renovate Bot reopened this May 2, 2026
@renovate renovate Bot force-pushed the renovate/github-tags/step-security-harden-runner-2.x branch 2 times, most recently from c87ba6a to b65dde4 Compare May 2, 2026 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codeismyid codeismyid Awaiting requested review from codeismyid codeismyid is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bot Bot involvement dependency Additions or changes involving dependency renovate Anything from renovatebot workflow Additions or changes involving workflow

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter