Skip to content

build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2#9945

Open
dependabot[bot] wants to merge 1 commit intorelease-v1.0.xfrom
dependabot/github_actions/release-v1.0.x/step-security/harden-runner-2.12.2
Open

build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2#9945
dependabot[bot] wants to merge 1 commit intorelease-v1.0.xfrom
dependabot/github_actions/release-v1.0.x/step-security/harden-runner-2.12.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Bumps step-security/harden-runner from 2.12.0 to 2.12.2.

Release notes

Sourced from step-security/harden-runner's releases.

v2.12.2

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:

  • Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
  • Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

What's Changed

  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

Commits
  • 6c439dc Merge pull request #562 from step-security/rc-22
  • bf56886 update agent
  • 5436dac update agent
  • 88d305a update agent
  • b976878 update agent
  • 875cc92 Update agent
  • 002fdce Merge pull request #544 from step-security/rc-21
  • 2489e3f Merge branch 'main' into rc-21
  • 75dd441 Merge pull request #555 from step-security/dependabot/github_actions/step-sec...
  • 4381ace Bump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2
33654f1 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.0 to 2.12.2.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@0634a26...6c439dc)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Apr 30, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 30, 2026
@tekton-robot
Copy link
Copy Markdown
Collaborator

tekton-robot commented Apr 30, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign pritidesai after the PR has been reviewed.
You can assign the PR to them by writing /assign @pritidesai in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abayer abayer Awaiting requested review from abayer

@vdemeester vdemeester Awaiting requested review from vdemeester

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot