Bump step-security/harden-runner from 2.11.1 to 2.12.2
Type: Pull Request
State: Open
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: Contributor
Comments: 0
(8 months ago)
(8 months ago)
dependencies github_actions
Bumps step-security/harden-runner from 2.11.1 to 2.12.2.
Release notes
Sourced from step-security/harden-runner's releases.
v2.12.2
What's Changed
Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:
- Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
- Increased policy map size for block mode
Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.12.2
v2.12.1
What's Changed
- Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
- Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.
Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.12.1
v2.12.0
What's Changed
A new option,
disable-sudo-and-containers, is now available to replace thedisable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.New detections have been added based on insights from the tj-actions and reviewdog actions incidents.
Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.12.0
Commits
6c439dcMerge pull request #562 from step-security/rc-22bf56886update agent5436dacupdate agent88d305aupdate agentb976878update agent875cc92Update agent002fdceMerge pull request #544 from step-security/rc-212489e3fMerge branch 'main' into rc-2175dd441Merge pull request #555 from step-security/dependabot/github_actions/step-sec...4381aceBump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
1
5
+5
-5
Package Dependencies
step-security/harden-runner
actions
2.11.1 → 2.12.2
Minor
Technical Details
| ID: | 2521309 |
| UUID: | 2629689433 |
| Node ID: | PR_kwDOANsh3M6cveBZ |
| Host: | GitHub |
| Repository: | errbit/errbit_github_plugin |
| Merge State: | Unknown |