hedera-sdk-java
hedera-sdk-java copied to clipboard
hashgraph
chore(deps): bump step-security/harden-runner from 2.7.0 to 2.8.1
Bumps step-security/harden-runner from 2.7.0 to 2.8.1.
Release notes
Sourced from step-security/harden-runner's releases.
v2.8.1
What's Changed
- Bug fix: Update isGitHubHosted implementation by
@varunsh-coderin step-security/harden-runner#425 The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.8.1
v2.8.0
What's Changed
Release v2.8.0 by
@h0x0erand@varunsh-coderin step-security/harden-runner#416 This release includes:
- File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
- Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.
These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.
Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.8.0
v2.7.1
What's Changed
Release v2.7.1 by
@varunsh-coder,@h0x0er,@ashishkurmiin step-security/harden-runner#397 This release:
- Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
- Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
- Addresses minor bugs
Full Changelog: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1
Commits
17d0e2bMerge pull request #425 from step-security/rc-9bb112d0Update isGitHubHosted implementationf4f3f44Merge pull request #407 from step-security/dependabot/github_actions/actions/...7a946b5Bump actions/dependency-review-action from 3.1.3 to 4.3.275a01c2Merge pull request #417 from step-security/dependabot/github_actions/step-sec...53413f1Bump step-security/harden-runner from 2.7.1 to 2.8.0f086349Merge pull request #416 from step-security/rc-8b9c325dUpdate image808a771Add info about file and process events7171429Update agent- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot will merge this PR once CI passes on it, as requested by @jeromy-cannon.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}