From c86ef2f43144a041ddb27aa854927781e5058061 Mon Sep 17 00:00:00 2001
From: Matt Raible <matt.raible@crowdstrike.com>
Date: Tue, 13 Jan 2026 14:07:15 -0700
Subject: [PATCH 1/2] Remove step-security/harden-runner from CI workflow

---
 .github/workflows/main.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 456cddb..b293a0c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -18,11 +18,6 @@ jobs:
     name: Test ${{ matrix.function }}
     runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
-        with:
-          egress-policy: audit
-
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
       - name: Setup Python
         uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548  # v6.1.0
@@ -63,11 +58,6 @@ jobs:
     name: Build UI
     runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
-        with:
-          egress-policy: audit
-
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
       - name: Setup Node
         uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f  # v6.1.0

From 6f77b59b4b26c7dccceda7d6b3830b0eed2ebb31 Mon Sep 17 00:00:00 2001
From: Matt Raible <matt.raible@crowdstrike.com>
Date: Tue, 13 Jan 2026 15:21:31 -0700
Subject: [PATCH 2/2] Update actions/setup-python to ProdSec-approved version

Change actions/setup-python SHA to the version approved by ProdSec for security compliance.
---
 .github/workflows/main.yml   | 2 +-
 .github/workflows/pylint.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b293a0c..c285cd3 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -20,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
       - name: Setup Python
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548  # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c  # v6.0.0
         with:
           python-version: '3.13'
           cache: 'pip'
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
index e9fcbe6..4a9d5b7 100644
--- a/.github/workflows/pylint.yml
+++ b/.github/workflows/pylint.yml
@@ -24,7 +24,7 @@ jobs:
 
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
       - name: Set up Python
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548  # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c  # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: Install global dependencies