diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index eb1ca0ce8..9bf50dc6d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/contracts-testing.yml b/.github/workflows/contracts-testing.yml index 0bde272b7..3125a5928 100644 --- a/.github/workflows/contracts-testing.yml +++ b/.github/workflows/contracts-testing.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d90d99aea..061466052 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/deploy-bots.yml b/.github/workflows/deploy-bots.yml index 4794efaad..5e7a6b89e 100644 --- a/.github/workflows/deploy-bots.yml +++ b/.github/workflows/deploy-bots.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/deploy-subgraph.yml b/.github/workflows/deploy-subgraph.yml index ea0963dcc..95710e97c 100644 --- a/.github/workflows/deploy-subgraph.yml +++ b/.github/workflows/deploy-subgraph.yml @@ -35,7 +35,7 @@ jobs: environment: ${{ inputs.graph_environment }} steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fcb8916f4..3a20527f7 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/sentry-release.yml b/.github/workflows/sentry-release.yml index 3f6ae2d50..daafff46b 100644 --- a/.github/workflows/sentry-release.yml +++ b/.github/workflows/sentry-release.yml @@ -17,7 +17,7 @@ jobs: version: ${{ steps.set-version.outputs.version }} steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index bea307bb3..576c04906 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.10.3 with: egress-policy: audit