Skip to content

ci(deps): bump step-security/harden-runner from 2.16.0 to 2.20.0#41

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.4
Open

ci(deps): bump step-security/harden-runner from 2.16.0 to 2.20.0#41
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps step-security/harden-runner from 2.16.0 to 2.20.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.20.0

What's Changed

  • Support for block policy for MacOS and Windows GitHub-hosted runners
  • Support for Bitrise MacOS GitHub Actions runners
  • HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0

v2.19.4

What's Changed

  • Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

... (truncated)

Commits
  • bf7454d Merge pull request #673 from step-security/fix/aggregate-error-startup-hang
  • 1188420 Update non-TLS agent to v0.16.2
  • 162cfea Update non-TLS agent to v0.16.1
  • eb9e1f4 Bring macOS runner updates from PR 674
  • 1a10b01 Update Windows agent to v1.0.7
  • 8b4a105 Apply npm audit fixes with release-age cooldown
  • 3626e03 Default TLS status check failures to enabled
  • 100e08b Update agent-ebpf to v1.8.12
  • 774f75f Update agent to v1.8.9
  • f312657 Extend missing-agent-dir guard to Linux and macOS cleanup paths
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
@github-actions github-actions Bot added bug Something isn't working ci documentation Improvements or additions to documentation security community labels Jun 29, 2026
@dependabot dependabot Bot changed the title ci(deps): bump step-security/harden-runner from 2.16.0 to 2.19.4 ci(deps): bump step-security/harden-runner from 2.16.0 to 2.20.0 Jul 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.19.4 branch 3 times, most recently from d58fef1 to ecf31ab Compare July 9, 2026 20:40
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.0 to 2.20.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@fa2e9d6...bf7454d)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.19.4 branch from ecf31ab to 3fd7bc3 Compare July 9, 2026 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working ci community dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation github_actions Pull requests that update GitHub Actions code security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants