Skip to content

(build deps): bump step-security/harden-runner from 2.19.4 to 2.20.0 in /.github/workflows#5024

Merged
mergify[bot] merged 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/step-security/harden-runner-2.20.0
Jul 7, 2026
Merged

(build deps): bump step-security/harden-runner from 2.19.4 to 2.20.0 in /.github/workflows#5024
mergify[bot] merged 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/step-security/harden-runner-2.20.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps step-security/harden-runner from 2.19.4 to 2.20.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.20.0

What's Changed

  • Support for block policy for MacOS and Windows GitHub-hosted runners
  • Support for Bitrise MacOS GitHub Actions runners
  • HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0

Commits
  • bf7454d Merge pull request #673 from step-security/fix/aggregate-error-startup-hang
  • 1188420 Update non-TLS agent to v0.16.2
  • 162cfea Update non-TLS agent to v0.16.1
  • eb9e1f4 Bring macOS runner updates from PR 674
  • 1a10b01 Update Windows agent to v1.0.7
  • 8b4a105 Apply npm audit fixes with release-age cooldown
  • 3626e03 Default TLS status check failures to enabled
  • 100e08b Update agent-ebpf to v1.8.12
  • 774f75f Update agent to v1.8.9
  • f312657 Extend missing-agent-dir guard to Linux and macOS cleanup paths
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.4 to 2.20.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@9af89fc...bf7454d)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 7, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 7, 2026

Copy link
Copy Markdown

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatic approval for Dependabot update.

@mergify mergify Bot added the queued label Jul 7, 2026
@mergify

mergify Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Merge Queue Status

  • Entered queue2026-07-07 12:32 UTC · Rule: default · triggered by rule Automatic merge and approval for Dependabot
  • Checks skipped · PR is already up-to-date
  • Merged2026-07-07 12:32 UTC · at 983907e2628a7031d51118c00b2d241fb8e02291 · merge

This pull request spent 12 seconds in the queue, including 2 seconds running CI.

Required conditions to merge
  • github-review-approved [🛡 GitHub repository ruleset rule main branch rule]
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/DotNet Format
    • check-neutral = @github-actions/DotNet Format
    • check-skipped = @github-actions/DotNet Format
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Release
    • check-neutral = @github-actions/Release
    • check-skipped = @github-actions/Release
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Build & Test (new-cli)
    • check-neutral = @github-actions/Build & Test (new-cli)
    • check-skipped = @github-actions/Build & Test (new-cli)
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Build & Package / macos-26
    • check-neutral = @github-actions/Build & Package / macos-26
    • check-skipped = @github-actions/Build & Package / macos-26
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Build & Package / ubuntu-24.04
    • check-neutral = @github-actions/Build & Package / ubuntu-24.04
    • check-skipped = @github-actions/Build & Package / ubuntu-24.04
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Build & Package / windows-2025-vs2026
    • check-neutral = @github-actions/Build & Package / windows-2025-vs2026
    • check-skipped = @github-actions/Build & Package / windows-2025-vs2026
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / macos-26 - net10.0
    • check-neutral = @github-actions/Test / macos-26 - net10.0
    • check-skipped = @github-actions/Test / macos-26 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / macos-26 - net8.0
    • check-neutral = @github-actions/Test / macos-26 - net8.0
    • check-skipped = @github-actions/Test / macos-26 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / macos-26 - net9.0
    • check-neutral = @github-actions/Test / macos-26 - net9.0
    • check-skipped = @github-actions/Test / macos-26 - net9.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / ubuntu-24.04 - net10.0
    • check-neutral = @github-actions/Test / ubuntu-24.04 - net10.0
    • check-skipped = @github-actions/Test / ubuntu-24.04 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / ubuntu-24.04 - net8.0
    • check-neutral = @github-actions/Test / ubuntu-24.04 - net8.0
    • check-skipped = @github-actions/Test / ubuntu-24.04 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / ubuntu-24.04 - net9.0
    • check-neutral = @github-actions/Test / ubuntu-24.04 - net9.0
    • check-skipped = @github-actions/Test / ubuntu-24.04 - net9.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / windows-2025-vs2026 - net10.0
    • check-neutral = @github-actions/Test / windows-2025-vs2026 - net10.0
    • check-skipped = @github-actions/Test / windows-2025-vs2026 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / windows-2025-vs2026 - net8.0
    • check-neutral = @github-actions/Test / windows-2025-vs2026 - net8.0
    • check-skipped = @github-actions/Test / windows-2025-vs2026 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @github-actions/Test / windows-2025-vs2026 - net9.0
    • check-neutral = @github-actions/Test / windows-2025-vs2026 - net9.0
    • check-skipped = @github-actions/Test / windows-2025-vs2026 - net9.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-neutral = Mergify Merge Protections
    • check-skipped = Mergify Merge Protections
    • check-success = Mergify Merge Protections
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = @sonarqubecloud/SonarCloud Code Analysis
    • check-neutral = @sonarqubecloud/SonarCloud Code Analysis
    • check-skipped = @sonarqubecloud/SonarCloud Code Analysis

@mergify
mergify Bot merged commit 20d6faf into main Jul 7, 2026
126 checks passed
@mergify
mergify Bot deleted the dependabot/github_actions/dot-github/workflows/step-security/harden-runner-2.20.0 branch July 7, 2026 12:32
@mergify mergify Bot removed the queued label Jul 7, 2026
@arturcic arturcic modified the milestones: 6.x, 6.8.2 Jul 10, 2026
This was referenced Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant